Ceci est une ancienne révision du document !
If you operate a web server, pay attention. This article will help you accelerate your page loads and provide you with a more secure network. Varnish is a state of the art web application accelerator. You can operate Varnish on the localhost or use a dedicated box. Varnish is extremely efficient at its job because it was built specifically to cache web requests. Unlike Squid and others, Varnish has one job, which it does very well - cache.
All requests are passed through the Varnish Configuration Language or regular expressions (regex). Varnish Web Cache uses the highly flexible Perl Compatible Regular Expressions (PCRE) regex, which is currently found in high profile projects such as Apache, PHP, KDE, Postfix, Analog, and Nmap. The default configuration is generally enough to get you going with a basic HTML/CSS driven website. However, if you operate a Content Management Driven site, or anything with Cookies, you will need to do some tweaking so that you are not caching cookies during login.
Installing Varnish on Ubuntu
As of this writing, the current Varnish release is 3.0.2. The Ubuntu apt-get repo contains the Varnish package, however I would strongly recommend using the latest stable release at http://varnish-cache.org. Below are 4 simple commands to input through Terminal, which will add the Varnish GPG key, add the Varnish software repository, and install the latest software version.
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo “deb http://repo.varnish-cache.org/debian/ $(lsb_release -s -c) varnish-3.0” » /etc/apt/sources.list.d/varnish.list
apt-get update
apt-get install varnish
Configuring /etc/default/varnish
The varnish file tells the software how it should store cached files, (Malloc or File), which port to connect with, and other primary details. When you first install Varnish, you will need to edit this file and change line 4 from “START=no” to “START=yes” to enable your cache. All of the default values are generally acceptable. The primary component of your configuration in the varnish file includes the information shown in the box below.
The primary configuration options include: -a (Varnish listen port (i.e. the port that the public will use to access content - should be port 80)) -T (admin listen port) -f (VCL configuration file location) -S (the secret password file (by default, a secret file is generated in /etc/varnish/)) -s (malloc or file cache storage).
File or Malloc Cache Storage
File storage configures the cache to place less used cached objects on hard disk, while more frequently used data are stored in RAM. Malloc storage keeps everything in RAM. Malloc storage will always be much faster than disk. However, if you have to use file storage, use an SSD as your storage medium.
Configuring /etc/varnish/default.vcl
The default.vcl is where you will spend most of your time. Once you have the /etc/default/varnish file configured, you will need to work on your /etc/varnish/default.vcl. One of the first tasks is to define a backend. As I mentioned earlier, you can use varnish on your webserver directly or use it on a dedicated box.
If you have Varnish operating on a dedicated box or are using a dedicated NIC, the .host declaration will define the LAN IP of your webserver. Otherwise, you would use the loopback address of 127.0.0.1. The .port directive tells Varnish the Apache listen port. Additional configuration options are optional, but give you more control over user activity.
If you use a Content Management System (CMS) for your web content, your VCL will need fine tuning so that you do not cache Cookies or other items that shouldn’t be cached during admin sessions.
I recommend visiting this 2-part article for configuring your Wordpress VCL at http://goo.gl/1rlj4 and http://goo.gl/HXzg3. If you are using some other CMS, you will need to determine what Cookies are used, and define them in your VCL. The two aforementioned links provide a basic template for defining Cookies, as you can add or replace entries fairly easy.
Security and Protection
Varnish can also provide a level of security to your network by creating a flexible method of IP blocking and path handling variables. For example, if you wanted to block IP addresses before they arrive to your webserver, simply insert the following regex into your /etc/varnish/default.vcl and reload Varnish. Blocking IP addresses with Varnish lets you maintain an IP firewall before it’s too late.
Once you have your VCL configured how you want it, validate it using:
varnishd -C -f /etc/varnish/default.vcl
The -C flag prints your VCL as compiled C# and validates it, while the -f flag is the location of your VCL file.
Configuring Apache for Varnish using VirtualHost
If you are using Apache’s VirtualHost feature, you need to add a line in your /etc/apache2/httpd.conf file to let Apache know what you are doing. You will need to define the .port number that you assigned it in Varnish (e.g. NameVirtualHost *:8500).
Next, configure your /etc/apache2/sites-available/domain.com using the template shown right. The port number on the first line needs to match what you have placed in your /etc/varnish/default.vcl backend declaration.
Lastly, change the Listen directive in /etc/apache2/ports.conf to match the port specified above (e.g. Listen 8500).
Helpful Commands
varnishstat - performance counters and diagnostics varnishtop -i rxurl - lists all traffic passing through your Varnish cache varnishadm - the Varnish administrative console, where you can issue ban commands and others varnishd -C -f /etc/varnish/default.vcl - prints your VCL as compiled C# and validates prior to enabling it live service varnish reload - reloads your VCL without erasing your current cache. varnishncsa - displays Varnish access logs in Apache
References:
https://www.varnish-cache.org/docs/3.0/reference/vcl.html
http://kaanon.com/blog/work/making-wordpress-shine-varnish-caching-system-part-1