Installing Varnish on Alma Linux and Rocky Linux

Tags: alma (1) rocky (1) ops (29)

The recommended way to install Varnish on Alma Linux or Rocky Linux is by using the official packages. These packages are hosted on Packagecloud and are also available for other Linux distributions.

1. Choosing the right Varnish version

We recommend that you install Varnish Cache 6.0 LTS, which is the stable and supported version of Varnish. It is maintained by Varnish Software and receives frequent updates.

The Varnish Cache community does two releases per year, which are considered fresh releases. These releases are primarily featured-based and do not guarantee backward compatibility. Bugs are also fixed in these releases.

2. Register the package repository

Before we can install Varnish, we need to register the right package repository, otherwise the package manager will install its own version of Varnish.

Run the following commands to register the official Varnish Cache 6.0 LTS repository:

. /etc/os-release
sudo tee /etc/yum.repos.d/varnishcache_varnish60lts.repo > /dev/null <<-EOF
[varnishcache_varnish60lts]
name=varnishcache_varnish60lts
baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/${VERSION_ID%%.*}/$(arch)
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
priority=1
EOF

3. Install Varnish

After registering the repository, you can install Varnish by running the following command:

sudo dnf install varnish

This command will install the latest version of Varnish Cache 6.0 LTS.

4. Configure Varnish

After installing Varnish, you will need to configure some varnishd runtime parameters.

Systemd configuration

The varnishd process is managed by Systemd and has its unit file in /usr/lib/systemd/system/varnish.service. You can see this in the example below:

[Unit]
Description=Varnish Cache, a high-performance HTTP accelerator
After=network-online.target nss-lookup.target

[Service]
Type=forking
KillMode=process

# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072

# Locked shared memory - should suffice to lock the shared memory log
# (varnishd -l argument)
# Default log size is 80MB vsl + 1M vsm + header -> 82MB
# unit is bytes
LimitMEMLOCK=85983232

# Enable this to avoid "fork failed" on reload
TasksMax=infinity

# Maximum size of the corefile.
LimitCORE=infinity

ExecStart=/usr/sbin/varnishd \
	  -a :6081 \
	  -a localhost:8443,PROXY \
	  -p feature=+http2 \
	  -f /etc/varnish/default.vcl \
	  -s malloc,256m
ExecReload=/usr/sbin/varnishreload

[Install]
WantedBy=multi-user.target

Run the following command to ensure the Varnish Systemd service is automatically started after a reboot:

sudo systemctl enable varnish

If you want to override some of the runtime parameters in the varnish.service file, you can run the following command:

sudo systemctl edit --full varnish

An editor will open in which you can edit the unit file. The content in the file comes from /usr/lib/systemd/system/varnish.service.

After performing the changes, make sure you save the file and exit the editor. As a result the /etc/systemd/system/varnish.service file will be created containing the modified unit file.

Modifying the listening port and cache size

The varnish.service unit file above shows that the default Varnish runtime configuration is very conservative: the standard listening port is set to 6081 to avoid any clashes with other systems that might use port 80.

However, we will change the listening port to 80 because Varnish will sit in front of the web server and accept incoming HTTP connections. We’ll also increase the size of the cache to two gigabytes.

After having applied the configuration changes, the ExecStart statement now looks like this:

ExecStart=/usr/sbin/varnishd \
	  -a :80 \
	  -a localhost:8443,PROXY \
	  -p feature=+http2 \
	  -f /etc/varnish/default.vcl \
	  -s malloc,2g

5. Configure the web server to work with Varnish

Now that Varnish is configured to listen on port 80, your web server needs to be reconfigured on an alternative port. The most common alternative port for HTTP is port 8080.

Apache

If you’re using Apache, hou have replace the listen port value in /etc/httpd/conf/httpd.conf from Listen 80 to Listen 8080. You also need to replace <VirtualHost *:80> with <VirtualHost *:8080> in all virtual host files.

The following command will take care of that for all .conf files in the /etc/httpd folder, including its subfolders:

sudo find /etc/httpd -name '*.conf' -exec sed -r -i 's/\bListen 80\b/Listen 8080/g; s/<VirtualHost ([^:]+):80>/<VirtualHost \1:8080>/g' {} ';'

Nginx

If you’re using Nginx, change the listen port values using the following command:

sudo find /etc/nginx -name '*.conf' -exec sed -r -i 's/\blisten ([^:]+:)?80\b([^;]*);/listen \18080\2;/g' {} ';'

This command will replace listen 80; with listen 8080; in all .conf files in the /etc/nginx/ folder and all of its subfolders.

6. VCL backend configuration

The change of the origin web server port to 8080 has to be reflected in the backend definition of your VCL file.

The default VCL file that comes with Varnish already has a default backend definition that points to 127.0.0.1 on port 8080. It is located in /etc/varnish/default.vcl on your system and contains the following backend definition:

backend default { .host = "127.0.0.1"; .port = "8080"; }

7. Restart the services

We have made some changes to various configuration files. For these changes to take effect, we need to restart Varnish and your web server.

Apache

Run the following command if your web server is running Apache:

sudo systemctl restart httpd varnish

Nginx

Run the following command if you’re using Nginx instead of Apache:

sudo systemctl restart nginx varnish