Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack


  • Service Provider

    Varnish Cache is a free, open source web cache and accelerator that is often used to sit in front of an application server such as Apache. Varnish can dramatically speed up web pages when you are dealing with any scale.

    If you are starting with a LAMP configuration such as mine that I did recently via SaltStack then we just need to make some adjustments to add Varnish support to our state.

    First we need to add Varnish handling to our LAMP init.sls file (or to a separate Varnish state):

    /etc/httpd/conf/httpd.conf:
      file.managed:
        - source:
          - salt://lamp/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
    
    /etc/varnish/varnish.params:
      file.managed:
        - source:
          - salt://lamp/files/varnish.params
        - user: root
        - group: root
        - mode: 644
    
    varnish:
      pkg.installed: []
      service.running:
        - enable: True
        - require:
          - pkg: varnish
    

    You will notice that we added to our state file a reference to the varnish.params file. This is the configuration for the Varnish server. So we need to create the file /srv/salt/lamp/files/varnish.params with the following contents:

    # Set this to 1 to make systemd reload try to switch VCL without restart.
    RELOAD_VCL=1
    
    # Main configuration file. You probably want to change it.
    VARNISH_VCL_CONF=/etc/varnish/default.vcl
    
    VARNISH_LISTEN_PORT=80
    
    # Admin interface listen address and port
    VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
    VARNISH_ADMIN_LISTEN_PORT=6082
    
    # Shared secret file for admin interface
    VARNISH_SECRET_FILE=/etc/varnish/secret
    
    # Backend storage specification, see Storage Types in the varnishd(5)
    # man page for details.
    VARNISH_STORAGE="malloc,256M"
    
    # User and group for the varnishd worker processes
    VARNISH_USER=varnish
    VARNISH_GROUP=varnish
    

    Now you will also notice that we are including a copy of the Apache configuration file now that we did not before. That is because we want Varnish to listen on port 80 instead of Apache and Varnish will listen to Apache. So we need to adjust Apache to run on port 8080. We did not configure Varnish for this because it looks to port 8080 by default for its source data.

    So now we save this file as **/srv/salt/lamp/files/httpd.conf

    ServerRoot "/etc/httpd"
    Listen 8080
    Include conf.modules.d/*.conf
    User apache
    Group apache
    ServerAdmin [email protected]
    <Directory />
        AllowOverride none
        Require all denied
    </Directory>
    DocumentRoot "/var/www/html"
    <Directory "/var/www">
        AllowOverride None
        Require all granted
    </Directory>
    <Directory "/var/www/html">
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    <IfModule dir_module>
        DirectoryIndex index.html
    </IfModule>
    <Files ".ht*">
        Require all denied
    </Files>
    ErrorLog "logs/error_log"
    LogLevel warn
    <IfModule log_config_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        <IfModule logio_module>
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
        CustomLog "logs/access_log" combined
    </IfModule>
    <IfModule alias_module>
        ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
    </IfModule>
    <Directory "/var/www/cgi-bin">
        AllowOverride None
        Options None
        Require all granted
    </Directory>
    <IfModule mime_module>
        TypesConfig /etc/mime.types
        AddType application/x-compress .Z
        AddType application/x-gzip .gz .tgz
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
    </IfModule>
    AddDefaultCharset UTF-8
    <IfModule mime_magic_module>
        MIMEMagicFile conf/magic
    </IfModule>
    EnableSendfile on
    IncludeOptional conf.d/*.conf
    

    That should do it. Restart your httpd and varnish services and Apache should be listening on port 8080 and Varnish on port 80. Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.



  • @scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

    Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.

    That's unfortunate :-/ I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?


  • Service Provider

    @aaronstuder said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

    @scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

    Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.

    That's unfortunate :-/ I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?

    It just means that an SSL layer has to be in front of it. Nginx is used on most platforms to handle SSL.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.