ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack

    IT Discussion
    varnish cache web server lamp linux apache salt saltstack fedora fedora 25 state file
    2
    3
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Varnish Cache is a free, open source web cache and accelerator that is often used to sit in front of an application server such as Apache. Varnish can dramatically speed up web pages when you are dealing with any scale.

      If you are starting with a LAMP configuration such as mine that I did recently via SaltStack then we just need to make some adjustments to add Varnish support to our state.

      First we need to add Varnish handling to our LAMP init.sls file (or to a separate Varnish state):

      /etc/httpd/conf/httpd.conf:
  file.managed:
    - source:
      - salt://lamp/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

/etc/varnish/varnish.params:
  file.managed:
    - source:
      - salt://lamp/files/varnish.params
    - user: root
    - group: root
    - mode: 644

varnish:
  pkg.installed: []
  service.running:
    - enable: True
    - require:
      - pkg: varnish

      You will notice that we added to our state file a reference to the varnish.params file. This is the configuration for the Varnish server. So we need to create the file /srv/salt/lamp/files/varnish.params with the following contents:

      # Set this to 1 to make systemd reload try to switch VCL without restart.
RELOAD_VCL=1

# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl

VARNISH_LISTEN_PORT=80

# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082

# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret

# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
VARNISH_STORAGE="malloc,256M"

# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish

      Now you will also notice that we are including a copy of the Apache configuration file now that we did not before. That is because we want Varnish to listen on port 80 instead of Apache and Varnish will listen to Apache. So we need to adjust Apache to run on port 8080. We did not configure Varnish for this because it looks to port 8080 by default for its source data.

      So now we save this file as **/srv/salt/lamp/files/httpd.conf

      ServerRoot "/etc/httpd"
Listen 8080
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf

      That should do it. Restart your httpd and varnish services and Apache should be listening on port 8080 and Varnish on port 80. Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.

      A 1 Reply Last reply Reply Quote 2
      • A
        Alex Sage @scottalanmiller
        last edited by

        @scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

        Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.

        That's unfortunate 😕 I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Alex Sage
          last edited by

          @aaronstuder said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

          @scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

          Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.

          That's unfortunate 😕 I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?

          It just means that an SSL layer has to be in front of it. Nginx is used on most platforms to handle SSL.

          1 Reply Last reply Reply Quote 1
          • 1 / 1
          • First post
            Last post