Installer et configurer Varnish sous Debian / Ubuntu

7 juin 2014 Serveur 2 Commentaires

Varnish est un serveur de cache HTTP fonctionnant sur le principe d’un reverse proxy. Varnish va prendre en charge les requêtes HTTP venant de vos visiteurs et communiquer avec votre serveur Web en ne demandant la création des pages Web seulement quand cela est nécessaire. Ici nous allons installer et configurer Varnish pour l’optimisation de la mise en cache de WordPress.

 

 

Installation de Varnish

L’installation est très simple, il vous suffit de lancer la commande suivante

sudo apt-get install varnish

 

Configuration de Varnish

Nous allons donc maintenant commencer par configurer notre backend

sudo nano /etc/varnish/default.vcl

 

Voici ce a quoi devra ressembler votre fichier de configuration (modifiez correctement les dernières lignes)

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}
# Called after a document has been successfully retrieved from the backend.
sub vcl_fetch {
    # Uncomment to make the default cache "time to live" is 5 minutes, handy
    # but it may cache stale pages unless purged. (TODO)
    # By default Varnish will use the headers sent to it by Apache (the backend server)
    # to figure out the correct TTL.
    # WP Super Cache sends a TTL of 3 seconds, set in wp-content/cache/.htaccess

    set beresp.ttl   = 24h;

    # Strip cookies for static files and set a long cache expiry time.
    if (req.url ~ ".(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") {
            unset beresp.http.set-cookie;
            set beresp.ttl   = 24h;
    }

    # If WordPress cookies found then page is not cacheable
    if (req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)") {
       # set beresp.cacheable = false;#versions less than 3
    #beresp.ttl>0 is cacheable so 0 will not be cached
    set beresp.ttl = 0s;
    } else {
       # set beresp.cacheable = true;
    set beresp.ttl=24h;#cache for 24hrs
    }

    # Varnish determined the object was not cacheable
    #if ttl is not > 0 seconds then it is cachebale
    if (!beresp.ttl > 0s) {
        set beresp.http.X-Cacheable = "NO:Not Cacheable";
    } else if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) {
        # You don't wish to cache content for logged in users
        set beresp.http.X-Cacheable = "NO:Got Session";
        return(hit_for_pass); #previously just pass but changed in v3+
    }  else if ( beresp.http.Cache-Control ~ "private") {
        # You are respecting the Cache-Control=private header from the backend
        set beresp.http.X-Cacheable = "NO:Cache-Control=private";
        return(hit_for_pass);
    } else if ( beresp.ttl < 1s ) {
        # You are extending the lifetime of the object artificially
        set beresp.ttl   = 300s;
        set beresp.grace = 300s;
        set beresp.http.X-Cacheable = "YES:Forced";
    } else {
        # Varnish determined the object was cacheable
        set beresp.http.X-Cacheable = "YES";
    }
    if (beresp.status == 404 || beresp.status >= 500) {
        set beresp.ttl = 0s;
    }

    # Deliver the content
    return(deliver);
}

sub vcl_hash {
    # Each cached page has to be identified by a key that unlocks it.
    # Add the browser cookie only if a WordPress cookie found.
if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) {
        #set req.hash += req.http.Cookie;
    hash_data(req.http.Cookie);
     }
}

# Deliver
sub vcl_deliver {
    # Uncomment these lines to remove these headers once you've finished setting up Varnish.
    remove resp.http.X-Varnish;
    remove resp.http.Via;
    remove resp.http.Age;
    remove resp.http.X-Powered-By;
}

# vcl_recv is called whenever a request is received
sub vcl_recv {
    # remove ?ver=xxxxx strings from urls so css and js files are cached.
    # Watch out when upgrading WordPress, need to restart Varnish or flush cache.
    set req.url = regsub(req.url, "?ver=.*$", "");

    # Remove "replytocom" from requests to make caching better.
    set req.url = regsub(req.url, "?replytocom=.*$", "");

    remove req.http.X-Forwarded-For;
    set    req.http.X-Forwarded-For = client.ip;

    # Exclude this site because it breaks if cached
    #if ( req.http.host == "example.com" ) {
    #    return( pass );
    #}

    # Serve objects up to 2 minutes past their expiry if the backend is slow to respond.
    set req.grace = 120s;
    # Strip cookies for static files:
    if (req.url ~ ".(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") {
        unset req.http.Cookie;
        return(lookup);
    }
    # Remove has_js and Google Analytics __* cookies.
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;s*)(__[a-z]+|has_js)=[^;]*", "");
    # Remove a ";" prefix, if present.
    set req.http.Cookie = regsub(req.http.Cookie, "^;s*", "");
    # Remove empty cookies.
    if (req.http.Cookie ~ "^s*$") {
        unset req.http.Cookie;
    }
    if (req.request == "PURGE") {
        if (!client.ip ~ purgehosts) {
                error 405 "Not allowed.";
        }
    #previous version ban() was purge()
        ban("req.url ~ " + req.url + " && req.http.host == " + req.http.host);
        error 200 "Purged.";
    }

    # Pass anything other than GET and HEAD directly.
    if (req.request != "GET" && req.request != "HEAD") {
        return( pass );
    }      /* We only deal with GET and HEAD by default */
 # remove cookies for comments cookie to make caching better.
    set req.http.cookie = regsub(req.http.cookie, "1231111111111111122222222333333=[^;]+(; )?", "");

    # never cache the admin pages, or the server-status page, or your feed? you may want to..i don't
    if (req.request == "GET" && (req.url ~ "(wp-admin|bb-admin|server-status|feed)")) {
        return(pipe);
    }
    # don't cache authenticated sessions
    if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") {
        return(lookup);
    }
    # don't cache ajax requests
    if(req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache" || req.url ~
"(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)") {
        return (pass);
    }
    return( lookup );
}

#set of hosts/users from which purging can be done
acl purgehosts {
    "localhost";
    "ADRESSE DE VOTRE SITE";
    "IP DE VOTRE SERVEUR";
}

 

Le port d’écoute configuré par défaut est le 6081 (voir /etc/default/varnish). Ouvrons ce port dans notre firewall afin de pouvoir tester si tout fonctionne correctement

iptables -A OUTPUT -p tcp --dport 6081 -j ACCEPT

Afin de s’assurer que tout est ok ouvrez la page web suivante : http://www.votresite.com:6081

Configuration d’apache 2

Nous souhaitons que nos utilisateurs puissent profiter de varnish automatiquement sans connexion sur le port 6082, il faut donc configurer apache

sudo nano /etc/apache2/ports.conf

 

Demandons a apache d’écouter le port 8080 et non plus le port 80

NameVirtualHost *:8080
Listen 8080

 

Modifiez aussi la configuration de notre vhost

sudo nano /etc/apache2/sites-available/votre_vhost

 

Nous modifions le port d’écoute et utilisons le format log de varnishcombined

<VirtualHost *:8080>
DocumentRoot /var/www/votre.repertoire.web
ServerName votresite.net
ServerAlias www.votresite.net
ServerAdmin contact@votresite.net
CustomLog /var/log/apache2/www-access.log.votresite.net varnishcombined
ErrorLog /var/log/apache2/www-error.log.votresite.net
</VirtualHost>

 

Petit soucis PHP ne verra plus les adresse IP des visiteurs dans REMOTE_ADDR (il ne voit plus que l’IP du serveur qui héberge Varnish, c’est-à-dire lui-même si Apache et Varnish sont sur la même machine). Pour regler cela il faudra modifier la configuration d’apache

sudo nano /etc/apache2/apache2.conf

 

Ajoutez-y les lignes suivantes

LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" varnishcombined

 

Nous pouvons maintenant modifier la configuration de notre backend en editant le fichier de configuration de varnish

sudo nano /etc/default/varnish

 

De la manière suivante

DAEMON_OPTS="-a :80
-T localhost:6082
-f /etc/varnish/default.vcl
-S /etc/varnish/secret
-p thread_pool_add_delay=2
-p thread_pools=4
-p thread_pool_min=200
-p thread_pool_max=4000
-p cli_timeout=25
-p session_linger=100
-s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"

 

Modifions maintenant le fichier vcl

sudo nano /etc/varnish/default.vcl

 

Modifions l’adresse de l’host, de…

backend default {
    .host = "127.0.0.1";
    .port = "8080";

 

…vers

backend default {
    .host = "monsite.net";
    .port = "8080";

 

Supprimez d’iptables la règle que nous avions appliquée auparavant, puis ajoutez ces deux nouvelles règles

iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 6082 -s 127.0.0.1 -j ACCEPT

 

C’est termine, nous pouvons relancer apache ainsi que varnish

sudo service apache2 restart
sudo service varnish restart

 

Sources

Documentation officielle de Varnish
Article de nicolargo