How to install Varnish on cPanel server

In my previous post, I explained how to setup Nginx as a reverse proxy on a CentOS 7 server with cPanel installed. Now, I will explain how to install Varnish which will provide additional performance to the server and boost the site's page load time.

Varnish is an HTTP accelerator designed for content-heavy dynamic web sites as well as heavily consumed APIs. In contrast to other web accelerators, such as Squid, which began life as a client-side cache, or Apache and Nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. The main developers being Poul-Henning Kamp (https://en.wikipedia.org/wiki/Poul-Henning_Kamp) and Redpill-Linpro who are the founders of the Varnish Software licensed under a two-clause BSD license.

This tutorial will show you how to use the Varnish caching proxy on your server.

When you are done with this tutorial, the request handling on your server will look like this:

Browser --> Nginx --> Varnish --> Apache --> PHP

Nginx will still be the public-facing server because Nginx supports SSL and HTTP/2 and uses a more scalable asynchronous event-driven model. That is, Varnish will only be used for what it's best at: caching.

1) First, SSH into your server as the root user so we can install and configure the system. You can work from /root folder or any other you prefer.

2) Visit http://repo.varnish-cache.org/ and choose the proper version (for cPanel installed on CentOS 6 — Varnish 3.0.7 is optimal) if CentOS 7 then Varnish 4 can be installed (for example: http://repo.varnish-cache.org/redhat/varnish-4.0/el7/noarch/varnish-release/varnish-release-4.0-4.el7.noarch.rpm)

3) Make sure that EPEL repo is installed:
yum install epel-release –y (if you have followed my previous post then it is).

4) rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-4.0/el7/noarch/varnish-release/varnish-release-4.0-4.el7.noarch.rpm
(or whatever you choose from the Varnish repo site)

5) yum install varnish
(so we can get varnish installed)

6) After Varnish is successfully installed you can edit the /etc/sysconfig/varnish file if you want Varnish to run on a port other than 6081 (6082 for admin)

7) edit /etc/varnish/default.vcl file and adjust section:

backend default { .host = "x.x.x.x"; .port = "8080"; }

Note: adjust x.x.x.x with your server ip address to where Apache is listening.

At the end let's say what will be cached, in this case uncomment or add: sub vcl_recv { if (req.url ~ “.(png|gif|jpg|swf|css|js)$”) { return(lookup); } }

set req.http.X-Forwarded-For = client.ip;

}

sub vcl_fetch { if (req.url ~ “.(png|gif|jpg|swf|css|js)$”) { unset beresp.http.set-cookie; } }

Note: You can un-comment lines vclrecv { , sub vclpipe { , sub vclpass { , vclhash, vclhit and vclmiss if you wish additional things to be parsed.

At the end push: chkconfig varnish on && service varnish start

NOTE: Make sure that 6081 / 6082 is enabled within APF/CSF or whichever you choose. You can use varnishstat or varnishtop to check for next.

Also, you can use commands like :

lsof -i :6081

lsof -i :6082

To check if Varnish is listening and online.

8) Now you can adjust (if you are using nDeploy Nginx version) /etc/nginx/conf.d/defaultserver.conf file and add proxypass / upstream to listen to 6081 port. If you want Varnish to be stand alone move Apache to port 8080 and then put Varnish on 80 port. If you want to enable Varnish selectively for some sites, please adjust the configuration file for the website at /etc/nginx/sites-enabled folder.

That's all! Test your site using curl -I domain.com to see if Varnish will be displayed.

Additional issues which could happen: If you have an issue with the IP address not being logged well, please install mod_rpaf and make sure the following line is added :

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 127.0.0.1
RPAFheader X-Real-IP <--- From X-Forwarded-For to X-Real-IP

Restart Apache and that's all!

Sometimes you need to purge the Varnish cache. If you need to, please push the following on your server:
varnishadm -T 127.0.0.1:6082 -S /etc/varnish/secret “ban req.url ~ /”

I hope this article is useful for you guys. Thank you for referring to this. I would appreciate your valuable comments and suggestions on this for further improvements. In next article, I will write about Memcached which is used for MySQL query caching.