In this tutorial, we will show you how to install Varnish Cache on CentOS. Improving website performance is a critical aspect of managing a successful web server. One of the most effective ways to enhance your site’s speed is by implementing a caching solution like Varnish Cache. As a high-performance HTTP accelerator, Varnish Cache significantly reduces server load and improves response times by storing web content in memory. This comprehensive guide will walk you through the process of installing and configuring Varnish Cache on CentOS, helping you optimize your web server’s performance with this powerful caching solution.
What is Varnish Cache and Why Use It?
Varnish Cache is a powerful open-source HTTP accelerator and reverse proxy designed specifically for improving web server performance. Unlike traditional caching systems, Varnish operates in memory, making it exceptionally fast and efficient at delivering content to users. By sitting in front of your web server and caching frequently accessed content, Varnish can dramatically reduce the load on your backend servers while simultaneously enhancing user experience through faster page load times.
The primary benefits of implementing Varnish Cache include:
- Significantly improved website response times, often by a factor of 300-1000x
- Reduced backend server load, allowing your infrastructure to handle more concurrent users
- Lower bandwidth usage through efficient content delivery
- Better handling of traffic spikes without affecting performance
- Flexible configuration through the Varnish Configuration Language (VCL)
- Effective load balancing capabilities for distributing traffic across multiple backend servers
Varnish Cache is particularly beneficial for content-heavy websites, e-commerce platforms, and high-traffic applications where performance is critical to user satisfaction and business success.
Prerequisites for Installing Varnish Cache
Before beginning the installation process, ensure that your system meets the following requirements:
- A CentOS 7 or CentOS 8 system with root or sudo access
- Minimum of 1GB RAM (though 2GB or more is recommended for production environments)
- At least 20GB of disk space
- Basic knowledge of Linux command line operations
- Familiarity with web server configurations (Apache or Nginx)
- A properly configured web server (we’ll be covering both Apache and Nginx integrations)
You’ll also need to ensure your system is up-to-date before proceeding with the installation:
sudo yum update -y
This command updates all packages on your system to their latest versions, which helps avoid compatibility issues during the installation process.
Understanding Varnish Architecture
To effectively implement Varnish Cache, it’s important to understand how it works within your web infrastructure. Varnish operates as a reverse proxy, sitting between your users and your web server. When a user requests content, Varnish first checks if it has a cached copy available in memory. If it does (a cache hit), Varnish serves this content directly to the user without involving the backend server.
The key components of the Varnish architecture include:
- The Management Process: Handles configuration and monitoring
- The Child Process: Performs the actual caching operations
- Varnish Configuration Language (VCL): A powerful, flexible scripting language for defining caching policies
- Memory Storage (malloc): The primary storage mechanism for cached objects
Varnish utilizes a storage engine (typically malloc) to allocate memory for cached content. The default configuration typically allocates 256MB, but this can be increased based on your server’s available resources and the volume of content you need to cache.
Installation on CentOS 7
Step 1: Adding Required Repositories
First, install the EPEL repository, which contains dependencies required for Varnish:
sudo yum install -y epel-release
Next, install the necessary dependencies:
sudo yum install -y pygpgme yum-utils
Now, create the Varnish repository configuration file:
sudo nano /etc/yum.repos.d/varnishcache_varnish60lts.repo
Add the following content to the file:
[varnishcache_varnish60lts]
name=varnishcache_varnish60lts
baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/7/x86_64
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Update the yum cache to include the new repository:
sudo yum -q makecache -y --disablerepo='*' --enablerepo='varnishcache_varnish60lts'
Step 2: Installing Varnish
Now that the repository is configured, install Varnish with the following command:
sudo yum install -y varnish
After installation completes, start the Varnish service and enable it to start automatically on system boot:
sudo systemctl start varnish
sudo systemctl enable varnish
Verify that Varnish is running correctly:
sudo systemctl status varnish
You should see output indicating that Varnish is active and running.
Installation on CentOS 8
Installing Varnish on CentOS 8 requires a slightly different approach due to changes in the package management system.
Step 1: Disabling the Default Varnish Module
On CentOS 8, you first need to disable the default Varnish module:
sudo dnf module disable varnish
Step 2: Installing EPEL Repository
Install the EPEL repository to access the required dependencies:
sudo yum install -y epel-release
Step 3: Setting Up the Varnish Repository
Source the operating system release file to make OS-related variables available:
. /etc/os-release
Create the Varnish repository configuration file:
sudo tee /etc/yum.repos.d/varnishcache_varnish60lts.repo > /dev/null <<-EOF
[varnishcache_varnish60lts]
name=varnishcache_varnish60lts
baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/${VERSION_ID%%.*}/$(arch)
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOF
Step 4: Installing Varnish
Install Varnish with the following command:
sudo yum install -y varnish
Start and enable the Varnish service:
sudo systemctl start varnish
sudo systemctl enable varnish
Verify the installation:
varnishd -V
sudo systemctl status varnish
These commands will display the Varnish version and confirm that the service is running properly.
Basic Varnish Configuration
After installing Varnish, you’ll need to configure it to work with your web server. The main Varnish configuration files are located in the /etc/varnish/
directory:
/etc/varnish/default.vcl
: The main VCL configuration file/etc/varnish/varnish.params
(CentOS 7) or/usr/lib/systemd/system/varnish.service
(CentOS 8): Contains runtime parameters
Changing the Default Listening Port
By default, Varnish listens on port 6081, but you’ll typically want it to listen on port 80 (the standard HTTP port). To change this, edit the service configuration:
sudo systemctl edit --full varnish
Find the ExecStart line and modify it to listen on port 80:
ExecStart=/usr/sbin/varnishd \
-a :80 \
-f /etc/varnish/default.vcl \
-s malloc,256m
You can also increase the memory allocation from the default 256MB to a larger value based on your server’s resources.
Configuring the Backend Server
The default.vcl
file defines how Varnish interacts with your backend server. Open the file for editing:
sudo nano /etc/varnish/default.vcl
The basic configuration looks like this:
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
}
This configuration tells Varnish to fetch content from a backend server running on the same machine (127.0.0.1) on port 8080. You’ll need to adjust these settings based on your actual backend server configuration.
After making changes to the configuration files, restart Varnish to apply them:
sudo systemctl daemon-reload
sudo systemctl restart varnish
Integrating Varnish with Apache
To set up Varnish with Apache, you’ll need to configure Apache to listen on a different port (commonly 8080) while Varnish listens on the standard HTTP port (80).
Step 1: Installing Apache
If you haven’t already installed Apache, do so with the following command:
sudo yum install -y httpd
Step 2: Configuring Apache
Edit the Apache configuration file to change the listening port:
sudo nano /etc/httpd/conf/httpd.conf
Find the line that begins with Listen 80
and change it to:
Listen 127.0.0.1:8080
This configuration tells Apache to listen only on the local interface on port 8080, allowing Varnish to handle public requests on port 80.
Step 3: Starting and Enabling Apache
Start and enable the Apache service:
sudo systemctl start httpd
sudo systemctl enable httpd
Step 4: Creating a Test Page
Create a simple test page to verify that your setup works correctly:
echo "
Varnish Test Page
This page is being served through Varnish Cache.
" | sudo tee /var/www/html/index.html
Step 5: Testing the Configuration
After configuring both Varnish and Apache, test your setup by accessing your server’s IP address in a web browser. If everything is configured correctly, you should see the test page, and it should load very quickly on subsequent refreshes as Varnish caches the content.
Advanced Varnish Configuration
Once you have Varnish running with a basic configuration, you can implement more advanced features to optimize performance and customize caching behavior.
Customizing VCL Rules
The Varnish Configuration Language (VCL) allows you to create sophisticated caching rules. Here’s an example of a more advanced VCL configuration:
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
.probe = {
.url = "/health.php";
.timeout = 2s;
.interval = 5s;
.window = 5;
.threshold = 3;
}
}
sub vcl_recv {
# Only cache GET and HEAD requests
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
# Don't cache authenticated content
if (req.http.Authorization) {
return (pass);
}
# Remove cookies for static content
if (req.url ~ "\.(jpg|jpeg|png|gif|ico|css|js)$") {
unset req.http.Cookie;
}
return (hash);
}
sub vcl_backend_response {
# Set cache time for different content types
if (beresp.http.Content-Type ~ "text/html") {
set beresp.ttl = 1h;
} elsif (beresp.http.Content-Type ~ "text/css") {
set beresp.ttl = 24h;
} elsif (beresp.http.Content-Type ~ "application/javascript") {
set beresp.ttl = 24h;
} elsif (beresp.http.Content-Type ~ "image/") {
set beresp.ttl = 48h;
}
return (deliver);
}
This configuration includes backend health checks, conditional caching based on request type, and different TTL (Time To Live) values for various content types.
Cache Control and TTL Settings
You can customize how long different types of content remain in the cache using TTL settings. For example, static content like images can have longer TTL values, while dynamic content might need shorter ones. Here’s how to set different TTL values:
sub vcl_backend_response {
# Set default TTL
set beresp.ttl = 1h;
# Custom TTL for specific content
if (bereq.url ~ "^/news/") {
set beresp.ttl = 5m; # News content expires quickly
} elsif (bereq.url ~ "^/static/") {
set beresp.ttl = 1d; # Static content lives longer
}
return (deliver);
}
These settings determine how long content remains in the cache before Varnish requests a fresh copy from the backend server.
Performance Tuning Tips
To get the most out of Varnish Cache, consider these performance optimization tips:
Memory Allocation
Adjust the malloc parameter to allocate an appropriate amount of memory for your cache:
-s malloc,4G
This example allocates 4GB of memory for the cache. The optimal value depends on your server’s available memory and the size of the content you’re caching.
Thread Pools Configuration
Configure thread pools to optimize performance:
-p thread_pool_min=50 \
-p thread_pool_max=1000 \
-p thread_pool_timeout=300
These settings control the number of worker threads Varnish uses to handle requests.
Workspace Settings
Adjust workspace parameters if you encounter issues with large headers:
-p workspace_client=256k \
-p workspace_backend=256k
These settings increase the buffer space for request and response handling.
HTTP Response Size Settings
If you encounter 503 errors due to large response headers, adjust the HTTP response parameters:
-p http_resp_hdr_len=65536 \
-p http_resp_size=98304
These settings increase the maximum size of HTTP headers and responses that Varnish can handle.
Security Considerations
Securing your Varnish installation is essential for protecting your web infrastructure:
Restricting Access to Admin Interface
The Varnish admin interface should not be publicly accessible. Configure your firewall to restrict access:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="trusted-ip-address" port port="6082" protocol="tcp" accept'
sudo firewall-cmd --reload
Secret File Configuration
Ensure the Varnish secret file has appropriate permissions:
sudo chmod 600 /etc/varnish/secret
This file contains a shared secret used for authentication with the Varnish admin interface.
Using a Non-Root User
For additional security, configure Varnish to run as a non-root user:
-u varnish -g varnish
This reduces the potential impact of security vulnerabilities.
Troubleshooting Common Issues
Even with careful configuration, you may encounter issues with your Varnish setup. Here are solutions to common problems:
Varnish Service Won’t Start
If Varnish fails to start, check the service status and logs:
sudo systemctl status varnish
sudo journalctl -u varnish
Common causes include:
- Configuration syntax errors in the VCL file
- Port conflicts (another service is already using the specified port)
- Insufficient memory for the allocated cache size
Cache Bypassing Issues
If content isn’t being cached as expected, check your VCL configuration:
varnishlog -g request -q "ReqURL eq '/your-url'"
This command shows the processing of a specific URL, helping you identify why it might be bypassing the cache.
Memory-Related Issues
If Varnish is consuming excessive memory or experiencing frequent restarts due to OOM (Out of Memory) errors, adjust the memory allocation and consider implementing the following environment variable for jemalloc optimization:
MALLOC_CONF="thp:never,narenas:2,dirty_decay_ms:5000,muzzy_decay_ms:5000"
Add this to your Varnish service configuration using:
sudo systemctl edit varnish
And add the following lines:
[Service]
Environment="MALLOC_CONF=thp:never,narenas:2,dirty_decay_ms:5000,muzzy_decay_ms:5000"
This configuration has been shown to help stabilize memory usage on CentOS 8 systems.
Monitoring Varnish Performance
Monitoring is crucial for ensuring optimal performance and troubleshooting issues:
Using varnishstat
The varnishstat
command provides real-time statistics about your Varnish instance:
varnishstat
Key metrics to monitor include:
- Cache hit ratio (
MAIN.cache_hit
andMAIN.cache_miss
) - Backend response time
- Memory usage
- Request rate
For specific metrics, use:
varnishstat -f MAIN.cache_hit
This shows only the cache hit counter.
Using varnishhist
The varnishhist
tool provides a graphical representation of response times:
varnishhist
This shows a histogram of response times, with cache hits and misses represented differently.
Setting Up External Monitoring
For more comprehensive monitoring, consider integrating Varnish with monitoring systems like Prometheus, Grafana, or commercial solutions. These tools can provide detailed insights into cache performance and alert you to potential issues.
Real-world Implementation Examples
Understanding how Varnish is used in real-world scenarios can help you implement it effectively in your own environment:
E-commerce Website
For an e-commerce site, you might configure Varnish to:
- Cache product images and static assets with long TTLs
- Exclude shopping cart and checkout pages from caching
- Implement user-specific caching using cookies or headers
- Use edge-side includes (ESI) for personalized content within cached pages
Content-heavy Website
For a content site like a news portal or blog:
- Cache article pages for moderate durations (30-60 minutes)
- Implement cache invalidation when content is updated
- Use different cache strategies for homepage (short TTL) vs. archival content (longer TTL)
- Implement mobile device detection for device-specific caching
These examples demonstrate how Varnish configuration can be tailored to specific use cases for optimal performance.
Congratulations! You have successfully installed Varnish. Thanks for using this tutorial for installing Varnish Cache on your CentOS system. For additional help or useful information, we recommend you check the official Varnish website.