Installing Varnish on Debian
The recommended way to install Varnish on Debian is by using the official packages. These packages are hosted on Packagecloud and are also available for other Linux distributions.
1. Choosing the right Varnish version
We recommend that you install Varnish Cache 6.0 LTS, which is the stable and supported version of Varnish. It is maintained by Varnish Software and receives frequent updates.
The Varnish Cache community does two releases per year, which are considered fresh releases. These releases are primarily featured-based and do not guarantee backward compatibility. Bugs are also fixed in these releases.
2. Register the package repository
Before we can install Varnish, we need to register the right package repository, otherwise Debian will install its own version of Varnish.
Run the following commands to register the official Varnish Cache 6.0 LTS repository:
sudo apt-get update
This command updates the package list to get information on the latest available packages. This is required to successfully run the following command:
sudo apt-get install debian-archive-keyring curl gnupg apt-transport-https
This command will install the dependencies that are needed to configure the package repository.
The next command will import the GPG key into the package manager configuration:
curl -s -L https://packagecloud.io/varnishcache/varnish60lts/gpgkey | sudo apt-key add -
Now that the dependencies are in place, we can register the package repository:
. /etc/os-release
sudo tee /etc/apt/sources.list.d/varnishcache_varnish60lts.list > /dev/null <<-EOF
deb https://packagecloud.io/varnishcache/varnish60lts/$ID/ $VERSION_CODENAME main
EOF
sudo tee /etc/apt/preferences.d/varnishcache > /dev/null <<-EOF
Package: varnish varnish-*
Pin: release o=packagecloud.io/varnishcache/*
Pin-Priority: 1000
EOF
And finally, we have to update the package list once again. This will ensure the Packagecloud repository is included:
sudo apt-get update
3. Install Varnish
Now that the repositories are registered and the right repository preferences are configured, you can install Varnish by running the following command:
sudo apt-get install varnish
This command will install the latest version of Varnish Cache 6.0 LTS, thanks to package pinning.
4. Configure Varnish
After installing Varnish, you will need to configure some varnishd runtime parameters.
Systemd configuration.
The varnishd process is managed by systemd and has its unit file in /lib/systemd/system/varnish.service. You can see this in the example below:
[Unit]
Description=Varnish Cache, a high-performance HTTP accelerator
After=network-online.target nss-lookup.target
[Service]
Type=forking
KillMode=process
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory - should suffice to lock the shared memory log
# (varnishd -l argument)
# Default log size is 80MB vsl + 1M vsm + header -> 82MB
# unit is bytes
LimitMEMLOCK=85983232
# Enable this to avoid "fork failed" on reload.
TasksMax=infinity
# Maximum size of the corefile.
LimitCORE=infinity
ExecStart=/usr/sbin/varnishd \
-a :6081 \
-a localhost:8443,PROXY \
-p feature=+http2 \
-f /etc/varnish/default.vcl \
-s malloc,256m
ExecReload=/usr/sbin/varnishreload
[Install]
WantedBy=multi-user.target
If you want to override some of the runtime parameters in the varnish.service file, you can run the following command:
sudo systemctl edit --full varnish
An editor will open in which you can edit the unit file. The content in the file comes from /lib/systemd/system/varnish.service.
After peforming the changes, make sure you save the file and exit the editor. As a result the /etc/systemd/system/varnish.service file will be created containing the modified unit file.
It is also possible to directly write the changes to /etc/systemd/system/varnish.service.
First you need to copy the original varnish.service file to the /etc/systemd/system/ folder:
sudo cp /lib/systemd/system/varnish.service /etc/systemd/system/
After modifying /etc/systemd/system/varnish.service, you have ro reload the Systemd daemon by running the following command:
sudo systemctl daemon-reload
Modifying the listening port and cache size
The varnish.service unit file above shows that the default Varnish runtime configuration is very conservative: the standard listening port is set to 6081 to avoid any clashes with other systems that might use port 80.
However, we will change the listening port to 80 because Varnish will sit in front of the web server and accept incoming HTTP connections. We’ll also increase the size of the cache to two gigabytes.
After having applied the configuration changes, the ExecStart statement now looks like this:
ExecStart=/usr/sbin/varnishd \
-a :80 \
-a localhost:8443,PROXY \
-p feature=+http2 \
-f /etc/varnish/default.vcl \
-s malloc,2g
sudo systemctl daemon-reload when manually changing the unit file.5. Configure the web server to work with Varnish
Now that Varnish is configured to listen on port 80 on your Debian system, your web server needs to be reconfigured on an alternative port. The most common alternative port for HTTP is port 8080.
Apache
If you’re using Apache, change the listen port values in /etc/apache2/ports.conf from Listen 80 to Listen 8080 and replace <VirtualHost *:80> with <VirtualHost *:8080> in all virtual host files.
The following command will handle this:
sudo find /etc/apache2 -name '*.conf' -exec sed -r -i 's/\bListen 80\b/Listen 8080/g; s/<VirtualHost ([^:]+):80>/<VirtualHost \1:8080>/g' {} ';'
Nginx
If you’re using Nginx, it’s simply a matter of modifying the listening port in the various virtual host configurations.
The following command will replace listen 80; with listen 8080; in all virtual host files:
sudo find /etc/nginx -name '*.conf' -exec sed -r -i 's/\blisten ([^:]+:)?80\b([^;]*);/listen \18080\2;/g' {} ';'
This command will replace listen 80; with listen 8080; in all .conf files in the /etc/nginx/ folder and all of its subfolders.
6. VCL backend configuration
The change of the origin web server port to 8080 has to be reflected in the backend definition of your VCL file.
The standard VCL file that comes with Varnish already has a default backend definition that points to 127.0.0.1 on port 8080.
The default VCL file is located in /etc/varnish/default.vcl on your system and contains the following backend definition:
vcl 4.1;
backend default {
.host = "127.0.0.1";
.port = "8080";
}
7. Restart the services
We have made some changes to various configuration files. For these changes to take effect, we need to restart Varnish and your web server.
Apache
Run the following command if your web server is running Apache:
sudo systemctl restart apache2 varnish
Nginx
Run the following command if you’re using Nginx instead of Apache:
sudo systemctl restart nginx varnish