Home
Non-daily weblog
Exchange | Board
Files for download
Workshop tutorials
W3 | Directory & Wiki
Artwork : AI createdSetup & config options
Suitable power supply
RasPi & sFTP file transfer
Home network print server
Home network scan server
Mesh : home Lan USB drive
Explore hard & software
UFW firewall explained
Secured by fail2ban server
Software packaging & PPA
Apache 2.4+ LAMP server
https web server : port 443
Varnish caching proxy
Module : cgi & perl
Module : geoip
Modules : php & mysql
http*s error handling
Server : conditional logging
TL-domain & dynamic DNS
Webalizer log analyser
Defeat referrer spam
robots.txt & xml sitemaps
Server : .htaccess handling
The game & not the islands
Setup & config options
North Atlantic : Macaronésia
Nine Azorean islands
Madeiran archipelago
POI on Madeira island
Streaming media
Contact details
Privacy policy & terms
Host traffic elicitation🚫 No ads & tracking
The prologue
Most of the articles, descriptions and instructions written here are applicable to the most common Debian-based Linux derivatives. Depending on the respective operating system, there may be minor or major discrepancies. 
This website is for educational purposes only. Please do not deploy anything in manufacturing plants.
No warranty or compensation is given for loss of data or hardware.
It should be also mentioned that this modest web server is hosted on a Raspberry Pi type 4B at home.
The Raspberry Pi mini-computer board as multi-purpose server deployed
A competent allrounder for domestic purposes and micro-enterprises
Raspberry Pi is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. The mini-computer with its armv7l processor has quickly become the favourite of hobbyists. Projects can be started with suitable Linux distributions. Even an aged RasPi e.g. the models 2B and 2B+ can definitely serve to simple tasks quite well.
This article is only suitable for people who want to get to know about the Varnish caching system. In reality, the caching system can be ignored because »buff/cache« - to observe by the terminal command top -i - performs the same feature on a Linux web server driven by Apache.
root@raspberry:# LINES=10 top -i -d 60 -w
Prologue | Raspberry Pi with Varnish caching proxy
Varnish cache improves the performance of your existing http server. Sometimes it is called »http reverse proxy«, which reduces the time it takes to serve contents to the clients. In most cases with a Raspberry Pi, Varnish works well with its defaults. I assume that you already have a Apache http server that is listening on http port 80 on your - even dynamic - private IP address.
Also another major benefit : by accessing your Varnish cache the lifetime of your SDcard gets extended.
The major contraint : but caching won't help much with content that is always changed and/or made anew for each reload. Instead of strain the Raspberry Pi with database(s) and PHP, I'd highly recommend that if its possible to consider using the flexible static site framework known as HTML plus CSS only.
One barrier of »Varnish Cache« is that it is designed to accelerate HTTP, NOT the secure HTTPS protocol. The »Varnish Cache Plus« addon does SSL/TLS frontend support.
https://docs.varnish-software.com/varnish-cache-plus/features/client-ssl/
Varnish cache | How is that thingy functioning ?
Raspberry Pi as host ➔ Apache http web server ➔ Varnish cache ➔ Outside world
Apache http web server (backend server) ➔ Varnish cache (frontend server)
Installation | Varnish web server accelerator | http mem/ram caching
For OS Raspbian Debian & varnishd (varnish-4.0.2 revision bfe7cd1)
Should be functioning among each Linux Debian derivate.
Some derivates show up with behaviours in a different way.
Update »apt-get« and install Varnish by the following commands
root@raspberry:# apt-get update
root@raspberry:# apt-get install varnish
root@raspberry:# varnishd -V
varnishd (varnish-4.0.2 revision bfe7cd1)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2014 Varnish Software AS
Varnish caching proxy | Custom configuration
Varnish Configuration Language VLC
## Alternative 2, Configuration with VCL
root@raspberry:# nano /etc/default/varnish
## Alternative 2, Configuration with VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# one content server selected by the vcl file, based on the request.
#
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
root@raspberry:# nano /etc/varnish/default.vcl
❗ Change default port 8080 to 80 since modern Apache web servers mostly listen on port 80.
# Default backend definition. Set this to point to your content server.
Example for internal network address 192.168.0.24
Command »ifconfig« via PuTTy terminal to obtain your actual »inet addr:192.168.xxx.xx«.
backend default {
.host = "192.168.0.24";
.port = "80";
}
Usage parameters are : service varnish [start | stop | restart | reload | force-reload | status | configtest]
Perform »configtest«, enable service Varnish with startup, check the service status.
root@raspberry:# service varnish configtest
root@raspberry:# systemctl enable varnish
root@raspberry:# service varnish status
Possibly restart the Raspberry Pi.
root@raspberry:# shutdown -r now
Troubleshooting
Essential settings | Firewall & port forwarding | Redirecting
❗ It might be essential to let port 6081 pass through the Raspberry firewall (e.g. the »ufw« firewall).
Port forwarding & redirecting (settings in modem/switch/router) : it's a must to redirect Apache's port 80/tcp towards Varnish's port 6081/tcp.
Active | Name | Protocol | on Port | on Computer | to Port
Image taken from my internet router.
Negative side effects : since not accessing the Apache module directly from the outside, logging is suppressed to /var/log/apache2/access.log.
That is bad if you deploy locally an analyzer program like the »Webalizer« for website usage reports.
[SOLVED] Let us wait until I found a proper workaround somewhere.
»Varnish cache« keeps Apache's /access.log empty ?
The »varnishncsa« utility reads »varnishd« shared memory logs and presents them in the Apache / NCSA »combined« log format.
Start »varnishncsa« as a service with startup. »varnishncsa« uses its own logfile /var/log/varnish/varnishncsa.log.
root@raspberry:# systemctl enable varnishncsa
In most cases probably »varnishncsa« won't start as service at boot. Troubleshooting : set a delay (45 seconds) with »rc.local«.
root@raspberry:# nano /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
sleep 45s && exec systemctl start varnishncsa
#
exit 0
Save Crtl O and exit Crtl X.
25-Sep 2019
Updated 03-Oct 2019
Check if Varnish module is active & functioning
At first of all open the web browser and use the local IP-address of your Raspberry Pi e.g. 192.168.0.24:6081 and your IP:6081 - in both cases the claimed index-file to your website must appear.
The number associated to »cached Mem« means the amount of physical memory PiRAM that is being used by cache buffers for your file system. Nothing to do with your Varnish cache. It is just misleading.
At present it has no way to smaller the »malloc,256m« 256 MB PiRAM cache provided by Varnish. It is just fixed as default value.
root@raspberry:# top
KiB Mem: 1000216 total, 304628 used, 695588 free, 17180 buffers
KiB Swap: 0 total, 0 used, 0 free. 179556 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
...
898 nobody 20 0 285752 86896 84580 S 0.3 8.7 0:06.03 varnishd
911 varnish+ 20 0 86272 732 84368 S 0.3 0.1 0:05.51 varnishncsa
...
Quit Crtl C
Check the service status »Active: active (running)«
root@raspberry:# service varnish status
● varnish.service - Varnish http accelerator
Loaded: loaded (/lib/systemd/system/varnish. ...
Active: active (running) since Sat 2018-03-1 ...
Process: 925 ExecStart=/usr/sbin/varnishd -a ...
malloc,256m (code=exited, status=0/SUCCESS)
Process: 374 ExecStartPre=/usr/sbin/varnishd ...
...
The terminal command »netstat -tulnp« shows some process if used, not used (closed port) if there is no output.
root@raspberry:# netstat -tulnp
Look for »varnishd« »PID/Program name«
Active Internet transfers (only servers)
...
And by the Varnish access tool »varnishstat«.
root@raspberry:# service varnishncsa start
root@raspberry:# varnishstat
Quit Crtl C
Varnish allows us to use several tools to evaluate & monitor the server by means of statistics.
varnishstat ← it shows many contents on cache hits, resource consumption, etc
varnishhist ← a histogram that shows the time taken for the requests processing
(only if for logging »varnishncsa« is actived)
Quit Crtl C
»varnishstat« : click on image to enlarge in new window.
Not enough convinced yet ? Then follow the next chapter.
Install the »HTTPie« client
HTTPie is a command line utility for creating HTTP queries and downloading files. So it covers the same area of use as »cURL« and in parts »wget«, whereby the developers of HTTPie have set themselves the goal of being more user-friendly than the two mentioned programs.
root@raspberry:# apt install httpie
root@raspberry:# http -v dosboot.org/robots.txt
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: dosboot.org
User-Agent: HTTPie/0.9.8
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Connection: keep-alive
Content-Encoding: gzip
Content-Language: en
Content-Type: text/plain; charset=UTF-8
Date: Thu, 03 Oct 2019 20:18:13 GMT
ETag: "1a9-5938d8c255a34-gzip"
Last-Modified: Fri, 27 Sep 2019 19:03:54 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 varnish-v4
X-Varnish: 131184
Server: Apache | Via: 1.1 varnish-v4 | X-Varnish: 131184
You can see ... IT WORKS !
Epilogue | Raspberry Pi with Varnish caching proxy
So folks, that is my experience with »varnish« so far. Afterwards I deactivated the caching proxy again.
One of the main reason was that I was unable to use personalized anti-spam-filters through SetEnvIf & dontlog as like to make with apache2.conf possible.
05-Oct 2019