Installing Varnish Web cache on a CentOS 5 VM
Howto install and configure Varnish v1.1.2
May 2010: Varnish v2.0.6 is part of EPEL (Original article is from March 2008)
Varnish is not part of the CentOS distribution, EPEL, ATRpms, etc. Binary x86_64 RHEL5 RPM's are on the sourceforge site. Download the two binary RPM's and install them. As per the FAQ, varnish requires a complier to compile the configuration.
Installation
In theory we could download the binary RPM's and use yum to install them [4]; however the sourceforge binary RPM's aren't signed (and/or I haven't installed the GPG key), so just manually install the prerequisite packages, and then use rpm to install the two varnish rpms.
# yum install logrotate libgomp gcc cpp binutils kernel-headers glibc-headers glibc-devel # rpm -Uvh varnish-1.1.2-5el5.x86_64.rpm varnish-libs-1.1.2-5el5.x86_64.rpm
Configuration
Configuration of the varnish daemon is straight forward. I cut the sample /etc/sysconfig/varnish file down [1] to a basic configuration. I changed the cache to listen only on the loopback interface, as it should only be accessed via the local NGINX proxy.
Creating a 'vcl' file is unconstrained, and would (IMHO) require a large time investment. Varnish comes with an example[2] for Zope/Plone (/usr/share/doc/varnish-1.1.2/examples/zope-plone.vcl). I also found this example [3], which adds a couple for directives to the 'vcl_recv' section - I used this as with casual inspection it seemed reasonable. Copy this sample to '/etc/varnish/default.vcl'. Change the address at the top of the file to the Zope listener (which is zope-internal.lucidsolutions.co.nz [192.168.0.65], port 8080).
Run
Enable and start the services
# for A in varnish varnishlog ; do chkconfig $A on ; service $A start ; done
Links
- http://varnish.projects.linpro.no/
- http://en.wikipedia.org/wiki/Varnish_cache
- http://sourceforge.net/project/showfiles.php?group_id=155816
Configuration
Appendices
[1] /etc/sysconfig/varnish
# Configuration file for varnish
#
# /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
# shell script fragment.
#
# Maximum number of open files (for ulimit -n)
NFILES=131072
# Listen on port 6081, administration on localhost:6082, and forward to
# one content server selected by the vcl file, based on the request. Use a
# fixed-size cache file.
#
DAEMON_OPTS="-a localhost:6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u varnish -g varnish \
-s file,/var/lib/varnish/varnish_storage.bin,1G"
[2] /usr/share/doc/varnish-1.1.2/examples/zope-plone.vcl (with trailing default.vcl commented out section removed) Note: the 192.0.2.0 network should be removed from the 'acl purge' section.
#
# This is a basic VCL configuration file for varnish. See the vcl(7)
# man page for details on VCL syntax and semantics.
#
# $Id: default.vcl 1424 2007-05-15 19:38:56Z des $
#
# Default backend definition. Set this to point to your content
# server.
backend default {
set backend.host = "127.0.0.1";
set backend.port = "9673";
}
acl purge {
"localhost";
"192.0.2.0"/24;
}
sub vcl_recv {
if (req.request != "GET" && req.request != "HEAD") {
# PURGE request if zope asks nicely
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}
pipe;
}
if (req.http.Expect) {
pipe;
}
if (req.http.Authenticate || req.http.Authorization) {
pass;
}
# We only care about the "__ac.*" cookies, used for authentication
if (req.http.Cookie && req.http.Cookie ~ "__ac(|_(name|password|persistent))=") {
pass;
}
lookup;
}
# Do the PURGE thing
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache";
}
}
# Enforce a minimum TTL, since we PURGE changed objects actively from Zope.
sub vcl_fetch {
if (obj.ttl < 3600s) {
set obj.ttl = 3600s;
}
}
[3] /etc/varnish/default.vcl
# This is a basic vcl.conf file for varnish.
# Modifying this file should be where you store your modifications to
# varnish. Settnigs here will override defaults.
backend default {
# Your Zope / Plone instance.
set backend.host = "192.168.0.65";
set backend.port = "8080";
}
acl purge {
"localhost";
}
sub vcl_recv {
if (req.request != "GET" && req.request != "HEAD") {
# PURGE request if zope asks nicely
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}
pipe;
}
if (req.http.Expect) {
pipe;
}
if (req.http.Authenticate || req.http.Authorization) {
pass;
}
# We only care about the "__ac.*" cookies, used for authentication
if (req.http.Cookie && req.http.Cookie ~ "__ac(|_(name|password|persistent))=") {
pass;
}
# File type that we will always cache
if (req.request == "GET" && req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|\
svg|swf|ico|css|js|vsd|doc|ppt|pps|xls|pdf|mp3|mp4|m4a|ogg|mov|avi|wmv|sxw|zip|\
gz|bz2|tgz|tar|rar|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw|dmg|torrent|\
deb|msi|iso|rpm)$") {
lookup;
}
if (req.request == "POST") {
pipe;
}
# force lookup even when cookies are present
if (req.request == "GET" && req.http.cookie) {
lookup;
}
lookup;
}
sub vcl_fetch {
# force minimum ttl of 300 seconds
if (obj.ttl < 300s) {
set obj.ttl = 300s;
}
}
# Do the PURGE thing
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache";
}
}
[4] Varnish
install (Note: This output doesn't show the unsigned RPM failure, as noted above)
Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: varnish x86_64 1.1.2-5el5 varnish-1.1.2-5el5.x86_64.rpm 315 k varnish-libs x86_64 1.1.2-5el5 varnish-libs-1.1.2-5el5.x86_64.rpm 115 k Installing for dependencies: binutils x86_64 2.17.50.0.6-5.el5 base 2.9 M cpp x86_64 4.1.2-14.el5 base 2.9 M gcc x86_64 4.1.2-14.el5 base 5.3 M glibc-devel x86_64 2.5-18.el5_1.1 updates 2.4 M glibc-headers x86_64 2.5-18.el5_1.1 updates 598 k kernel-headers x86_64 2.6.18-53.1.13.el5 updates 820 k libgomp x86_64 4.1.2-14.el5 base 76 k logrotate x86_64 3.7.4-8 updates 39 k Transaction Summary ============================================================================= Install 10 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 15 M Is this ok [y/N]: y Downloading Packages:
