Configure varnish cache in front of any website

You need to get a dedicated server, VPS or a droplet on the digital ocean to setup varnish server.

Now i would be explaining the life cycle of each request.

The request will come on 443 which would be nginx in our case or 80 which would be varnish server.

Port 443 nginx will forward the request to varnish server on port 80, if the cache is available it will send back request to 443 otherwise follow the below step.

varnish will then send a request to apache server which is on port 8888.

 

Once you get the server login the panel via putty.

Change Password

Check for new updates

Update your server

Install commonly used programs

Install the EPEL repository

Change the security settings

change the line below

to this line

Restart the server for the changes to take effect

Stop the firewall

Install Nginx

Take backup of original Nginx config file

Place the new config changes

 

 

Generate DH parameters, 2048 bit long safe prime.

 

If you already have a certificate on the previous server, create SSL directory

If you have an existing certificate, Copy ca.cert file

If you have an existing certificate, Copy priv.key file

Install certbot which is used by LetsEncrypt.

Create a new SSL certificate from below commands or ignore if you have copied the certificate.

OPTION 1:

OPTION 2:

OPRION3:

Create Les Encrypt certifacte manully. you would have to upload a file to verify the domain on “/.well-known/acme-challenge”

 

Create folder /etc/nginx/sites-enabled

Create vhost for proxy with name “domain.conf”

 

create folder /etc/nginx/snippets

create file inside /etc/nginx/snippets/ssl-params.conf

 

Restart the nginx server

 

Renew LetsEncrypt certificate

You can also place this command in cronjobs.

 

Now install varnish

Place this code inside this file

 

 

Edit file /etc/varnish/varnish.params and make changes below

Replace the configuration in /etc/varnish/default.vcl

 

Now you need to specify your main server ip.

Example line

 

Edit ports in /etc/httpd/conf/httpd.conf and all vhosts to a port different from 80

 

Make sure you add the new port in /etc/varnish/default.vcl in the backend definition.

to

 

You can change varnish cache from RAM to disk
find the line below

Replace it with this line

change 1G to space you want to allocate

create a new file in /etc/varnish/certbot.vcl

 

restart varnish

 

Notes for Varnish: If you add a new domain, do the following:
Find the following block, replicate and insert below existing