How to speed up Apache with Varnish HTTP cache on Ubuntu 16.04 LTS

Varnish is a proxy server focused on HTTP caching. It's designed as an HTTP accelerator, and can act as a reverse proxy for your web server (Apache or Nginx). Varnish has been used for high-profile and high-traffic websites, including Wikipedia, The Guardian, and The New York Times.

In this tutorial, we will show you how to install and configure the Varnish HTTP accelerator as a reverse proxy for the Apache web server. The real web server Apache will run under non-standard HTTP port (running on port 8080). And Varnish will be running as the reverse proxy on HTTP port 80. For this guide, we will be using the Ubuntu 16.04 server.

What we will do

  1. Install Apache Web server
  2. Change Apache Default Port
  3. Install Varnish
  4. Configure Varnish
  5. Test the setup

Prerequisites

  • Ubuntu 16.04
  • Root privileges

Step 1 - Install Apache Web server

To start off, install the Apache web server. By default, it's available in the Ubuntu repository.

Update the Ubuntu repository and then install Apache using the apt command.

sudo apt update
sudo apt install -y apache2

After the installation is complete, start the Apache service and enable it to run automatically at system boot time using the following systemctl commands.

systemctl start apache2
systemctl enable apache2

Install Apache web server

The Apache web server has been installed.

Next, in order to allow everyone access to the web server, we must allow HTTP and HTTPS on our firewall rule. By default, Ubuntu comes with a firewall package named UFW.

Open new SSH, HTTP and HTTPS ports using the following ufw commands.

ufw allow ssh
ufw allow http
ufw allow https

Now start the firewall service and enable it to launch automatically at system boot.

ufw enable

Type 'y' and press Enter to confirm.

Configure the Firewall

New ports for http, https, and ssh have been opened, and are accessible from outside of the network.

If you want to test the Apache web server, you can use the netstat command and make sure apache is running under port 80.

netstat -plntu

Or you can use the following curl command.

curl -I hakase-labs.co

You should get the result as shown below.

Test apache server

Step 2 - Change Apache Default Port

In this tutorial, we will be using Apache as the backend server, and it will not run under the standard http port 80. The Apache web server will be running on port 8080 as backend, and the standard http port 80 will be used by 'Varnish'.

To change the default apache port, we need to edit the apache configuration 'ports.conf' and all of the virtual host configuration under the 'sites-available' directory.

Go to the Apache configuration directory.

cd /etc/apache2

Replace port '80' with '8080' in the Apache configuration 'ports.conf' and all virtual host files under the 'sites-available' directory. We can do that by running the following sed commands.

sed -i -e 's/80/8080/g' ports.conf
sed -i -e 's/80/8080/g' sites-available/*

Next, test the Apache configuration and make sure there is no error, then restart the Apache service.

apachectl configtest
systemctl restart apache2

Reconfigure apache for different port

Now Apache is running under http port '8080', check it using the netstat command as shown below.

netstat -plntu

Make sure you have the result as below.

Check apache port

So you can see the Apache web server is running on port '8080'.

Step 3 - Install Varnish HTTP Accelerator

In this step, we will be installing Varnish from the Ubuntu repository. And for this guide, we will be using varnish 4.

Install varnish using the following apt command.

sudo apt install -y varnish

After the installation is complete, start Varnish and enable it to launch automatically at system boot.

systemctl start varnish
systemctl enable varnish

Install varnish

Varnish has been installed on the Ubuntu 16.04 system.

By default, it's running under ports '6081' for public address and '6082' for localhost address. Check it using netstat command below.

netstat -plntu

And you will get the default varnish port.

Check varnish

Step 4 - Configure Varnish as a Reverse Proxy for Apache

In this step, we will configure varnish on the front of the Apache web server. Varnish will be running under http port 80, and every request from clients will be handled by it, before being sent to the Apache web server running on port 8080.

- Backend Configuration

Go to the 'varnish' configuration directory and backup the default file 'default.vcl'.

cd /etc/varnish/
cp default.vcl default.vcl.aseli

Edit the varnish configuration 'default.vcl' using the vim editor.

vim default.vcl

Define the 'backend' configuration on line 16. The backend for our setup is Apache, and it's' running on port 8080. So the varnish configuration for our apache setup should be the following:

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

Varnish configuration

Save and exit.

- Running Varnish on Port 80

Next, we need to change the default varnish ports. The default ports for varnish is '6081' and '6082', and we need to change the port to the http port 80 (only for public address).

Edit the varnish parameter configuration in '/etc/default' directory.

cd /etc/default/
vim varnish

Edit the 'DAEMON_OPTS' line, change the default port '6081' for public address with standard http port '80' as shown below.

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Run varnish on port 80

Save and exit.

Next, we need to edit the varnish service file 'varnish.service'. Go to the '/lib/systemd/system' directory and edit the service file using vim.

cd /lib/systemd/system/
vim varnish.service

On the 'ExecStart' line, change the varnish start command as below.

ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

Save and exit.

Reload the systemd service configuration and then restart varnish.

systemctl daemon-reload
systemctl restart varnish

Now check varnish and make sure it's running on the http port 80.

netstat -plntu

Check ports and services

So Varnish is now running under http port 80 as front-end for Apache web server, which is on port 8080.

Step 5 - Testing

Test using the curl command.

curl -I hakase-labs.co

Make sure you get the http header as shown below.

Test http access

Checking from web browser, the URL of my test server is: http://hakase-labs.co/. Choose your server URL here.

And we still get Apache contents.

Apache test page

Check the varnish log using the 'varnishncsa' command.

varnishncsa

And we get log just from the Apache access log.

Apache access log

Varnish installation and configuration for the Apache web server has been completed.

Reference

Share this page:

Suggested articles

5 Comment(s)

Add comment

Comments

By: fat_mike at: 2018-11-13 04:05:16

 "sed -i -e 's/80/8080/g' ports.conf

sed -i -e 's/80/8080/g' sites-available/*"

This commands are totally crazy. Replace 80 with 8080 in every occurance...

By: till at: 2018-11-13 10:10:53

I agree that the author of the article should have made the sed statements a bit more precise. But unless you use domain names like mydomain80.tld, then the commands should be ok as all occurrences of port 80 must be replaced with 8080 as varnish will be listening on port 80 and Apache on 8080.

By: fat_mike at: 2018-11-13 16:14:56

Sadly there are more occurances than ports in sites-available folder.

For example if you have installed ISPconfig 3+ there are a lot of 80 occurances that I think shouldn't be replaced and don't make any sense. A newbie will end up with a broken apache configuration.

apps.vhost

Listen 8081 becomes Listen 808081

 

ipsconfig.vhost

Listen 8080 becomes Listen 80808080

VirtualHost _default_:8080 becomes VirtualHost _default_:80808080

Header always add Strict-Transport-Security "max-age=15768000" becomes  Header always add Strict-Transport-Security "max-age=1576808000"

SSLStaplingCache shmcb:/var/run/ocsp(128000) becomes SSLStaplingCache shmcb:/var/run/ocsp(12808000)

 

The Alias of php fcgi change in all of the vhosts you have enabled.

Any 80 occurance will become 8080. You see where I going with that?

 

Kind Regards

 

By: till at: 2018-11-13 17:12:06

This tutorial is not intended to be installed on an ISPConfig server. The guide assumes that you start from an empty Ubuntu system.

By: fat_mike at: 2018-11-13 19:02:24

OK.

Just letting people know that these commands:

"sed -i -e 's/80/8080/g' ports.conf

sed -i -e 's/80/8080/g' sites-available/*"

will replace every occurance of 80 with 8080 (not just the ones that reffering to ports) which is not a good practice.