How To Install Varnish on CentOS Stream 10

Web performance optimization has become critical for businesses competing in today’s digital landscape. Varnish Cache stands as one of the most powerful HTTP reverse proxy and caching solutions available, capable of delivering exceptional performance improvements for web applications. This comprehensive guide will walk you through the complete process of installing and configuring Varnish Cache on CentOS Stream 10, transforming your server into a high-performance web accelerator.

CentOS Stream 10 provides an excellent foundation for enterprise deployments, offering stability and cutting-edge features that complement Varnish’s capabilities. By implementing this caching solution, you can achieve dramatic performance improvements, with some configurations delivering 300-1000x speed increases. Whether you’re managing a high-traffic website, API services, or complex web applications, this installation guide will equip you with the knowledge needed to successfully deploy Varnish Cache on your CentOS Stream 10 server.

Understanding Varnish Cache

What is Varnish Cache?

Varnish Cache operates as an HTTP reverse proxy and web application accelerator, positioning itself between your web server and incoming client requests. This sophisticated caching solution stores frequently requested content in memory, eliminating the need for repeated backend server processing. When properly configured, Varnish can handle traffic loads exceeding 20 Gbps on standard hardware configurations.

The architecture works by intercepting HTTP requests before they reach your web server. If the requested content exists in Varnish’s cache, it serves the response immediately. Otherwise, it forwards the request to the backend server, caches the response, and delivers it to the client. This process significantly reduces server load and improves response times.

Key Benefits and Use Cases

Varnish Cache delivers substantial performance improvements across various deployment scenarios. Primary benefits include dramatic reduction in server load, improved scalability for high-traffic applications, and enhanced user experience through faster page load times. The solution excels at managing traffic spikes, making it invaluable for e-commerce platforms, news websites, and content management systems.

API caching represents another crucial use case where Varnish demonstrates exceptional value. Modern applications often rely heavily on API calls, and caching these responses can significantly improve application performance. Varnish’s flexible configuration language allows for sophisticated caching rules that can handle complex API scenarios, including conditional caching based on request parameters or authentication status.

Whole site caching scenarios benefit tremendously from Varnish’s capabilities. Content management systems like WordPress, Drupal, and custom applications can leverage Varnish to serve cached pages while maintaining dynamic functionality through selective cache invalidation.

Prerequisites and System Requirements

System Requirements

Before beginning the Varnish installation process, ensure your CentOS Stream 10 server meets the minimum system requirements. A server with at least 2GB of RAM is recommended, though 4GB or more provides better performance for production environments. Storage requirements depend on your caching needs, but allocating sufficient space for log files and temporary cache storage is essential.

Network configuration plays a crucial role in Varnish deployment. Ensure your server has proper network connectivity and that relevant ports (80, 443, and 6081) are accessible. Consider bandwidth requirements, as Varnish may increase outbound traffic during initial cache warming periods.

Required Permissions and Access

Administrative access is mandatory for Varnish installation and configuration. You’ll need root privileges or sudo access to install packages, modify system files, and manage services. SSH access to the server is required for command-line operations throughout the installation process.

Firewall considerations include ensuring that HTTP (port 80) and HTTPS (port 443) traffic can reach your server. Additionally, you may need to configure access to Varnish’s administrative interface, which typically runs on port 6081.

Pre-installation Checklist

System updates should be applied before beginning the installation process. This ensures compatibility and reduces potential conflicts during package installation. Create system backups, particularly of web server configurations, to enable quick recovery if issues arise.

Verify the status of existing services, especially web servers like Apache or Nginx, as these will require configuration changes to work properly with Varnish. Document current system configurations to facilitate troubleshooting if needed.

Preparing the System

System Updates

Begin by updating your CentOS Stream 10 system to ensure all packages are current. Execute the following command to update all installed packages:

dnf update -y

This command downloads and installs available updates, which may require a system reboot depending on the packages updated. After the update completes, verify your system version:

cat /etc/os-release

This command displays detailed information about your CentOS Stream 10 installation, confirming the operating system version and build details. Ensure the package manager is functioning correctly by checking its status and clearing any cached metadata.

Firewall Configuration

Proper firewall configuration is essential for Varnish operation. CentOS Stream 10 uses firewalld as the default firewall management tool. Configure firewall rules to allow HTTP traffic on port 80:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

These commands permanently enable HTTP and HTTPS services in the firewall configuration. Verify the firewall status and active zones:

firewall-cmd --list-all

This command displays current firewall rules, confirming that web traffic is properly allowed. Consider creating custom rules if your deployment requires non-standard port configurations.

Disabling Conflicting Services

CentOS Stream 10 may include default Varnish modules that can conflict with manual installations. Disable the default Varnish module using the following command:

dnf module disable varnish -y

This step prevents conflicts between different Varnish versions and ensures clean installation from the official repository. Check for existing web server configurations that might interfere with Varnish operation, particularly services listening on port 80.

Installing Dependencies

EPEL Repository Installation

The Extra Packages for Enterprise Linux (EPEL) repository provides additional packages required for Varnish installation. Install the EPEL repository using the following command:

dnf install epel-release -y

EPEL serves as a crucial dependency source for Varnish and its associated packages. After installation, verify EPEL repository availability:

dnf repolist enabled | grep epel

This command confirms that EPEL is properly configured and available for package installation. The repository provides essential packages that aren’t included in the standard CentOS Stream 10 repositories.

Additional Dependencies

Install additional required packages for Varnish functionality:

dnf install pygpgme yum-utils -y

These packages provide essential functionality for GPG key management and repository handling. The pygpgme package enables secure package verification, while yum-utils offers additional repository management capabilities.

Verify successful installation by checking package versions:

rpm -qa | grep -E "(pygpgme|yum-utils)"

This command lists installed packages, confirming that dependencies are properly installed and available for Varnish installation.

Adding Varnish Repository

Repository Configuration

Varnish requires a specific repository for CentOS Stream 10 installation. Create the repository configuration file:

cat > /etc/yum.repos.d/varnishcache_varnish60lts.repo << 'EOF'
[varnishcache_varnish60lts]
name=varnishcache_varnish60lts
baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/8/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOF

This configuration creates a repository entry for Varnish 6.0 LTS, which provides long-term support and stability. The repository includes GPG key verification for security and uses SSL for secure package downloads.

Repository Verification

Update the package cache and verify repository availability:

dnf makecache
dnf repolist | grep varnish

These commands refresh the package metadata and confirm that the Varnish repository is accessible. If the repository appears in the output, you can proceed with installation.

Installing Varnish Cache

Installation Process

Install Varnish Cache using the configured repository:

dnf install varnish -y

The installation process downloads Varnish and its dependencies, automatically resolving package requirements. Monitor the installation output for any errors or warnings that might indicate configuration issues.

Post-Installation Verification

Verify successful installation by checking the Varnish version:

varnishd -V

This command displays detailed version information, including compilation options and supported features. Additionally, check that Varnish service files are properly installed:

systemctl status varnish

The service should be installed but not yet running, as additional configuration is required before starting Varnish.

Configuring Varnish Service

Systemd Service Configuration

Varnish requires service configuration modifications to operate properly on CentOS Stream 10. Edit the systemd service file:

systemctl edit --full varnish

This command opens the complete service file for editing. Modify the ExecStart line to configure Varnish parameters:

ExecStart=/usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,2g -T 127.0.0.1:6082 -P /run/varnish.pid

Key configuration parameters include:

• -a :80: Configure Varnish to listen on port 80
• -f /etc/varnish/default.vcl: Specify the VCL configuration file
• -s malloc,2g: Allocate 2GB of memory for cache storage
• -T 127.0.0.1:6082: Enable management interface on localhost

Service Management

Enable and start the Varnish service:

systemctl daemon-reload
systemctl enable varnish
systemctl start varnish

These commands reload systemd configuration, enable automatic startup, and start the Varnish service. Verify service status:

systemctl status varnish

The service should show as active and running. Check for any error messages that might indicate configuration problems.

Backend Web Server Configuration

Apache Configuration

If using Apache as your backend web server, modify its configuration to listen on port 8080 instead of port 80. Edit the Apache configuration file:

vi /etc/httpd/conf/httpd.conf

Change the Listen directive from:

Listen 80

To:

Listen 8080

Additionally, update any VirtualHost directives to use port 8080. After making changes, restart Apache:

systemctl restart httpd

Nginx Configuration

For Nginx deployments, modify the server configuration to listen on port 8080:

vi /etc/nginx/nginx.conf

Update the server block to use port 8080:

server {
    listen 8080;
    server_name your-domain.com;
    # Additional configuration
}

Restart Nginx to apply changes:

systemctl restart nginx

Varnish Configuration Language (VCL)

Default VCL File

Varnish uses the Varnish Configuration Language (VCL) for defining caching behavior. The default configuration file is located at /etc/varnish/default.vcl. Review and modify this file to match your backend server configuration:

vi /etc/varnish/default.vcl

Basic VCL configuration includes backend server definition:

backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .connect_timeout = 60s;
    .first_byte_timeout = 60s;
    .between_bytes_timeout = 60s;
}

Custom VCL Configuration

Implement custom caching rules based on your application requirements. Common customizations include:

sub vcl_recv {
    # Remove cookies for static content
    if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico)$") {
        unset req.http.cookie;
    }
    
    # Pass through admin areas
    if (req.url ~ "^/admin") {
        return (pass);
    }
}

These rules optimize caching behavior for different content types and ensure administrative areas bypass the cache.

Testing and Verification

Basic Functionality Testing

Test Varnish functionality using curl commands:

curl -I http://localhost/

Examine the response headers for Varnish-specific information:

• X-Varnish: Indicates request processing by Varnish
• Age: Shows cache age in seconds
• X-Cache: Displays cache status (HIT or MISS)

Performance Testing

Conduct performance testing to validate caching effectiveness:

ab -n 1000 -c 10 http://localhost/

This Apache Bench command sends 1000 requests with 10 concurrent connections, providing performance metrics including requests per second and response times.

Monitoring and Maintenance

Log File Management

Varnish generates various log files for monitoring and troubleshooting. Access logs using varnishlog:

varnishlog -g request

This command displays real-time request logs, showing cache hits, misses, and backend interactions. Configure log rotation to prevent disk space issues:

vi /etc/logrotate.d/varnish

Performance Monitoring

Monitor Varnish performance using built-in tools:

varnishstat

This command provides real-time statistics including cache hit rates, backend connections, and memory usage. Key metrics to monitor include:

• Cache hit ratio
• Backend connection count
• Memory utilization
• Request processing times

Troubleshooting Common Issues

Installation Problems

Common installation issues include repository access problems and dependency conflicts. If repository access fails, verify network connectivity and DNS resolution:

nslookup packagecloud.io

Dependency conflicts may require manual resolution using dnf’s conflict resolution capabilities.

Configuration Issues

Port conflicts represent the most common configuration problem. Verify that no other services are using port 80:

netstat -tulpn | grep :80

Service startup failures often result from VCL syntax errors. Validate VCL configuration using:

varnishd -C -f /etc/varnish/default.vcl

This command checks VCL syntax without starting the service.

Security Considerations

Access Control

Implement proper access controls for Varnish administrative interfaces. The management interface should only be accessible from localhost or trusted networks. Configure firewall rules to restrict access:

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' port protocol='tcp' port='6082' accept"

Security Best Practices

Regular security updates are essential for maintaining system security. Configure automatic updates for security patches:

dnf install dnf-automatic
systemctl enable --now dnf-automatic.timer

Monitor logs for suspicious activity and implement proper backup procedures to ensure quick recovery from security incidents.

Performance Optimization

Memory Management

Optimize cache memory allocation based on available system resources and traffic patterns. Monitor memory usage using:

free -h
varnishstat -1 | grep -E "(cache_hit|cache_miss|n_lru_nuked)"

Adjust cache size if memory pressure or excessive cache evictions occur.

Advanced Configuration

Implement advanced optimizations including:

• Thread pool tuning for high-concurrency environments
• Connection management optimization
• Cache invalidation strategies for dynamic content
• CDN integration for global performance improvement

Congratulations! You have successfully installed Varnish cache. Thanks for using this tutorial for installing the Varnish HTTP Cache on your CentOS Stream 10 system. For additional help or useful information, we recommend you check the official Varnish website.