How to Install Varnish Reverse Proxy with Nginx on Ubuntu 16.04 LTS

Varnish is a proxy server focused on HTTP caching. It's designed as HTTP accelerator and can act as reverse proxy for your web server Apache or Nginx. Varnish has been used for high-profile and high-traffic websites, including Wikipedia, The Guardian, and the New York Times.

In this tutorial, I will show you how to install and configure varnish HTTP accelerator as a reverse proxy for Nginx web server. The real web server Nginx will run under non-standard HTTP port 8080. And Varnish will be running as the reverse proxy on HTTP port 80. For this guide, we will be using Ubuntu 16.04 server.

What we will do

  1. Install Nginx on Ubuntu 16.04
  2. Configure Nginx on Port 8080
  3. Install Varnish on Ubuntu 16.04
  4. Configure Varnish as a Reverse Proxy for Nginx
  5. Configure UFW Firewall
  6. Testing

Prerequisites

  • Ubuntu 16.04
  • Root Privileges

Step 1 - Install Nginx on Ubuntu 16.04

The first step we must do for this tutorial is to install Nginx to the system Ubuntu 16.04. In this step, we will install Nginx (it's available in the official Ubuntu repository), then start the service, and then enable it to launch every time at system boot.

Install Nginx from the Ubuntu repository using the apt command.

sudo apt install nginx -y

After the installation is complete, start Nginx and enable it to launch every time at system boot using the systemctl commands below.

systemctl start nginx
systemctl enable nginx

The Nginx web server is running on the default HTTP port - check it using netstat and make sure the HTTP port is used by Nginx.

netstat -plntu

Start nginx web server

Step 2 - Configure Nginx on Port 8080

In this step, we will configure nginx to run under non-standard HTTP port 8080. For this purpose, we need to edit virtual host files under 'sites-available' directory.

Go to the Nginx configuration directory and edit the 'default' virtual host file using vim.

cd /etc/nginx/
vim sites-available/default

Change 'listen' line value to 8080.

        listen 8080 default_server;
        listen [::]:8080 default_server;

Save and exit.

Now test the Nginx configuration and make sure there is no error. Then restart the service.

nginx -t
systemctl restart nginx

Now test nginx again using netstat, and make sure it's running on the non-standard HTTP port 8080.

netstat -plntu

Configure nginx to listen on port 8080

The Nginx web server has been installed, and it's now running on port 8080.

Step 3 - Install Varnish on Ubuntu 16.04

Now we need to install Varnish on the system. We can install the tool's latest version from the source. And for this guide, we will be installing varnish from the Ubuntu repository - Varnish v4.

Install varnish using the apt command below.

sudo apt install varnish -y

Now start varnish and enable it to launch at system boot using the systemctl commands below.

systemctl start varnish
systemctl enable varnish

By default, varnish will be using port 6081 for public access, and port 6082 for the varnish admin web interface. Check it using the netstat command, and make sure those ports are on the list.

netstat -plntu

Start and check varnish http cache

Varnish HTTP Accelerator has been installed.

Step 4 - Configure Varnish as a Reverse Proxy for Nginx

In this tutorial, we will be using Varnish as a reverse proxy for the Nginx web server. Varnish will be running on the HTTP port 80, and the Nginx web server on HTTP port 8080 (It's complete).

In this step, we will configure Varnish for Nginx, define the backend server, then change varnish to run under HTTP port 80.

Now go to the varnish configuration directory and edit the 'default.vcl' file.

cd /etc/varnish
vim default.vcl

On the backend line, define the configuration as below.

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

Save and exit.

Note:

  • .host = Backend web server address.
  • .port = The backed web server running on.

Configure varnish reverse proxy

The backend configuration has been completed.

Next, we need to configure Varnish to run under HTTP port 80. Go to the '/etc/default' directory and edit the varnish configuration file 'varnish'.

cd /etc/default/
vim varnish

On the 'DAEMON_OPTS' line, change the default port 6081 to HTTP port 80.

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Save and exit.

Now edit the varnish service file in the '/lib/systemd/system' directory. Go to the systemd system directory and edit the varnish.service file.

cd /lib/systemd/system
vim varnish.service

On the 'ExecStart' line, change the varnish port 6081 to HTTP port 80.

ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

Save and exit.

Reload the systemd configuration and restart varnish.

systemctl daemon-reload
systemctl restart varnish

Reload varnish

After the configuration is complete, check Varnish using netstat command below.

netstat -plntu

Make sure Varnish is running on HTTP port 80 as shown below.

Test varnish configuration

Varnish configuration as a reverse proxy for Nginx has been completed.

Step 5 - Configure UFW Firewall

The Ubuntu system comes with default human-readable firewall named 'UFW'. If you do not have the package, install them using the apt command below.

sudo apt install ufw

In this step, we will activate the firewall and open new ports for SSH, HTTP, and HTTPS.

Run the ufw commands below.

ufw allow ssh
ufw allow http
ufw allow https

Now activate the firewall and enable it to launch every time at boot time.

ufw enable

Type 'y' and press Enter to confirm.

Configure UFW firewall

UFW firewall is activated, and HTTP as well as HTTPS port is now accessible from the outside network.

Step 6 - Testing

- Testing using cURL

Testing varnish using the curl command, so we can see HTTP headers from the server.

curl -I hakase-labs.co

And you will get the HTTP Header result 'Via: 1.1 varnish-v4' as shown below.

Test connection with curl

- Testing using Web Browser

Open your web browser and type the following server URL or address. Mine is: http://hakase-labs.co

Make sure you get the Nginx default page as below.

Test with web browser

- Testing the Varnish Log

Varnish provides some commands for managing and viewing logs. We will be using 'varnishncsa' to get varnish access log.

varnishncsa

And you will get the result as shown below.

Check the logfile

Varnish installation and configuration as a reverse proxy for Nginx web server has been completed.

Reference

Share this page:

Suggested articles

2 Comment(s)

Add comment

Comments

From: Saif at: 2018-07-17 09:06:01

Varnish will be listening on port 80 for all http traffic. What for https traffic which listens on 443 port?

From: till at: 2018-07-17 09:28:52

Varnish dies not support HTTPS. HTTPS is served from nginx directly, which is already very fast.