This guide explains how to install Varnish Cache 6.0 with Apache on CentOS 7. Varnish Cache is an open-source caching HTTP reverse proxy that can help improve a web server's performance. This tutorial uses CentOS 7 without SELinux. If you need to disable SELinux, see our article "How to Disable SELinux on CentOS".
Prerequisites
A fully-updated CentOS 7 x64 server instance.
1. Configure Firewall
If you use FirewallD, modify the firewall rules to allow inbound traffic on port 80. If you are unsure of your firewall configuration, see our articles about FirewallD and troubleshooting server connections. These commands assume you have a freshly-deployed Rcs CentOS 7 instance:
$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --reload
2. Install Apache
Install Apache HTTP server.
$ sudo yum install -y httpd
Set Apache port to 8080. Edit httpd.conf with nano.
$ sudo nano /etc/httpd/conf/httpd.conf
Change the line "Listen 80" to "Listen 8080", then save and close the file. The line should like like this when finished.
Listen 8080
Start the Apache service.
$ sudo systemctl start httpd.service
$ sudo systemctl enable httpd.service
3. Test Apache configuration
Create a test file.
$ sudo touch /var/www/html/test.html
Use curl to test the server at port 8080. This verifies Apache is configured correctly.
$ curl -I http://localhost:8080/test.html
HTTP/1.1 200 OK
Date: Fri, 10 Jul 2020 13:10:04 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Fri, 10 Jul 2020 13:09:56 GMT
ETag: "0-5aa160eb192a8"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
4. Install Varnish
Add the EPEL repository.
$ sudo yum install -y epel-release
Install the dependency packages.
$ sudo yum install -y pygpgme yum-utils
Add the Varnish Cache repository. Edit /etc/yum.repos.d/varnish60lts.repo
$ sudo nano /etc/yum.repos.d/varnish60lts.repo
Paste the following, then save and close the file.
[varnish60lts]
name=varnishcache_varnish60lts
baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/7/x86_64
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Update the yum cache for the Varnish repo.
$ sudo yum -q makecache -y --disablerepo='*' --enablerepo='varnish60lts'
Install Varnish.
$ sudo yum install -y varnish
Verify Varnish is installed and the correct version.
$ sudo varnishd -V
varnishd (varnish-6.0.6 revision 29a1a8243dbef3d973aec28dc90403188c1dc8e7)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2019 Varnish Software AS
Enable Varnish at system boot.
$ sudo systemctl enable --now varnish
Configure Varnish to listen at port 80, from the default of 6081. Edit varnish.service with nano.
$ sudo nano /usr/lib/systemd/system/varnish.service
Change the line beginning with ExecStart from port 6081 to port 80, then save and close the file. The line should like like this when finished.
ExecStart=/usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m
Restart the Varnish service.
$ sudo systemctl daemon-reload
$ sudo systemctl restart varnish
5. Test the Installation
Use curl to test from the server console.
$ curl -I http://localhost/test.html
The output should resemble this. The X-Varnish: 2 and Via: 1.1 varnish (Varnish/6.0) headers appear when Varnish Cache is running.
HTTP/1.1 200 OK
Date: Thu, 09 Jul 2020 18:46:00 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 09 Jul 2020 18:45:53 GMT
ETag: "0-5aa06a2507662"
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Varnish: 2
Age: 0
Via: 1.1 varnish (Varnish/6.0)
Accept-Ranges: bytes
Connection: keep-alive
Test from your local workstation, substitute your instance's IP address. Verify the Varnish headers appear.
Linux:
$ curl -I http://192.0.2.123/test.html
Windows PowerShell:
PS> curl -Uri http://192.0.2.123/test.html
Troubleshooting
Check ports
Use the ss utility to verify which processes are listening on which ports.
# ss -lnpt | grep 80
LISTEN 0 128 *:80 *:* users:(("cache-main",pid=2253,fd=3),("varnishd",pid=2243,fd=3))
LISTEN 0 128 [::]:80 [::]:* users:(("cache-main",pid=2253,fd=5),("varnishd",pid=2243,fd=5))
LISTEN 0 128 [::]:8080 [::]:* users:(("httpd",pid=1373,fd=4),("httpd",pid=1372,fd=4),("httpd",pid=1371,fd=4),("httpd",pid=1370,fd=4),("httpd",pid=1369,fd=4),("httpd",pid=1368,fd=4))
Make sure varnishd is listening on port 80 and httpd is on port 8080 as shown.
Test with curl
$ curl -I http://localhost/test.html
HTTP/1.1 503 Backend fetch failed
Date: Fri, 10 Jul 2020 14:01:13 GMT
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
X-Varnish: 2
Age: 0
Via: 1.1 varnish (Varnish/6.0)
Content-Length: 278
Connection: keep-alive
If curl returns "HTTP/1.1 503 Backend fetch failed" as shown above, check the /etc/varnish/default.vcl file.
$ nano /etc/varnish/default.vcl
Make sure the backend default section points to Apache at port 8080.
backend default {
.host = "127.0.0.1";
.port = "8080";
}
Firewall
Verify your firewall settings. See Step 1 for more information about firewall configuration.