[Ubuntu] Adding Varnish in front of Apache

Varnish Web Accelerator


What is Varnish?

Varnish is an open source 'Web Accelerator' that can help speed up your website. It has the ability to cache static elements, such as images or javascript. I can also be used for load balancing or web security.


Installing Varnish

Adding varnish is relatively easy to do it is recommended to add the varnish repo as this will ensure that you have the most recent version

curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -

echo "deb http://repo.varnish-cache.org/debian/ $(lsb_release -s -c) varnish-2.1" >> /etc/apt/sources.list

Update using apt and install varnish

apt-get update

apt-get install varnish

It is now installed it'd time to configure varnish the default varnish port needs to be modified.

vi /etc/default/varnish

Locate the line 'DAEMON_OPTS=' and change :6081 to :80 look for /etc/varnish/default.vcl and change default to something else in the example we will use site.vcl when you are done save the file.

Now we need to create site.vcl under /etc/varnish

vi /etc/varnish/site.vcl

enter the following

## Redirect requests to Apache, running on port 8000 on localhost

backend apache {

        .host = "";

        .port = "8000";


## Fetch

sub vcl_fetch {

        ## Remove the X-Forwarded-For header if it exists.

        remove req.http.X-Forwarded-For;


        ## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.

        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;

        ## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver

        if (req.url ~ "^/w00tw00t") {

                error 403 "Not permitted";


        ## Deliver the content




## Deliver

sub vcl_deliver {

        ## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.

              ## Since we're not caching (yet), why bother telling people we use it?

        remove resp.http.X-Varnish;

        remove resp.http.Via;

        remove resp.http.Age;


        ## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.

        remove resp.http.X-Powered-By;



Configuring Apache for Varnish

Now that varnish is installed and configured, we need to modify the ports of the vhost as well as apache2

vi /etc/apache2/ports.conf


NameVirtualHost *:80

Listen 80

to the following

NameVirtualHost *:8000


Now under each vhost file change

<VirtualHost *:80>


<VirtualHost *:8000>

Your vhosts are now configured to run with Varnish. For logging purposes we can install an added component RPAF which will replace the Varnish local ip of to the visitors address

apt-get install libapache2-mod-rpaf


Restarting Daemons and checking your Configuration

At this point Apache and Varnish are configured correct and we would need to restart each service

/etc/init.d/apache2 restart


/etc/init.d/varnish restart

You can check to see if each service is running on the correct ports using netstat

netstat -lp | grep apache2

tcp        0      0 localhost:8000          *:*                     LISTEN      6941/apache2

for Varnish

netstat -lp | grep varnish

tcp        0      0 *:www                   *:*                     LISTEN      21919/varnishd

tcp6       0      0 [::]:www                [::]:*                  LISTEN      21919/varnishd


Was this article helpful?
0 out of 0 found this helpful