Varnish Web Accelerator
What is Varnish?
Varnish is an open source 'Web Accelerator' that can help speed up your website. It has the ability to cache static elements, such as images or javascript. I can also be used for load balancing or web security.
Installing Varnish
Adding varnish is relatively easy to do it is recommended to add the varnish repo as this will ensure that you have the most recent version
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo "deb http://repo.varnish-cache.org/debian/ $(lsb_release -s -c) varnish-2.1" >> /etc/apt/sources.list
Update using apt and install varnish
apt-get update
apt-get install varnish
It is now installed it'd time to configure varnish the default varnish port needs to be modified.
vi /etc/default/varnish
Locate the line 'DAEMON_OPTS=' and change :6081 to :80 look for /etc/varnish/default.vcl and change default to something else in the example we will use site.vcl when you are done save the file.
Now we need to create site.vcl under /etc/varnish
vi /etc/varnish/site.vcl
enter the following
## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
.host = "127.0.0.1";
.port = "8000";
}
## Fetch
sub vcl_fetch {
## Remove the X-Forwarded-For header if it exists.
remove req.http.X-Forwarded-For;
## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
if (req.url ~ "^/w00tw00t") {
error 403 "Not permitted";
}
## Deliver the content
return(deliver);
}
## Deliver
sub vcl_deliver {
## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
## Since we're not caching (yet), why bother telling people we use it?
remove resp.http.X-Varnish;
remove resp.http.Via;
remove resp.http.Age;
## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
remove resp.http.X-Powered-By;
}
Configuring Apache for Varnish
Now that varnish is installed and configured, we need to modify the ports of the vhost as well as apache2
vi /etc/apache2/ports.conf
Change
NameVirtualHost *:80
Listen 80
to the following
NameVirtualHost *:8000
Listen 127.0.0.1:8000
Now under each vhost file change
<VirtualHost *:80>
to
<VirtualHost *:8000>
Your vhosts are now configured to run with Varnish. For logging purposes we can install an added component RPAF which will replace the Varnish local ip of 127.0.0.1 to the visitors address
apt-get install libapache2-mod-rpaf
Restarting Daemons and checking your Configuration
At this point Apache and Varnish are configured correct and we would need to restart each service
/etc/init.d/apache2 restart
/etc/init.d/varnish restart
You can check to see if each service is running on the correct ports using netstat
netstat -lp | grep apache2
tcp 0 0 localhost:8000 *:* LISTEN 6941/apache2
for Varnish
netstat -lp | grep varnish
tcp 0 0 *:www *:* LISTEN 21919/varnishd
tcp6 0 0 [::]:www [::]:* LISTEN 21919/varnishd