CONTENTS
Introduction
The easiest way to install Varnish on Ubuntu is by using Varnish official packages. These packages are hosted on Packagecloud and are also available for other Linux distributions.
Step 1 - Choosing the right Varnish version
We advise that you install Varnish Cache 6.0 LTS, which is the stable and supported version of Varnish. It is maintained by Varnish Software and receives frequent updates.
The Varnish Cache community does two releases per year, which are considered fresh releases. These releases are primarily featured-based and do not guarantee backward compatibility. Bugs are also fixed in these releases.
In this tutorial we’ll be installing Varnish Cache 6.0 LTS. If you want to install a fresh release, please find the right packages on Packagecloud
Step 2 - Register the package repository
Before we can install Varnish, we need to register the right package repository, otherwise the Varnish version of your Linux distribution’s packages might be installed. Also we assume that you work with a sudo user.
Run the following commands to register the official Varnish Cache 6.0 LTS repository:
sudo apt update
This command updates the package list to get information on the latest available packages. Then run the following command:
sudo apt-get install debian-archive-keyring curl gnupg apt-transport-https
This command will install the dependencies that are needed to configure the package repository.
Next command will import the GPG key into the package manager configuration:
curl -s -L https://packagecloud.io/varnishcache/varnish60lts/gpgkey | sudo apt-key add -
Now that the dependencies are in place, we can register the package repository:
. /etc/os-release
sudo tee /etc/apt/sources.list.d/varnishcache_varnish60lts.list > /dev/null /dev/null
Finally, we have to update the package list once again. This will ensure the Packagecloud repository is included:
sudo apt-get update
Step 3 - Install Varnish
Now that the repositories are registered and the right repository preferences are configured, you can install Varnish by running the following command:
sudo apt-get install varnish
With this command will install the latest version of Varnish Cache 6.0 LTS.
Step 4 - Configure Varnish
After installing Varnish, you will need to configure some runtime parameters for the
varnishd
runtime process.
Systemd configuration
The
varnishd
process is managed by
systemd
and has a unit file in
/lib/systemd/system/varnish.service
as illustrated below:
[Unit]
Description=Varnish Cache, a high-performance HTTP accelerator
After=network-online.target nss-lookup.target
[Service]
Type=forking
KillMode=process
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory - should suffice to lock the shared memory log
# (varnishd -l argument)
# Default log size is 80MB vsl + 1M vsm + header -> 82MB
# unit is bytes
LimitMEMLOCK=85983232
# Enable this to avoid "fork failed" on reload.
TasksMax=infinity
# Maximum size of the corefile.
LimitCORE=infinity
ExecStart=/usr/sbin/varnishd \
-a :6081 \
-a localhost:8443,PROXY \
-p feature=+http2 \
-f /etc/varnish/default.vcl \
-s malloc,256m
ExecReload=/usr/sbin/varnishreload
[Install]
WantedBy=multi-user.target
If you want to override some of the runtime parameters in the
varnish.service
file, you can run the following command:
sudo systemctl edit --full varnish
An editor will open in which you can edit the unit file. The content in the file comes from
/lib/systemd/system/varnish.service
.
After performing the changes, make sure you save the file and exit the editor. As a result the
/etc/systemd/system/varnish.service
file will be created containing the modified unit file.
After modifying that file, you have to reload the Systemd daemon by running the following command:
sudo systemctl daemon-reload
Modifying the listening port and cache size
Based on the
varnish.service
unit file above, you can see that the default Varnish runtime configuration is very conservative: the standard listening port is set to
6081
.
We’ll change this to port
80
. We’ll also increase the size of the cache to two gigabytes.
After having applied the configuration changes, the
ExecStart
statement now looks like this:
ExecStart=/usr/sbin/varnishd \
-a :80 \
-a localhost:8443,PROXY \
-p feature=+http2 \
-f /etc/varnish/default.vcl \
-s malloc,2g
Don’t forget to run
sudo systemctl daemon-reload
when manually changing the unit file.
Step 5 - Configure the web server to work with Varnish
Now that Varnish is configured to listen on port
80
, your web server will have to be reconfigured and listen on an alternative port. The most common alternative port for HTTP is port
8080
Below you will find instructions on how to do this for some common web servers, such as Apache and Nginx. Note that the instructions here assume the web servers are running with a default setup. If your existing web server setup has a custom configuration, the steps outlined may have to be tweaked.
Apache
If you’re using Apache, you have replace the listen port value in
/etc/apache2/ports.conf
from
Listen 80
to
Listen 8080
. You also need to replace
<VirtualHost *:80>
with
<VirtualHost *:8080>
in all virtual host files.
The following command will take care of that for all
.conf
files in the
/etc/httpd
folder, including its subfolders:
sudo find /etc/apache2 -name '*.conf' -exec sed -r -i 's/\bListen 80\b/Listen 8080/g; s/<virtualhost>/<virtualhost>/g' {} ';'
</virtualhost></virtualhost>
Nginx
If you’re using Nginx, it’s simply a matter of modifying the listening port in the various virtual host configurations.
The following command will replace
listen 80;
with
listen 8080;
in all virtual host files:
sudo find /etc/nginx -name '*.conf' -exec sed -r -i 's/\blisten ([^:]+:)?80\b([^;]*);/listen \18080\2;/g' {} ';'
With this command you will replace
listen 80;
with
listen 8080;
in all
.conf
files in the
/etc/nginx/
folder and all of its subfolders.
Step 6 - VCL backend configuration
Now that we’ve changed the listening port of the origin web server to
8080
, this change needs to be reflected in the backend definition of your VCL file.
Luckily the standard VCL file that is part of the Varnish installation already has a default backend definition that points to
127.0.0.1
on port
8080
.
The default VCL file is located in
/etc/varnish/default.vcl
on your system and contains the following backend definition:
# VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
vcl 4.1;
import std;
# The minimal Varnish version is 6.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'HTTP-SSL-OFFLOADED: https'
backend default {
.host = "localhost";
.port = "8080";
}
Step 7 - Restart services
We have made some changes to various configuration files. For these changes to take effect, we need to restart Varnish and your web server.
Apache
Run the following command if your web server is running Apache:
sudo systemctl restart apache2 varnish
Nginx
Run the following command if your web server is running Nginx:
sudo systemctl restart nginx varnish
