Setup & config options
Apache 2.4+ LAMP server
The game & not the islands
Setup & config options
North Atlantic : Macaronésia
Nine Azorean islands🚫 No ads & tracking
Most of the articles, descriptions and instructions written here are applicable to the most common Debian-based Linux derivatives. Depending on the respective operating system, there may be minor or major discrepancies.
This website is for educational purposes only. Please do not deploy anything in manufacturing plants.
No warranty or compensation is given for loss of data or hardware.
It should be also mentioned that this modest web server is hosted on a Raspberry Pi type 4B at home.
Raspberry Pi is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. The mini-computer with its armv7l processor has quickly become the favourite of hobbyists. Projects can be started with suitable Linux distributions. Even an aged RasPi e.g. the models 2B and 2B+ can definitely serve to simple tasks quite well.
This article is only suitable for people who want to get to know about the Varnish caching system. In reality, the caching system can be ignored because »buff/cache« - to observe by the terminal command top -i
- performs the same feature on a Linux web server driven by Apache.
root@raspberry:# LINES=10 top -i -d 60 -w
Varnish cache improves the performance of your existing http server. Sometimes it is called »http reverse proxy«, which reduces the time it takes to serve contents to the clients. In most cases with a Raspberry Pi, Varnish works well with its defaults. I assume that you already have a Apache http server that is listening on http port 80 on your - even dynamic - private IP address.
Also another major benefit : by accessing your Varnish cache the lifetime of your SDcard gets extended.
The major contraint : but caching won't help much with content that is always changed and/or made anew for each reload. Instead of strain the Raspberry Pi with database(s) and PHP, I'd highly recommend that if its possible to consider using the flexible static site framework known as HTML plus CSS only.
One barrier of »Varnish Cache« is that it is designed to accelerate HTTP, NOT the secure HTTPS protocol. The »Varnish Cache Plus« addon does SSL/TLS frontend support.
https://docs.varnish-software.com/varnish-cache-plus/features/client-ssl/
Raspberry Pi as host ➔ Apache http web server ➔ Varnish cache ➔ Outside world
Apache http web server (backend server) ➔ Varnish cache (frontend server)
For OS Raspbian Debian & varnishd (varnish-4.0.2 revision bfe7cd1)
Should be functioning among each Linux Debian derivate.
Some derivates show up with behaviours in a different way.
Update »apt-get« and install Varnish by the following commands
root@raspberry:# apt-get update
root@raspberry:# apt-get install varnish
root@raspberry:# varnishd -V
varnishd (varnish-4.0.2 revision bfe7cd1) Copyright (c) 2006 Verdens Gang AS Copyright (c) 2006-2014 Varnish Software AS
Varnish Configuration Language VLC
## Alternative 2, Configuration with VCL
root@raspberry:# nano /etc/default/varnish
## Alternative 2, Configuration with VCL # # Listen on port 6081, administration on localhost:6082, and forward to # one content server selected by the vcl file, based on the request. # DAEMON_OPTS="-a :6081 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m"
root@raspberry:# nano /etc/varnish/default.vcl
❗ Change default port 8080 to 80 since modern Apache web servers mostly listen on port 80.
# Default backend definition. Set this to point to your content server.
Example for internal network address 192.168.0.24
Command »ifconfig« via PuTTy terminal to obtain your actual »inet addr:192.168.xxx.xx«.
backend default { .host = "192.168.0.24"; .port = "80"; }
Usage parameters are : service varnish [start | stop | restart | reload | force-reload | status | configtest]
Perform »configtest«, enable service Varnish with startup, check the service status.
root@raspberry:# service varnish configtest
root@raspberry:# systemctl enable varnish
root@raspberry:# service varnish status
Possibly restart the Raspberry Pi.
root@raspberry:# shutdown -r now
❗ It might be essential to let port 6081 pass through the Raspberry firewall (e.g. the »ufw« firewall).
Port forwarding & redirecting (settings in modem/switch/router) : it's a must to redirect Apache's port 80/tcp towards Varnish's port 6081/tcp.
Active | Name | Protocol | on Port | on Computer | to Port
Image taken from my internet router.
Negative side effects : since not accessing the Apache module directly from the outside, logging is suppressed to /var/log/apache2/access.log
.
That is bad if you deploy locally an analyzer program like the »Webalizer« for website usage reports.
[SOLVED] Let us wait until I found a proper workaround somewhere.
The »varnishncsa« utility reads »varnishd« shared memory logs and presents them in the Apache / NCSA »combined« log format.
Start »varnishncsa« as a service with startup. »varnishncsa« uses its own logfile /var/log/varnish/varnishncsa.log
.
root@raspberry:# systemctl enable varnishncsa
In most cases probably »varnishncsa« won't start as service at boot. Troubleshooting : set a delay (45 seconds) with »rc.local«.
root@raspberry:# nano /etc/rc.local
#!/bin/sh -e # # rc.local # sleep 45s && exec systemctl start varnishncsa # exit 0
Save Crtl O and exit Crtl X.
25-Sep 2019
Updated 03-Oct 2019
At first of all open the web browser and use the local IP-address of your Raspberry Pi e.g. 192.168.0.24:6081 and your IP:6081 - in both cases the claimed index-file to your website must appear.
The number associated to »cached Mem« means the amount of physical memory PiRAM that is being used by cache buffers for your file system. Nothing to do with your Varnish cache. It is just misleading.
At present it has no way to smaller the »malloc,256m« 256 MB PiRAM cache provided by Varnish. It is just fixed as default value.
root@raspberry:# top
KiB Mem: 1000216 total, 304628 used, 695588 free, 17180 buffers KiB Swap: 0 total, 0 used, 0 free. 179556 cached Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND ... 898 nobody 20 0 285752 86896 84580 S 0.3 8.7 0:06.03 varnishd 911 varnish+ 20 0 86272 732 84368 S 0.3 0.1 0:05.51 varnishncsa ...
Quit Crtl C
Check the service status »Active: active (running)«
root@raspberry:# service varnish status
● varnish.service - Varnish http accelerator Loaded: loaded (/lib/systemd/system/varnish. ... Active: active (running) since Sat 2018-03-1 ... Process: 925 ExecStart=/usr/sbin/varnishd -a ... malloc,256m (code=exited, status=0/SUCCESS) Process: 374 ExecStartPre=/usr/sbin/varnishd ... ...
The terminal command »netstat -tulnp« shows some process if used, not used (closed port) if there is no output.
root@raspberry:# netstat -tulnp
Look for »varnishd« »PID/Program name«
Active Internet transfers (only servers) ...
And by the Varnish access tool »varnishstat«.
root@raspberry:# service varnishncsa start
root@raspberry:# varnishstat
Quit Crtl C
Varnish allows us to use several tools to evaluate & monitor the server by means of statistics.
varnishstat ← it shows many contents on cache hits, resource consumption, etc varnishhist ← a histogram that shows the time taken for the requests processing (only if for logging »varnishncsa« is actived)
Quit Crtl C
»varnishstat« : click on image to enlarge in new window.
Not enough convinced yet ? Then follow the next chapter.
HTTPie is a command line utility for creating HTTP queries and downloading files. So it covers the same area of use as »cURL« and in parts »wget«, whereby the developers of HTTPie have set themselves the goal of being more user-friendly than the two mentioned programs.
root@raspberry:# apt install httpie
root@raspberry:# http -v dosboot.org/robots.txt
GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Host: dosboot.org User-Agent: HTTPie/0.9.8 HTTP/1.1 200 OK Accept-Ranges: bytes Age: 0 Connection: keep-alive Content-Encoding: gzip Content-Language: en Content-Type: text/plain; charset=UTF-8 Date: Thu, 03 Oct 2019 20:18:13 GMT ETag: "1a9-5938d8c255a34-gzip" Last-Modified: Fri, 27 Sep 2019 19:03:54 GMT Server: Apache Transfer-Encoding: chunked Vary: Accept-Encoding Via: 1.1 varnish-v4 X-Varnish: 131184
Server: Apache | Via: 1.1 varnish-v4 | X-Varnish: 131184
You can see ... IT WORKS !
So folks, that is my experience with »varnish« so far. Afterwards I deactivated the caching proxy again.
One of the main reason was that I was unable to use personalized anti-spam-filters through SetEnvIf
& dontlog
as like to make with apache2.conf
possible.
05-Oct 2019