Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack
-
Varnish Cache is a free, open source web cache and accelerator that is often used to sit in front of an application server such as Apache. Varnish can dramatically speed up web pages when you are dealing with any scale.
If you are starting with a LAMP configuration such as mine that I did recently via SaltStack then we just need to make some adjustments to add Varnish support to our state.
First we need to add Varnish handling to our LAMP init.sls file (or to a separate Varnish state):
/etc/httpd/conf/httpd.conf: file.managed: - source: - salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 /etc/varnish/varnish.params: file.managed: - source: - salt://lamp/files/varnish.params - user: root - group: root - mode: 644 varnish: pkg.installed: [] service.running: - enable: True - require: - pkg: varnish
You will notice that we added to our state file a reference to the varnish.params file. This is the configuration for the Varnish server. So we need to create the file /srv/salt/lamp/files/varnish.params with the following contents:
# Set this to 1 to make systemd reload try to switch VCL without restart. RELOAD_VCL=1 # Main configuration file. You probably want to change it. VARNISH_VCL_CONF=/etc/varnish/default.vcl VARNISH_LISTEN_PORT=80 # Admin interface listen address and port VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 VARNISH_ADMIN_LISTEN_PORT=6082 # Shared secret file for admin interface VARNISH_SECRET_FILE=/etc/varnish/secret # Backend storage specification, see Storage Types in the varnishd(5) # man page for details. VARNISH_STORAGE="malloc,256M" # User and group for the varnishd worker processes VARNISH_USER=varnish VARNISH_GROUP=varnish
Now you will also notice that we are including a copy of the Apache configuration file now that we did not before. That is because we want Varnish to listen on port 80 instead of Apache and Varnish will listen to Apache. So we need to adjust Apache to run on port 8080. We did not configure Varnish for this because it looks to port 8080 by default for its source data.
So now we save this file as **/srv/salt/lamp/files/httpd.conf
ServerRoot "/etc/httpd" Listen 8080 Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot "/var/www/html" <Directory "/var/www"> AllowOverride None Require all granted </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf
That should do it. Restart your httpd and varnish services and Apache should be listening on port 8080 and Varnish on port 80. Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.
-
@scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:
Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.
That's unfortunate I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?
-
@aaronstuder said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:
@scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:
Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.
That's unfortunate I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?
It just means that an SSL layer has to be in front of it. Nginx is used on most platforms to handle SSL.