Sometimes you need to quickly setup Varnish, usually in an emergency (like, your website got featured on Reddit’s frontpage 😀 ), to quickly absorb most of the hits hitting your website.
But the webserver is already using port 80.
Now what ?
Pretty easy actually :
- Setup Varnish on other port, say, 6081
- Run an iptables command : to forward incoming traffic from port 80 to port 6081
- Make sure Varnish uses 127.0.0.1:80 as the backend
Presto – now all the traffic hits Varnish first – which will process them in lightning speed.
Alright, so here’s the gory detail, also available on Pastebin.com : https://pastebin.com/2UBD7s05
Enjoy !
========
apt-get update ; apt-get -y install varnish
# Varnish should be already configured to list on port 6081
# if in doubt, check /etc/default/varnish,
# and look for the following line :
# DAEMON_OPTS="-a :6081
# edit varnish config
vi /etc/varnish/default.vcl
# make sure the .port line is set to 80, like this :
# .port = "80";
# then save & exit
# enable Apache's expires & headers module
a2enmod expires
a2enmod headers
# setup caching for static files
# via .htaccess file
echo "Header unset ETag" >> /var/www/.htaccess
echo "FileETag None" >> /var/www/.htaccess
echo "<ifmodule mod_expires.c>" >> /var/www/.htaccess
echo "<filesmatch \"(?i)^.*\\.(ico|flv|jpg|jpeg|png|gif|js|css)$\">" >> /var/www/.htaccess
echo "ExpiresActive On" >> /var/www/.htaccess
echo "ExpiresDefault \"access plus 2 minute\"" >> /var/www/.htaccess
echo "</filesmatch>" >> /var/www/.htaccess
echo "</ifmodule>" >> /var/www/.htaccess
# enable caching in php.ini
vi /etc/php/7.0/apache2/php.ini
# make sure session.cache_limiter = public
# save & exit
# restart Apache
/etc/init.d/apache2 restart
###### now let's start forwarding traffic to Varnish ######
# enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
vi /etc/sysctl.conf
# add this line at the end of the file :
# net.ipv4.ip_forward = 1
# now here's the command that will actually forward the traffic from port 80 to Varnish
# change eth0 to your computer's network interface name
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 6081
# make sure this iptables setting will become permanent
apt-get -y install iptables-persistent