Setup Varnish Cache on Ubuntu in Azure/AWS/GCP

Setup and install Varnish cache server on Ubuntu 24.04 in the cloud on Azure, AWS or Google GCP.  Use the public image from any of the cloud marketplaces to quickly deploy Varnish cache.  Varnish Cache is an open-source HTTP accelerator designed to enhance the speed and performance of web servers by caching static and dynamic content. It sits between clients and backend servers, caching frequently accessed data and delivering it to users with lightning speed. 

Cloud Varnish Cache

Varnish Cache Azure

varnish cache azure

Deploy Varnish Cache on Ubuntu 24.04 in Azure

Varnish Cache AWS

Coming soon…

Varnish Cache GCP

Coming soon…

Getting Started with Varnish Cache

Once your Varnish cache server has been deployed, the following links explain how to connect to a Linux VM:

 

 

Once connected and logged in, the following section explains how to start using Varnish cache server.

Confirm Varnish Installation

To confirm that Varnish is installed and running correctly, you can check the service status:

				
					sudo systemctl status varnish

				
			

You should see output showing that Varnish is active (running). You can also confirm the version:

				
					varnishd -V

				
			

Default Varnish Configuration

Varnish’s default configuration file is located at /etc/varnish/default.vcl. This file defines how Varnish behaves and how it interacts with the backend server.

 

  1. Open the Varnish configuration file:
				
					sudo nano /etc/varnish/default.vcl

				
			

2. In this file, you will configure how Varnish interacts with your backend web server. For example, if your backend web server (Apache or Nginx) is running on port 8080, modify the backend configuration like this:

				
					vcl 4.0;

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

				
			
  • backend default: Defines where Varnish forwards requests. In this case, it’s 127.0.0.1 (localhost) on port 8080.

 

3. Save the file and exit by pressing CTRL+X, then Y, and Enter.

Update Varnish Listening Port (Optional)

By default, Varnish listens on port 6081 (HTTP). If you want to replace your web server and have Varnish listen on port 80 (the standard HTTP port), you can modify the systemd configuration.

 

  1. Edit the Varnish service configuration file:
				
					sudo nano /lib/systemd/system/varnish.service

				
			

2. Find the line that starts with ExecStart and change the port from 6081 to 80 (or another port if needed):

				
					ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -s malloc,256m

				
			
  • -a :80: Tells Varnish to listen on port 80.
  • -s malloc,256m: Defines the amount of memory Varnish will use for caching (256MB in this example).

 

3. Save and close the file, then reload the systemd configuration:

				
					sudo systemctl daemon-reload

				
			

4. Restart Varnish to apply the changes:

				
					sudo systemctl restart varnish

				
			

Configure Your Web Server

Make sure your backend web server (Apache, Nginx, etc.) is configured to listen on a port that Varnish will forward traffic to (like port 8080). Here’s how you can modify Nginx or Apache to listen on port 8080:

For Nginx

  1. Edit your Nginx configuration:
				
					sudo nano /etc/nginx/sites-available/default

				
			

2. Change the listen directive to port 8080:

				
					server {
    listen 8080 default_server;
    listen [::]:8080 default_server;

    # Your other settings...
}

				
			

3. Save and restart Nginx:

				
					sudo systemctl restart nginx

				
			

For Apache

  1. Edit the Apache ports configuration:
				
					sudo nano /etc/apache2/ports.conf

				
			

2. Change the listening port:

				
					Listen 8080

				
			

3. Save and restart Apache:

				
					sudo systemctl restart apache2

				
			

Test Varnish

Now that Varnish is configured, you can test it by visiting your server’s IP or domain name in a web browser. Varnish will cache the responses from the backend web server.

 

  1. Access your website using the server’s IP or domain name:
				
					http://your-server-ip-or-domain

				
			
  • Varnish should now be handling requests and caching content.
  • Check Varnish Statistics: You can monitor Varnish’s performance and cache usage by running:
				
					varnishstat

				
			

This command provides real-time statistics about Varnish, including hit rates, cache usage, and more.

Purging the Vanish Cache

If you need to purge specific cached content from Varnish, you can configure a purge rule in the default.vcl file.

 

  1. Open the default.vcl file:
				
					sudo nano /etc/varnish/default.vcl

				
			

2. Add a rule to allow purging:

				
					acl purge {
    "localhost";
    "192.168.0.0"/24;  # Allow your local network to purge
}

sub vcl_recv {
    if (req.method == "PURGE") {
        if (!client.ip ~ purge) {
            return(synth(403, "Not allowed."));
        }
        return (purge);
    }
}

				
			
  • This allows purging from the localhost or any IP specified in the acl section.

 

3. Save the file and restart Varnish:

				
					sudo systemctl restart varnish

				
			

4. You can now purge specific cached pages by sending a PURGE request. For example, to purge the home page:

				
					curl -X PURGE http://your-server-ip/

				
			

Logs and Debugging

To monitor Varnish’s logs, you can use the varnishlog command, which provides detailed logs about each request:

				
					varnishlog

				
			

This will display all HTTP requests handled by Varnish, making it easier to debug issues or analyze traffic.

 

For a more compact summary of requests and their cache status, use varnishncsa:

				
					varnishncsa

				
			

This will provide access logs in a format similar to Apache’s combined log format.

Tuning Vanish Cache Size

By default, Varnish allocates 256MB for caching content. You can increase or decrease this depending on your system’s available memory.

 

  1. Edit the Varnish service file to adjust the cache size:
				
					sudo nano /lib/systemd/system/varnish.service

				
			

2. Modify the memory allocation in the ExecStart line. For example, to allocate 1GB:

				
					ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -s malloc,1g

				
			

3. Save the file, reload systemd, and restart Varnish:

				
					sudo systemctl daemon-reload
sudo systemctl restart varnish

				
			

Documentation / Support

For further documentation and tutorials refer to the official documentation:

 

https://varnish-cache.org/docs/index.html

 

If you’re having issues with deploying this server please contact us for support.

 

For other issues, refer to the Github issues repository:

 

https://github.com/varnishcache/varnish-cache/issues

Firewall Ports

By default, Varnish Cache uses the following ports:

 

1. Port 6081 (HTTP)

  • Purpose: This is the default port where Varnish listens for incoming HTTP requests.
  • Usage: Varnish acts as a reverse proxy on this port, receiving HTTP requests from clients and forwarding them to the backend web server.

 

2. Port 6082 (Admin/Management Port)

  • Purpose: This port is used for the Varnish administration interface (varnishadm), which allows you to manage Varnish, clear caches, reload configurations, and more.
  • Usage: Access to this port is typically restricted to localhost by default for security reasons.

 

Custom Ports:

Varnish ports can be changed depending on your requirements. For instance, you might want Varnish to listen on port 80 (HTTP) or port 443 (HTTPS) if you’re using it to serve traffic directly without needing another reverse proxy in front of it (although Varnish doesn’t handle SSL termination directly).

 

The links below explain how to modify / create firewall rules depending on which cloud platform you are using.

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

Disclaimer: Varnish® is a registered trademark of Varnish Software ABC and is licensed under 2-clause BSD License. The license comes with a “no warranty” clause, meaning the software is provided “as-is” without any guarantees or liability for issues that may arise.

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x