AlmaLinuxRHEL Based

How To Install Varnish on AlmaLinux 10

r00t

Install Varnish on AlmaLinux 10

Varnish Cache stands as one of the most powerful HTTP accelerators available for Linux systems today. This comprehensive guide walks through the complete process of installing and configuring Varnish Cache on AlmaLinux 10, transforming your server into a high-performance web delivery system.

AlmaLinux 10, the enterprise-grade RHEL-based distribution, provides an ideal foundation for running Varnish Cache in production environments. Performance gains of 10x to 300x are commonly achieved when implementing Varnish correctly, making it an essential tool for high-traffic websites, content delivery networks, and API acceleration scenarios.

This tutorial covers everything from initial system preparation to advanced configuration optimization. Whether you’re a system administrator managing enterprise infrastructure or a developer optimizing web application performance, this guide provides the knowledge needed for successful Varnish implementation.

What is Varnish Cache and Why Use It on AlmaLinux 10?

Varnish Cache functions as an HTTP accelerator and reverse proxy, storing frequently requested content in memory for lightning-fast delivery. Unlike traditional caching solutions, Varnish operates entirely in memory, eliminating disk I/O bottlenecks that plague other caching mechanisms.

The software excels at caching dynamic content, making it particularly valuable for content management systems, e-commerce platforms, and API-heavy applications. Varnish can handle thousands of concurrent connections while using minimal server resources, making it perfect for AlmaLinux 10’s enterprise-focused architecture.

Key benefits include dramatic page load speed improvements, reduced server load on backend applications, enhanced user experience through faster content delivery, and significant bandwidth savings through intelligent content compression and caching strategies.

AlmaLinux 10’s stability and security features complement Varnish’s performance capabilities perfectly. The distribution’s long-term support cycle ensures reliable operation for production environments, while its RHEL compatibility guarantees access to enterprise-grade packages and security updates.

Prerequisites and System Requirements

Essential Server Specifications

Your AlmaLinux 10 server requires adequate resources for optimal Varnish performance. Minimum specifications include 2GB of RAM, though 4GB or more is recommended for production deployments. Disk space requirements start at 10GB, with additional storage needed based on your specific caching requirements.

A static IP address is highly recommended for production installations, particularly when implementing SSL termination or load balancing configurations. Domain name configuration, while optional for testing, becomes essential for production deployments with proper DNS management.

Access Requirements and Permissions

Root access or a non-root user account with full sudo privileges is mandatory for installation and configuration tasks. The installation process requires modifying system files, installing packages, and managing system services – all operations requiring elevated permissions.

Basic command-line interface familiarity is essential. Users should be comfortable with text editors like nano or vim, understand basic file permissions, and have experience with systemd service management concepts.

Network and Firewall Considerations

Proper firewall configuration is crucial for Varnish deployment. The installation process involves modifying default port assignments, requiring careful firewall rule updates to maintain security while enabling proper functionality.

Network connectivity to package repositories is essential during installation. Ensure your server can access EPEL repositories and external package sources required for Varnish installation and updates.

Pre-Installation Planning

Document your current web server configuration before beginning installation. Create backups of existing Apache or Nginx configurations, as the installation process requires significant modifications to port assignments and virtual host configurations.

Plan a maintenance window for implementation, particularly for production systems. While Varnish installation can be performed with minimal downtime, proper planning ensures smooth deployment without service interruptions.

Step 1: System Update and Preparation

Updating Package Repositories

Begin by updating your AlmaLinux 10 system to ensure all packages are current and security patches are applied. This step prevents compatibility issues during Varnish installation and ensures optimal system stability.

sudo dnf update -y

The update process may take several minutes depending on the number of packages requiring updates. Monitor the output for any error messages or conflicts that might affect subsequent installation steps.

Installing Essential Development Tools

Varnish compilation and configuration require development tools and utilities not included in minimal AlmaLinux installations. Install the complete development toolchain to avoid compilation errors during installation.

sudo dnf groupinstall "Development Tools" -y
sudo dnf install wget curl nano vim -y

These tools provide essential functionality for downloading packages, editing configuration files, and troubleshooting potential issues during installation and configuration.

Disabling Default Varnish Module

AlmaLinux 10 includes a default Varnish module that may conflict with the latest version installation. Disable this module to prevent version conflicts and ensure clean installation of the desired Varnish version.

sudo dnf module list varnish
sudo dnf module disable varnish -y

Verify the module is properly disabled before proceeding. This step prevents package conflicts that could cause installation failures or result in outdated Varnish versions.

System Service Preparation

Familiarize yourself with systemd service management, as Varnish relies heavily on systemd for service control and monitoring. Understanding these concepts simplifies configuration and troubleshooting tasks.

systemctl --version
systemctl list-unit-files --type=service | grep -i web

Review existing web services to identify potential port conflicts or service dependencies that might affect Varnish installation and operation.

Step 2: Adding Varnish Repository and Installing Varnish

Repository Configuration

Install the EPEL repository, which provides additional packages required for Varnish installation and optimal functionality on AlmaLinux 10 systems.

sudo dnf install epel-release -y
sudo dnf install dnf-plugins-core -y

The DNF plugins provide enhanced package management capabilities, including repository management features essential for adding third-party repositories safely.

Adding Official Varnish Repository

Install the official Varnish repository using the PackageCloud installation script. This method ensures access to the latest stable Varnish releases with proper security signatures.

curl -s https://packagecloud.io/install/repositories/varnishcache/varnish72/script.rpm.sh | sudo bash

The script automatically configures repository settings, GPG keys, and package signatures required for secure package installation. Verify the repository installation completed successfully before proceeding.

Installing Varnish Cache

With repositories properly configured, install Varnish Cache using the DNF package manager. The installation process includes all necessary dependencies and configuration files.

sudo dnf install varnish -y

Monitor the installation output for any error messages or dependency conflicts. The package installation includes the Varnish daemon, command-line tools, and default configuration files necessary for basic operation.

Verifying Installation Success

Confirm Varnish installed correctly by checking the installed version and verifying all essential files are present in the expected locations.

varnishd -V
ls -la /etc/varnish/
ls -la /usr/lib/systemd/system/varnish.service

These commands display version information and confirm critical configuration files are properly installed and accessible for modification.

Initial Service Management

Start and enable the Varnish service to ensure it begins automatically during system startup. Initial service startup uses default configuration settings.

sudo systemctl start varnish
sudo systemctl enable varnish
sudo systemctl status varnish

Review the service status output carefully. Successful startup indicates basic functionality, though additional configuration is required for production use.

Step 3: Configuring Varnish Cache

Systemd Service Configuration

Modify the Varnish systemd service file to customize daemon parameters and port assignments. The default configuration requires adjustment for most production deployments.

sudo cp /usr/lib/systemd/system/varnish.service /etc/systemd/system/varnish.service
sudo nano /etc/systemd/system/varnish.service

Locate the ExecStart line and modify it to change the listening port from 6081 to 80, enabling Varnish to serve requests on the standard HTTP port:

ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

The -s malloc,256m parameter allocates 256MB of memory for caching. Adjust this value based on your server’s available RAM and caching requirements.

VCL Configuration Fundamentals

The Varnish Configuration Language (VCL) controls caching behavior and request handling logic. Edit the default VCL file to configure backend servers and caching policies.

sudo cp /etc/varnish/default.vcl /etc/varnish/default.vcl.backup
sudo nano /etc/varnish/default.vcl

Configure the backend definition to point to your web server running on port 8080:

vcl 4.1;

backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .connect_timeout = 60s;
    .first_byte_timeout = 60s;
    .between_bytes_timeout = 60s;
}

sub vcl_recv {
    # Remove cookies for static files
    if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|pdf|flv|txt)$") {
        unset req.http.Cookie;
    }
    
    # Pass POST requests and admin requests
    if (req.method == "POST" || req.url ~ "^/admin") {
        return(pass);
    }
}

sub vcl_backend_response {
    # Set cache TTL for different content types
    if (bereq.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|pdf|flv|txt)$") {
        set beresp.ttl = 7d;
        set beresp.http.Cache-Control = "public, max-age=604800";
    }
    
    # Cache HTML for 1 hour
    if (beresp.http.Content-Type ~ "text/html") {
        set beresp.ttl = 1h;
    }
}

sub vcl_deliver {
    # Add cache status headers for debugging
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
        set resp.http.X-Cache-Hits = obj.hits;
    } else {
        set resp.http.X-Cache = "MISS";
    }
    
    # Remove sensitive headers
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
}

Advanced Caching Strategies

Implement sophisticated caching rules to maximize performance while ensuring content freshness. Consider different TTL values for various content types and implement cache invalidation strategies for dynamic content.

Configure grace mode to serve stale content when backend servers are unavailable:

sub vcl_hit {
    if (obj.ttl >= 0s) {
        return(deliver);
    }
    
    if (std.healthy(req.backend_hint)) {
        if (obj.ttl + 10s > 0s) {
            set req.http.grace = "normal(limited)";
            return(deliver);
        } else {
            return(restart);
        }
    } else {
        set req.http.grace = "unlimited";
        return(deliver);
    }
}

Memory and Storage Optimization

Calculate optimal cache size based on available system memory. Reserve adequate memory for the operating system and other services while maximizing cache effectiveness.

For servers with 8GB RAM, allocate 4-6GB to Varnish caching:

ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,4g

Monitor memory usage patterns and adjust allocation based on actual cache hit ratios and system performance metrics.

Step 4: Configuring Apache/Nginx for Varnish

Apache Configuration Modifications

Install Apache HTTP Server if not already present on your AlmaLinux 10 system:

sudo dnf install httpd -y

Modify the Apache configuration to listen on port 8080 instead of the default port 80, allowing Varnish to handle incoming HTTP requests:

sudo nano /etc/httpd/conf/httpd.conf

Change the Listen directive:

Listen 8080

Update all virtual host configurations to use the new port assignment:

<VirtualHost *:8080>
    ServerName example.com
    DocumentRoot /var/www/html
    
    # Add headers to identify backend server
    Header always set X-Backend-Server "Apache"
    
    # Log client IP from Varnish
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" varnish
    CustomLog logs/access_log varnish
</VirtualHost>

Nginx Alternative Configuration

For environments using Nginx instead of Apache, modify the configuration accordingly:

sudo dnf install nginx -y
sudo nano /etc/nginx/nginx.conf

Update the server block configuration:

server {
    listen 8080;
    server_name example.com;
    root /var/www/html;
    index index.html index.php;
    
    # Set real IP from Varnish
    set_real_ip_from 127.0.0.1;
    real_ip_header X-Forwarded-For;
    
    # Add backend identification header
    add_header X-Backend-Server "Nginx";
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    # PHP processing (if needed)
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Firewall Configuration Updates

Configure firewall rules to allow HTTP traffic through Varnish while securing backend server access:

sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Verify firewall configuration:

sudo firewall-cmd --list-all
netstat -tulnp | grep -E ':(80|8080|6082)'

Service Restart and Verification

Restart all affected services to apply configuration changes:

sudo systemctl daemon-reload
sudo systemctl restart httpd  # or nginx
sudo systemctl restart varnish

Create a test file to verify backend server functionality:

echo "<h1>Backend Server Test</h1><p>Time: $(date)</p>" | sudo tee /var/www/html/test.html
curl -H "Host: example.com" http://localhost:8080/test.html

Step 5: Testing Varnish Installation and Cache

Basic Functionality Testing

Verify Varnish is properly intercepting and caching requests using curl commands with verbose output:

curl -I http://localhost/test.html
curl -I http://localhost/test.html

The first request should show cache headers indicating a cache miss, while subsequent requests should demonstrate cache hits with appropriate headers.

HTTP Header Analysis

Examine response headers to understand caching behavior and verify proper configuration:

curl -v http://localhost/test.html 2>&1 | grep -E "(Via|X-Varnish|X-Cache|Age):"

Expected headers include:

  • Via: 1.1 varnish indicating Varnish processed the request
  • X-Varnish with transaction IDs
  • X-Cache: HIT or X-Cache: MISS showing cache status
  • Age header indicating content freshness

Performance Monitoring Tools

Utilize Varnish’s built-in monitoring tools to analyze cache performance and identify optimization opportunities:

# Real-time statistics
varnishstat

# Detailed request logging
varnishlog -q "ReqURL ~ '/test.html'"

# Top requests analysis
varnishtop -i ReqURL

Monitor key metrics including cache hit ratio, backend connection counts, memory utilization, and request processing times.

Load Testing and Validation

Perform basic load testing to validate cache effectiveness:

# Install Apache Bench for testing
sudo dnf install httpd-tools -y

# Test without Varnish (direct to backend)
ab -n 1000 -c 10 http://localhost:8080/test.html

# Test with Varnish
ab -n 1000 -c 10 http://localhost/test.html

Compare response times and requests per second to quantify performance improvements achieved through Varnish caching.

Cache Hit Ratio Analysis

Analyze cache effectiveness using varnishstat output:

varnishstat -1 | grep -E "(cache_hit|cache_miss|cache_hitpass)"

Calculate hit ratio percentage:

  • Healthy caches typically achieve 80-95% hit ratios
  • Low hit ratios may indicate configuration issues
  • Monitor trends over time for optimization opportunities

Step 6: Advanced Configuration and Optimization

Multi-Backend Load Balancing

Configure multiple backend servers for high availability and load distribution:

backend web1 {
    .host = "192.168.1.10";
    .port = "8080";
    .probe = {
        .url = "/health-check";
        .timeout = 1s;
        .interval = 5s;
        .window = 5;
        .threshold = 3;
    }
}

backend web2 {
    .host = "192.168.1.11";
    .port = "8080";
    .probe = {
        .url = "/health-check";
        .timeout = 1s;
        .interval = 5s;
        .window = 5;
        .threshold = 3;
    }
}

director loadbalancer random {
    { .backend = web1; .weight = 1; }
    { .backend = web2; .weight = 1; }
}

sub vcl_recv {
    set req.backend_hint = loadbalancer.backend();
}

Performance Tuning Parameters

Optimize Varnish performance through advanced configuration parameters:

sudo nano /etc/systemd/system/varnish.service

Enhanced ExecStart configuration:

ExecStart=/usr/sbin/varnishd \
    -a :80 \
    -T localhost:6082 \
    -f /etc/varnish/default.vcl \
    -S /etc/varnish/secret \
    -s malloc,4g \
    -p thread_pool_min=100 \
    -p thread_pool_max=4000 \
    -p thread_pool_add_delay=0.002 \
    -p ban_lurker_sleep=0.01 \
    -p feature=+http2

SSL/TLS Integration Strategy

While Varnish doesn’t handle SSL termination directly, implement SSL using a reverse proxy configuration:

# Nginx SSL termination configuration
server {
    listen 443 ssl http2;
    server_name example.com;
    
    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;
    
    # SSL optimization
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
    ssl_prefer_server_ciphers off;
    
    location / {
        proxy_pass http://127.0.0.1:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Cache Invalidation Strategies

Implement intelligent cache invalidation for dynamic content updates:

sub vcl_recv {
    # PURGE method for cache invalidation
    if (req.method == "PURGE") {
        if (!client.ip ~ purge) {
            return(synth(405,"Not allowed."));
        }
        return(purge);
    }
    
    # BAN method for pattern-based invalidation
    if (req.method == "BAN") {
        if (!client.ip ~ purge) {
            return(synth(405,"Not allowed."));
        }
        ban("obj.http.x-url ~ " + req.url);
        return(synth(200, "Ban added"));
    }
}

# Define allowed IPs for cache management
acl purge {
    "localhost";
    "192.168.1.0"/24;
}

Monitoring and Alerting Configuration

Implement comprehensive monitoring for production Varnish deployments:

# Create monitoring script
sudo nano /usr/local/bin/varnish-health-check.sh
#!/bin/bash
CACHE_HIT_RATIO=$(varnishstat -1 -f cache_hit -f cache_miss | \
    awk 'BEGIN{hit=0;miss=0} /cache_hit/{hit=$2} /cache_miss/{miss=$2} END{if(hit+miss>0) print (hit/(hit+miss))*100}')

if (( $(echo "$CACHE_HIT_RATIO < 80" | bc -l) )); then
    echo "WARNING: Cache hit ratio is ${CACHE_HIT_RATIO}%"
    exit 1
fi

echo "OK: Cache hit ratio is ${CACHE_HIT_RATIO}%"
exit 0
sudo chmod +x /usr/local/bin/varnish-health-check.sh

Step 7: Troubleshooting Common Issues

Service Startup Failures

When Varnish fails to start, examine systemd logs for detailed error information:

sudo journalctl -u varnish -f
sudo systemctl status varnish -l

Common startup issues include:

  • Port binding conflicts: Another service using port 80
  • VCL syntax errors: Invalid configuration syntax
  • Permission problems: Incorrect file ownership or permissions
  • Memory allocation failures: Insufficient available memory

Resolve port conflicts by identifying competing services:

sudo netstat -tulpn | grep :80
sudo lsof -i :80

VCL Compilation Errors

Validate VCL syntax before restarting services:

sudo varnishd -C -f /etc/varnish/default.vcl

Common VCL errors include:

  • Missing semicolons or braces
  • Undefined variables or functions
  • Incorrect backend definitions
  • Invalid regular expressions

Cache Performance Issues

Low cache hit ratios indicate configuration problems or inappropriate caching strategies:

varnishstat -1 | grep -E "(cache_hit|cache_miss)" | \
    awk '{total+=$2} END {print "Total requests: " total}'

Investigate cache misses using detailed logging:

varnishlog -q "VCL_call eq MISS" -i VCL_Log

Backend Connectivity Problems

Test backend server connectivity independently of Varnish:

curl -I http://localhost:8080/
telnet localhost 8080

Monitor backend health checks:

varnishlog -g session -q "Backend_health"

Memory and Resource Issues

Monitor system resource utilization during peak loads:

free -h
top -p $(pgrep varnishd)
iostat -x 1

Adjust memory allocation based on actual usage patterns and available system resources.

Log Analysis and Debugging

Enable detailed logging for troubleshooting complex issues:

# Log all requests to file
varnishlog -w /var/log/varnish/varnish.log

# Analyze specific URLs
varnishlog -q "ReqURL ~ '/problematic-page'"

# Monitor ban operations
varnishlog -q "VCL_call eq BAN"

Congratulations! You have successfully installed Varnish. Thanks for using this tutorial for installing the Varnish HTTP Cache on your AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official Varnish website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button