How to install Varnish Cache on cPanel

A few days ago one of our customers requested our tech suppor team to install Varnish on a cPanel + CentOS 7 dedicated server.

He wanted to stick to Apache, but to speed up the static file serving, and this is the configuration we used to help him.

But first, before into getting directly into the installation process, let’s find out what is varnish and how does it work.

install varnish on cpanel

What is Varnish Cache?

Varnish Cache is a web app accelerator, also known as a reverse http proxy, it is wiedely used to speed up small and big web applications, as well as heavy traffic APIs.

It works in front of an HTTP web server like Apache or Nginx, and to start using it the only thing you have to do is to configure a few variables on the server configuration files, like the storage cache destiny.

Today varnish cache is used by the top sites in the world like Wikipedia, Twitter, New York times, The Guardian, and many other busy websites.

The only downside of Varnish Cache is the fact they don’t support HTTPS. But on this tutorial we will focus on http caching, so that shouldn’t be a problem.

If you want to have a deep introduction of what Varnish Cache is capable of, I suggest you taking a quick look to this video:

1. Install Varnish Cache on cPanel + CentOS 7

Let’s begin with the fun part:

Create a new repo file for Varnish:

nano -w /etc/yum.repos.d/varnishcache_varnish5.repo

Paste this content inside:

[varnishcache_varnish5]
name=varnishcache_varnish5
baseurl=https://packagecloud.io/varnishcache/varnish5/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[varnishcache_varnish5-source]
name=varnishcache_varnish5-source
baseurl=https://packagecloud.io/varnishcache/varnish5/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Clean yum cache and enable the Varnish Cache repository:

yum -q makecache -y --disablerepo='*' --enablerepo='varnishcache_varnish5'

Install Varnish on cPanel

yum install varnish varnish-devel

That’s it, you have Varnish installed, now let’s see how to create a simple configuration.

Edit the following file:

nano -w /etc/varnish/varnish.params

Leave the variable: VARNISH_LISTEN_PORT using the 80 port,  as you see below:

VARNISH_LISTEN_PORT=80

Save the changes pressing CTRL + X and then Y.

Edit default.vlc configuration file:

nano -w /etc/varnish/default.vcl

At “backend default”, set the following values:

backend default {
.host = "XX.XX.XX.XX";
.port = "8080";
}

Make sure you replace XX.XX.XX.XX with your real server IP.

On the same file, scroll down until you see the sub vlc_recv section, if it is not present, add it and make sure it is as you see below:

sub vcl_recv {
if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
return(hash);
}
}

Save your changes and exit the file.

Some binary changes are necessary in order to have Varnish Cache working on cPanel.

chmod 755 /usr/bin/gcc -v
chmod 755 /usr/bin/ld -v

By the way, remember to open 8080 port on your firewall at TCP IN and TPC OUT, just in case.

Change Apache port to listen on 8080 on WHM control panel

As Varnish will listen on the 80 port, it can not run at the same time that Apache does on the same port. That’s why we will change Apache port to listen on an alternative port, like 8080.

  • Move to WHM > Tweak Settings.
  • Select “Apache non-SSL IP/port” and set 8080.
  • Save the changes.

Finally, restart Apache from the root terminal:

systemctl restart httpd.service

Now we are ready to enable Varnish.

2. Start Varnish Cache on cPanel

Now start the varnish server as you see below:

varnishd -d -f /etc/varnish/default.vcl

or directly using systemctl

systemctl restart varnish.service

Make sure it is enabled at boot time:

systemctl enable varnish.service

If you get an ouput similar to what you see below, then it means Varnish is working as expected:

[[email protected]:~]varnishd -d -f /etc/varnish/default.vcl
Debug: Platform: Linux,3.10.0-714.10.2.lve1.4.63.el7.x86_64,x86_64,-junix,-smalloc,-smalloc,-hcritbit
200 304
-----------------------------
Varnish Cache CLI 1.0
-----------------------------
Linux,3.10.0-714.10.2.lve1.4.63.el7.x86_64,x86_64,-junix,-smalloc,-smalloc,-hcritbit
varnish-5.2.0 revision 4c4875cbf

Type 'help' for command list.
Type 'quit' to close CLI session.
Type 'start' to launch worker process.

That’s all, at this time you should have Varnish Cache installed and working properly on your cPanel server serving the static files.

3. Test Varnish

Now that Varnish is running, we need to test if it is working or not.

The best way to test it is using my beloved curl command.

curl -I XX.XX.XX

Replace “XX.XX.XX.XX” with your server IP address.

You should see something like this, showing the “Via: Varnish/5.x” on the headers.

[[email protected] ~]$ curl -I XX.XX.XX
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 11:48:33 GMT
Server: Apache
Last-Modified: Thu, 30 Jun 2016 14:48:01 GMT
Content-Length: 111
Content-Type: text/html
X-Varnish: 686055
Age: 0
Via: 1.1 varnish (Varnish/5.2)
Accept-Ranges: bytes
Connection: keep-alive

If you see this then congratulations, now you know how to install varnish cache on cPanel based servers.

Varnish Cache logs & stats

After you install Varnish the first thing to do is to keep an eye in the cache parameters and statistics.

Varnish already comes with a handful set of stats and logs tools so you can monitor your Varnish Cache usage easily.

With thsi Varnish tools you can get performance metrics of your web apps and how they interact with Varnish server.

  • varnishtop: grouped stats showing the most common resources from Varnish logs.
  • varnishhist:  histogram showing time taken for the requests processing.
  • varnishsizes: same as varnishhits, but instead of time it only shows size of the objects.
  • varnishstat: used to show content of cache hits, as well as resource usage stats.
  • varnishlog: used to see the log of all incoming requests in real time.

How do you run this Varnish tool commands?

As simple as you see below:

varnishstat

Output should be similar to what you see below:

varnishstat output

What about https?

https requests from the server will be served from the 443 port using Apache, so you will not notice any improvements for https based pages, as Varnish still does not support SSL request processing.

Further reading:

About the Author: Esteban Borges

Experienced Sr. Linux SysAdmin and Web Technologist, passionate about building tools, automating processes, fixing server issues, troubleshooting, securing and optimizing high traffic websites.

3 Comments

  1. Thank you for the great gude!

    One thing to note, Compiler access can be enabled via WHM as well via “Security Center > Compiler Access”

    Turning on that option will change permissions on compiler and linker.

    1. Hey Ivan,

      Thanks for your suggestion, however… I’ve found that even if you have Compiler access enabled for all users it doesn’t work as expected, somehow cPanel is overriding the changes and doesn’t fully allow the Varnish server to start as expected. I had to apply chattr +i to both binaries in order to prevent this from happening again.

      Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *