Install Varnish Cache for Apache on CentOS 7

Updated on July 9, 2020
Install Varnish Cache for Apache on CentOS 7 header image

This guide explains how to install Varnish Cache 6.0 with Apache on CentOS 7. Varnish Cache is an open-source caching HTTP reverse proxy that can help improve a web server's performance. This tutorial uses CentOS 7 without SELinux. If you need to disable SELinux, see our article "How to Disable SELinux on CentOS".

Prerequisites

1. Configure Firewall

If you use FirewallD, modify the firewall rules to allow inbound traffic on port 80. If you are unsure of your firewall configuration, see our articles about FirewallD and troubleshooting server connections. These commands assume you have a freshly-deployed Vultr CentOS 7 instance:

$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --reload

2. Install Apache

Install Apache HTTP server.

$ sudo yum install -y httpd

Set Apache port to 8080. Edit httpd.conf with nano.

$ sudo nano /etc/httpd/conf/httpd.conf

Change the line "Listen 80" to "Listen 8080", then save and close the file. The line should like like this when finished.

    Listen 8080

Start the Apache service.

$ sudo systemctl start httpd.service
$ sudo systemctl enable httpd.service

3. Test Apache configuration

Create a test file.

$ sudo touch /var/www/html/test.html

Use curl to test the server at port 8080. This verifies Apache is configured correctly.

$ curl -I http://localhost:8080/test.html

HTTP/1.1 200 OK
Date: Fri, 10 Jul 2020 13:10:04 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Fri, 10 Jul 2020 13:09:56 GMT
ETag: "0-5aa160eb192a8"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8

4. Install Varnish

Add the EPEL repository.

$ sudo yum install -y epel-release

Install the dependency packages.

$ sudo yum install -y pygpgme yum-utils

Add the Varnish Cache repository. Edit /etc/yum.repos.d/varnish60lts.repo

$ sudo nano /etc/yum.repos.d/varnish60lts.repo

Paste the following, then save and close the file.

[varnish60lts]
name=varnishcache_varnish60lts
baseurl=https://packagecloud.io/varnishcache/varnish60lts/el/7/x86_64
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish60lts/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Update the yum cache for the Varnish repo.

$ sudo yum -q makecache -y --disablerepo='*' --enablerepo='varnish60lts'

Install Varnish.

$ sudo yum install -y varnish

Verify Varnish is installed and the correct version.

$ sudo varnishd -V
varnishd (varnish-6.0.6 revision 29a1a8243dbef3d973aec28dc90403188c1dc8e7)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2019 Varnish Software AS

Enable Varnish at system boot.

$ sudo systemctl enable --now varnish

Configure Varnish to listen at port 80, from the default of 6081. Edit varnish.service with nano.

$ sudo nano /usr/lib/systemd/system/varnish.service

Change the line beginning with ExecStart from port 6081 to port 80, then save and close the file. The line should like like this when finished.

ExecStart=/usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m

Restart the Varnish service.

$ sudo systemctl daemon-reload
$ sudo systemctl restart varnish

5. Test the Installation

Use curl to test from the server console.

$ curl -I http://localhost/test.html

The output should resemble this. The X-Varnish: 2 and Via: 1.1 varnish (Varnish/6.0) headers appear when Varnish Cache is running.

HTTP/1.1 200 OK
Date: Thu, 09 Jul 2020 18:46:00 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 09 Jul 2020 18:45:53 GMT
ETag: "0-5aa06a2507662"
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Varnish: 2
Age: 0
Via: 1.1 varnish (Varnish/6.0)
Accept-Ranges: bytes
Connection: keep-alive

Test from your local workstation, substitute your instance's IP address. Verify the Varnish headers appear.

Linux:

$ curl -I http://192.0.2.123/test.html

Windows PowerShell:

PS> curl -Uri http://192.0.2.123/test.html

Troubleshooting

Check ports

Use the ss utility to verify which processes are listening on which ports.

# ss -lnpt | grep 80
LISTEN     0      128          *:80                       *:*                   users:(("cache-main",pid=2253,fd=3),("varnishd",pid=2243,fd=3))
LISTEN     0      128       [::]:80                    [::]:*                   users:(("cache-main",pid=2253,fd=5),("varnishd",pid=2243,fd=5))
LISTEN     0      128       [::]:8080                  [::]:*                   users:(("httpd",pid=1373,fd=4),("httpd",pid=1372,fd=4),("httpd",pid=1371,fd=4),("httpd",pid=1370,fd=4),("httpd",pid=1369,fd=4),("httpd",pid=1368,fd=4))

Make sure varnishd is listening on port 80 and httpd is on port 8080 as shown.

Test with curl

$ curl -I http://localhost/test.html

HTTP/1.1 503 Backend fetch failed
Date: Fri, 10 Jul 2020 14:01:13 GMT
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
X-Varnish: 2
Age: 0
Via: 1.1 varnish (Varnish/6.0)
Content-Length: 278
Connection: keep-alive

If curl returns "HTTP/1.1 503 Backend fetch failed" as shown above, check the /etc/varnish/default.vcl file.

$ nano /etc/varnish/default.vcl

Make sure the backend default section points to Apache at port 8080.

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

Firewall

Verify your firewall settings. See Step 1 for more information about firewall configuration.