What is Varnish Cache?

This guide will walk you through installing and configuring Varnish Cache as a reverse proxy in front of NGINX or Apache on a Debian or Ubuntu-based server.
Varnish Cache runs perfectly on the latest Linux distributions, including Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Debian 12, providing long-term stability and compatibility with modern web stacks.

For the best performance, it is recommended to host Varnish on a VPS with fast NVMe storage and strong CPU performance.
Our AlphaVPS High-Performance VPS and Ryzen VPS plans are excellent choices for caching-heavy workloads. Both offer dedicated KVM virtualization, full root access, and high I/O performance, ensuring fast and stable delivery for content-heavy environments.

Prerequisites

Before you begin, make sure the following requirements are met:

• Operating System:
  This guide is written for Debian and Ubuntu-based systems. It has been tested on Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Debian 12.
  The commands below use apt, systemctl, and nano.
• Privileges:
  You will need root or sudo access on your VPS or server.
• Networking:
  Ensure that ports 80 and 8080 are available and not in use by other services.
• Software:
  • NGINX or Apache2
  • Varnish
  • Common Linux tools such as netstat, curl, and nano
• Server environment:
  For best results, use a VPS with fast NVMe storage and strong CPU performance.
  AlphaVPS High-Performance VPS or Ryzen VPS plans are ideal for hosting Varnish, offering dedicated KVM virtualization, full root access, and high I/O performance.

How does Varnish Cache work?

Varnish handles all requests coming in before they reach the backend of your web server. All web traffic flows through its cache, which refreshes every two minutes by default.

After caching the requests, they are stored in the memory and can easily be fetched and served to the customers. Varnish uses a language called VCL to describe configurations, cache logic, and other rules (Varnish Configuration Language).

This language can be used in different ways which are different from the previous one for each request made. For example, some requests might be routed to a specific backend or some actions might be ordered to Varnish depending on what the request is about or what results it provides.

One more wonderful feature of Varnish is backend polling, which is a kind of feature that prevents web servers from being completely offline because they are not accessible. If Varnish recognizes a failure, it will continue to serve cached content for a period called grace time. This time is also adjustable and likely adjustable for the backend polling.

Varnish Cache supports both NGINX and Apache. This guide will cover both types of configuration.
Now let's get that thing set.

Option 1: Installing NGINX

Before we start we need to have NGINX installed.
If you already have NGINX installed skip to the next part

Installing NGINX

• sudo apt update
• sudo apt install nginx -y

After the installation has been completed start and enable NGINX so that we won't need to start it every time after reboot.

• systemctl start nginx
• systemctl enable nginx

Configuring port

We won't be able to use port 80 for NGINX as this is where Varnish will be so we will change NGINX to the unconventional HTTP port 8080
To do that we will execute the following commands:

• nano /etc/nginx/sites-available/default

And here change the listen value to 8080
Then check for errors using

• nginx -t
• systemctl restart nginx

To verify that everything is working correctly use netstat to see if NGINX is operating on port 8080

• netstat -plntu

Option 1.1: Installing Varnish Cache with NGINX

Install varnish:

• sudo apt install varnish -y

Now start and enable it like we did with NGINX

• systemctl start varnish
• systemctl enable varnish

By default, varnish uses ports6082 for the admin web interface and 6081 for public access
To verify run the netstat command

• netstat -plntu

Option 1.2: Configure Varnish as a reverse proxy for NGINX

Varnish will be the reverse proxy for NGINX as we stated earlier so the NGINX web server will be operating on HTTP port 8080 while Varnish runs on HTTP port 80
To do that we have to edit the default.vcl file and make sure that the host is 127.0.0.1 and port is 8080

• nano /etc/varnish/default.vcl

The code should resemble this

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

Now navigate and edit the default varnish file

• nano /etc/default/varnish

Make sure the default port is 6081 and the HTTP port is 80

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Now we have to make sure that this settings are properly set in the service file too

• cd /lib/systemd/system
• nano varnish.service

or you can do

• systemctl edit varnish

Make sure that the ExecStart command has the proper ports set in it. Find the line that begins with -a and change the port to 80.
Next, restart the configuration of the system and restart varnish

• systemctl daemon-reload
• systemctl restart varnish

Check again if everything is set up correctly using the netstat command

• netstat -plntu

With this, the varnish configuration as a reverse proxy for NGINX has been completed.

Option 2: Installing Apache2

Before we start we need to have Apache installed.
If you already have Apache installed skip to the next part

Installing Apache2

First update and upgrade the package database:

• apt update && apt upgrade

Install apache2:

• apt-get install apache2

Configure and start apache2

Change the default listening port from 80 to 8080:

• nano /etc/apache2/ports.conf

Find the following line and change from 80 to 8080:

• Listen 8080

We need to do the same for our default website:

• nano /etc/apache2/sites-available/000-default.conf

Find the following line and change from 80 to 8080:

• <VirtualHost *:8080>

Now we can enable and start apache:

• systemctl enable apache2
• systemctl start apache2

You can check if apache is running on the correct port by running the command:

• sudo ss -tuln | grep :8080

You should get a line this

tcp   LISTEN 0      511                *:8080            *:*

Option 2.1Installing Varnish Cache with Apache

Install varnish:

• apt-get install varnish

Option2.2Configure Varnish as a reverse proxy for Apache

Check if the configuration file is configured correctly:

• nano /etc/varnish/default.vcl

Specify the port on which apache is running. The config should look like this:

backend default {
    .host = "127.0.01";
    .port = "8080";
}

Now navigate and edit the default varnish file

• nano /etc/default/varnish

Make sure the default port is 6081 and the HTTP port is 80

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Now you need to set port 80 as the target listening port in the varnish config:

• nano /etc/systemd/system/multi-user.target.wants/varnish.service

Find the section that starts with ExecStart=/usr/sbin/varnishd and on the line that starts with -a change the port to 80

The config will look something like this

ExecStart=/usr/sbin/varnishd \
          -j unix,user=vcache \
          -F \
          -a :80 \
          -T localhost:6082 \
          -f /etc/varnish/default.vcl \
          -S /etc/varnish/secret \
          -s malloc,256m

Reload the system configuration:

• sudo systemctl daemon-reload

Enable and start varnish:

• systemctl enable varnish && systemctl start varnish

To check if the configuration is successful you can curl the site and check for a X-Varnish header in the response

• curl -I http://localhost

HTTP/1.1 200 OK
Date: Thu, 14 Nov 2024 15:02:58 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 14 Nov 2024 14:19:33 GMT
Vary: Accept-Encoding
Content-Type: text/html
X-Varnish: 32773 <---------------------
Age: 0
Via: 1.1 varnish (Varnish/6.6)
ETag: W/"29af-626e023a94fb1-gzip"
Accept-Ranges: bytes
Content-Length: 10671
Connection: keep-alive