Varnish est un serveur de cache HTTP fonctionnant sur le principe d’un reverse proxy. Varnish va prendre en charge les requêtes HTTP venant de vos visiteurs et communiquer avec votre serveur Web en ne demandant la création des pages Web seulement quand cela est nécessaire. Ici nous allons installer et configurer Varnish pour l’optimisation de la mise en cache de WordPress.
Installation de Varnish
L’installation est très simple, il vous suffit de lancer la commande suivante
sudo apt-get install varnish
Configuration de Varnish
Nous allons donc maintenant commencer par configurer notre backend
sudo nano /etc/varnish/default.vcl
Voici ce a quoi devra ressembler votre fichier de configuration (modifiez correctement les dernières lignes)
backend default {
.host = "127.0.0.1";
.port = "8080";
}
# Called after a document has been successfully retrieved from the backend.
sub vcl_fetch {
# Uncomment to make the default cache "time to live" is 5 minutes, handy
# but it may cache stale pages unless purged. (TODO)
# By default Varnish will use the headers sent to it by Apache (the backend server)
# to figure out the correct TTL.
# WP Super Cache sends a TTL of 3 seconds, set in wp-content/cache/.htaccess
set beresp.ttl = 24h;
# Strip cookies for static files and set a long cache expiry time.
if (req.url ~ ".(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") {
unset beresp.http.set-cookie;
set beresp.ttl = 24h;
}
# If WordPress cookies found then page is not cacheable
if (req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)") {
# set beresp.cacheable = false;#versions less than 3
#beresp.ttl>0 is cacheable so 0 will not be cached
set beresp.ttl = 0s;
} else {
# set beresp.cacheable = true;
set beresp.ttl=24h;#cache for 24hrs
}
# Varnish determined the object was not cacheable
#if ttl is not > 0 seconds then it is cachebale
if (!beresp.ttl > 0s) {
set beresp.http.X-Cacheable = "NO:Not Cacheable";
} else if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) {
# You don't wish to cache content for logged in users
set beresp.http.X-Cacheable = "NO:Got Session";
return(hit_for_pass); #previously just pass but changed in v3+
} else if ( beresp.http.Cache-Control ~ "private") {
# You are respecting the Cache-Control=private header from the backend
set beresp.http.X-Cacheable = "NO:Cache-Control=private";
return(hit_for_pass);
} else if ( beresp.ttl < 1s ) {
# You are extending the lifetime of the object artificially
set beresp.ttl = 300s;
set beresp.grace = 300s;
set beresp.http.X-Cacheable = "YES:Forced";
} else {
# Varnish determined the object was cacheable
set beresp.http.X-Cacheable = "YES";
}
if (beresp.status == 404 || beresp.status >= 500) {
set beresp.ttl = 0s;
}
# Deliver the content
return(deliver);
}
sub vcl_hash {
# Each cached page has to be identified by a key that unlocks it.
# Add the browser cookie only if a WordPress cookie found.
if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) {
#set req.hash += req.http.Cookie;
hash_data(req.http.Cookie);
}
}
# Deliver
sub vcl_deliver {
# Uncomment these lines to remove these headers once you've finished setting up Varnish.
remove resp.http.X-Varnish;
remove resp.http.Via;
remove resp.http.Age;
remove resp.http.X-Powered-By;
}
# vcl_recv is called whenever a request is received
sub vcl_recv {
# remove ?ver=xxxxx strings from urls so css and js files are cached.
# Watch out when upgrading WordPress, need to restart Varnish or flush cache.
set req.url = regsub(req.url, "?ver=.*$", "");
# Remove "replytocom" from requests to make caching better.
set req.url = regsub(req.url, "?replytocom=.*$", "");
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
# Exclude this site because it breaks if cached
#if ( req.http.host == "example.com" ) {
# return( pass );
#}
# Serve objects up to 2 minutes past their expiry if the backend is slow to respond.
set req.grace = 120s;
# Strip cookies for static files:
if (req.url ~ ".(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") {
unset req.http.Cookie;
return(lookup);
}
# Remove has_js and Google Analytics __* cookies.
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;s*)(__[a-z]+|has_js)=[^;]*", "");
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;s*", "");
# Remove empty cookies.
if (req.http.Cookie ~ "^s*$") {
unset req.http.Cookie;
}
if (req.request == "PURGE") {
if (!client.ip ~ purgehosts) {
error 405 "Not allowed.";
}
#previous version ban() was purge()
ban("req.url ~ " + req.url + " && req.http.host == " + req.http.host);
error 200 "Purged.";
}
# Pass anything other than GET and HEAD directly.
if (req.request != "GET" && req.request != "HEAD") {
return( pass );
} /* We only deal with GET and HEAD by default */
# remove cookies for comments cookie to make caching better.
set req.http.cookie = regsub(req.http.cookie, "1231111111111111122222222333333=[^;]+(; )?", "");
# never cache the admin pages, or the server-status page, or your feed? you may want to..i don't
if (req.request == "GET" && (req.url ~ "(wp-admin|bb-admin|server-status|feed)")) {
return(pipe);
}
# don't cache authenticated sessions
if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") {
return(lookup);
}
# don't cache ajax requests
if(req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache" || req.url ~
"(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)") {
return (pass);
}
return( lookup );
}
#set of hosts/users from which purging can be done
acl purgehosts {
"localhost";
"ADRESSE DE VOTRE SITE";
"IP DE VOTRE SERVEUR";
}
Le port d’écoute configuré par défaut est le 6081 (voir /etc/default/varnish). Ouvrons ce port dans notre firewall afin de pouvoir tester si tout fonctionne correctement
iptables -A OUTPUT -p tcp --dport 6081 -j ACCEPT
Afin de s’assurer que tout est ok ouvrez la page web suivante : http://www.votresite.com:6081
Configuration d’apache 2
Nous souhaitons que nos utilisateurs puissent profiter de varnish automatiquement sans connexion sur le port 6082, il faut donc configurer apache
sudo nano /etc/apache2/ports.conf
Demandons a apache d’écouter le port 8080 et non plus le port 80
NameVirtualHost *:8080 Listen 8080
Modifiez aussi la configuration de notre vhost
sudo nano /etc/apache2/sites-available/votre_vhost
Nous modifions le port d’écoute et utilisons le format log de varnishcombined
<VirtualHost *:8080> DocumentRoot /var/www/votre.repertoire.web ServerName votresite.net ServerAlias www.votresite.net ServerAdmin contact@votresite.net CustomLog /var/log/apache2/www-access.log.votresite.net varnishcombined ErrorLog /var/log/apache2/www-error.log.votresite.net </VirtualHost>
Petit soucis PHP ne verra plus les adresse IP des visiteurs dans REMOTE_ADDR (il ne voit plus que l’IP du serveur qui héberge Varnish, c’est-à-dire lui-même si Apache et Varnish sont sur la même machine). Pour regler cela il faudra modifier la configuration d’apache
sudo nano /etc/apache2/apache2.conf
Ajoutez-y les lignes suivantes
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" varnishcombined
Nous pouvons maintenant modifier la configuration de notre backend en editant le fichier de configuration de varnish
sudo nano /etc/default/varnish
De la manière suivante
DAEMON_OPTS="-a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -p thread_pool_add_delay=2 -p thread_pools=4 -p thread_pool_min=200 -p thread_pool_max=4000 -p cli_timeout=25 -p session_linger=100 -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
Modifions maintenant le fichier vcl
sudo nano /etc/varnish/default.vcl
Modifions l’adresse de l’host, de…
backend default {
.host = "127.0.0.1";
.port = "8080";
…vers
backend default {
.host = "monsite.net";
.port = "8080";
Supprimez d’iptables la règle que nous avions appliquée auparavant, puis ajoutez ces deux nouvelles règles
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT iptables -A OUTPUT -p tcp --dport 6082 -s 127.0.0.1 -j ACCEPT
C’est termine, nous pouvons relancer apache ainsi que varnish
sudo service apache2 restart sudo service varnish restart
Sources
Documentation officielle de Varnish
Article de nicolargo