Varnish is an HTTP accelerator designed for content-heavy dynamic web sites. In contrast to other web accelerators, such as Squid, which began life as a client-side cache, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. Varnish is focused exclusively on HTTP, unlike other proxy servers that often support FTP, SMTP and other network protocols.

Install Apache Server

The first step to take will be to install the Apache server on the server, and for that, we will first update the system packages by executing the following:

sudo apt update

Once updated, we proceed to the installation of Apache2 by running the following line:

sudo apt install -y apache2

Once installed Apache in Ubuntu 17, we proceed to execute the following commands:

systemctl start apache2 (Start the Apache service)
systemctl enable apache2 (Enables Apache to be run at the start of Ubuntu)

With this process, we have installed the Apache web server.

Configure Firewall Permissions

Now, it will be necessary to allow the HTTP and HTTPS protocols in our firewall rule and by default, Ubuntu has a firewall package called UFW and it is disabled, for its activation we execute the following line:

sudo ufw enable

Once enabled, we execute the following lines in order to grant permission to the indicated protocols:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

With these ports added access from outside the network will be possible.

If we want to validate the Apache web server, we can use the netstat command and verify that Apache runs under port 80:

netstat -plntu

Or, execute the following:

curl -I localhost

Step 3: Edit Default Port of Apache

One option that we have when using Apache, is that it is used as a backend and therefore does not run with the known and defined default port 80, therefore, if we want to edit the Apache port, we must access the ports file. conf and configuration of the virtual host in the sites-available directory.

First of all we access the Apache directory:

cd /etc/apache2

We will replace port 80 by 8080 in the Apache ports.conf configuration and all the virtual host files in the sites-available directory, this will be possible by executing the following sed commands:

sed -i -e 's/80/8080/g' ports.confsed -i -e 's/80/8080/g' sites-available/*

Or if we want, directly access the file with the desired editor:

nano ports.conf

There, edit the new port:

Save the changes using the Ctrl + O keys and we exit using Ctrl + X.

We can validate that the Apache syntax does not contain errors by executing the following commands:

apachectl configtest
systemctl restart apache2

Now, we check that Apache has defined the new 8080 port as the listener by executing the netstat -plntu line.

 

Step 4: Install Varnish

The time has come to install the Varnish utility in Ubuntu and for this we execute the following line:

sudo apt install -y varnish

Once the installation process is finished, we execute the following lines:

systemctl start varnish (Start Varnish service)
systemctl enable varnish

By default, Varnish runs with ports 6081 for the public IP address and 6082 for the local server address, we can check it using the netstat command:

netstat -plntu

Step 5: Configure Varnish as Reverse Proxy for Apache

At this point, Varnish will be executed on port 80, and each client request will be handled by it, before being sent to the Apache web server that is being executed on port 8080.

Backend configuration:

For this, we will go to the Varnish directory

cd /etc/varnish/

Now, we will create a backup of the default.vcl directory:

cp default.vcl default.vcl.aseli

Now we access the directory using the desired editor:

sudo nano default.vcl

Once we access it, we must define the back-end configuration on line 16. The backend for this Apache case must be running on port 8080.

The lines must have the following structure:

backend default { .host = "127.0.0.1"; .port = "8080"; }

We can save the changes using the Ctrl + O keys and exit the editor using Ctrl + X.

Step 6: Run Varnish on Port 80

The next step is to change the default Varnish ports.

The default ports of the application are 6081 and 6082, and it will be necessary to change the port to the HTTP port 80 (only for the public address).

In this case we will use the following lines:

cd /etc/default/
sudo nano varnish

In this file we will place the line DAEMON_OPTS and we will edit port 6081 by 80, being as follows:

DAEMON_OPTS="-a :80  -T localhost:6082  -f /etc/varnish/default.vcl  -S /etc/varnish/secret  -s malloc,256m"

We save the changes and leave the editor. Next, we will edit the Varnish service file called barnish.service.

For this we will go to the / lib / systemd / system directory and edit the service file using the desired editor:

cd /lib/systemd/system/sudo nano varnish.service

There we will go to the ExecStart line and edit the port 6081 by 80, leaving the line in this way:

ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

Save the changes and leave the editor.

We proceed to recharge the Varnish services for the changes to be applied:

systemctl daemon-reload
systemctl restart varnish

We can validate that Varnish is running on port 80:

netstat -plntu

Step 7: Validate Varnish

We can perform the validation by executing the following line:

curl -I localhost

We can access from a browser using the IP address of the server to verify that Apache is correctly installed:

http://IP_Address

Finally, if we want to review the Varnish events, we execute the following line:

Varnishncsa

We have seen how Varnish is a useful tool to increase the speed of our Apache server and thus access much faster web elements hosted there.