How to install Nginx as Reverse Proxy in front of Apache on Ubuntu 15.10

1.0 Introduction

Nginx or “engine-x” is a high-performance web server with low memory usage, created by Igor Sysoev in 2002. Nginx is not just a web server, it can be used as a reverse proxy for many protocols like HTTP, HTTPS, POP3, SMTP, and IMAP and as a load balancer and HTTP cache as well.

In this tutorial, I will install and configure Nginx as a caching reverse proxy for an Apache web server on Ubuntu 15.10, Nginx is used as the front end and Apache as the back end. Nginx will run on port 80 to respond to requests from a user/browser, the request will then be forwarded to the apache server that is running on port 8080.

2.0 Install Apache and PHP

Log in to your ubuntu server as a root user.

Before install the package you have to update the apt cache using “apt-get”

#apt-get update

Then install apache with the apt-get command.

# apt-get install apache2

Once apache is installed, we must install PHP.

# apt-get install php5 php5-mysql libapache2-mod-php5

3.0 Configure Apache and PHP

By default, apache listens on port 80. We have to configure apache to run on port 8080 for our proxy setup as port 80 will be used by nginx later. We have to edit the apache configuration file “/etc/apache2/ports.conf”. And then proceed with the virtual host configuration in the “/etc/apache2/sites-available/” directory.

First change the port for apache to 8080 by editing the file “ports.conf” with the vim editor.

#vim /etc/apache2/ports.conf

On line 5, change port 80 to 8080 as follows.

Listen 8080

Now go to the virtualhost directory and edit the file “000-default.conf”.

   #cd sites-available/
   #vim 000-default.conf

Make sure your configuration is same as below

  


    ServerName www.reverse.com
    ServerAlias reverse.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Test the configuration and restart apache

  #apachectl configtest
  #systemctl restart apache2

Create a new file with the name “info.php” in the directory “/var/www/html/” with the following content

  #cd /var/www/html/
  #echo "" > info.php

Visit your site in browser

    http://ip:8080
    http://ip:8080/info.php

4.0 Install Nginx

Install Nginx with the following apt-get command

#apt-get install nginx

5.0 Configure Nginx

Once Nginx is installed, configure Nginx to act as reverse proxy for the apache web server that running on port 8080.
Go to the nginx configuration directory and edit the file “nginx.conf”.

  #cd /etc/nginx/
  #vim nginx.conf

Enable Gzip compression for Nginx by uncomment the gzip lines.

        # Gzip Settings
        ##
       gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

The most important is :

• gzip on : to turn gzip compression.
• gzip_types : is list of MIME-types which you want to turn the compression.
• gzip_proxied any : is enable compression for proxied request.

Right under gzip settings, add these proxy cache settings:

 # Proxy Cache Settings
 proxy_cache_path /var/cache levels=1:2 keys_zone=reverse_cache:60m inactive=90m max_size=1000m;

Now we will configure a virtualhost in the directory “/etc/nginx/sites-available”

New virtualhost configuration file named “reverse.conf”.

   #cd /etc/nginx/sites-available
   #vim reverse.conf

Paste the configuration below:

   server {
    listen 80;

    # Site Directory same in the apache virtualhost configuration
    root /var/www/html; 
    index index.php index.html index.htm;

    # Domain
    server_name www.reverse.com reverse.com;

    location / {
        try_files $uri $uri/ /index.php;
    }


    # Reverse Proxy and Proxy Cache Configuration
    location ~ \.php$ {
 
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080;

        # Cache configuration
        proxy_cache reverse_cache;
        proxy_cache_valid 3s;
        proxy_no_cache $cookie_PHPSESSID;
        proxy_cache_bypass $cookie_PHPSESSID;
        proxy_cache_key "$scheme$host$request_uri";
        add_header X-Cache $upstream_cache_status;
    }

    # Enable Cache the file 30 days
    location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
        proxy_cache_valid 200 120m;
        expires 30d;
        proxy_cache reverse_cache;
        access_log off;
    }

    # Disable Cache for the file type html, json
    location ~* .(?:manifest|appcache|html?|xml|json)$ {
        expires -1;
    }

    location ~ /\.ht {
        deny all;
    }
}

Take backup the “default” configuration file from “/etc/nginx/sites-available” directory.

  #mv default default.bak

Then activate the new virtualhost configuration.

#ln -s /etc/nginx/sites-available/reverse.conf /etc/nginx/sites-enabled/

Test the nginx configuration and restart nginx.

  #nginx -t
  #systemctl restart nginx

6.0 Configure Logging

In this step, I will configure apache to log the real ip of the visitor instead of the local IP. Install the apache module “libapache2-mod-rpaf” and edit the module configuration file.

   #apt-get install libapache2-mod-rpaf
   #cd /etc/apache2/mods-available/
   #vim rpaf.conf

Add the server IP to the line 10.

  RPAFproxy_ips 127.0.0.1 192.168.1.108 ::1

Restart apache

   #systemctl restart apache2

Test rpaf by viewing the apache access log with the tail command

#tail -f /var/log/apache2/access.log

Zimbra Server Migration and Zimbra Account Transfer – The Perfect Method

1. Introduction

Zimbra project doesn’t have a cross migration or proper account transfer documentation. All they tell is to do copy the folder /opt/zimbra to your new servers. But if any of those files infected with a rootkit or other malicious scripts , then your new server also will be compromised. So never sync or copy the entire directory of your zimbra installation. Zimbra also tell you to upgrade your production server to the latest version before migration. But improper upgrade may result in entire data lose. With this procedure you can do:

• Migrate zimbra from one Operating System To another.
• Migrate zimbra account between any hardware and Operating systems configurations.
• No interruption on production server like software upgrade or service disable.
• Migrate zimbra from old version to a new version server
• Zimbra cross migrations without copying entire directories.

2. Requirement

You need an old server with zmibra account and a new fresh server with the Os you wish. Dont’ create or make any custom configuration or setting in you new server. Please make sure to set your new servers hostname same as the old one.

• Old server
• Need ssh root login
• Need zimbra admin logins
• Enough HDD space to store backups
• New server
• Must be installed with latest stable zimbra
• Need ssh root logins
• Need zimbra admin logins
• Enough HDD space to store backups

3. Presetup

You need to setup an ssh key from the new server’s root account to the old server’s root account.
Reduce the TTL of MX records of your domain to 500 seconds . So that you can easily switch the domain’s IP after migration. Please remember to schedule the migration task on non peek hours.

Create a directory in both new and old server into which we store all required files and data for doing the migration

[root@zimbra ~]# mkdir /backups/zmigrate
[root@zimbra ~]# chown zimbra.zimbra /backups/zmigrate
[root@zimbra ~]# su - zimbra

All operation in your Zimbra server must be performed as Zimbra user itself, otherwise you will get permission and ownership issues in your zimbra server

4. Backup all data from Old server

We are going to copy all data from old server without interrupting the services.

4.1 Find all domains

You need to find all the domains from your old server. We will store the domain list in a file called domains.txt. You need to back all the domains list as follows,

zimbra@zimbra:~$ cd /backups/zmigrate
zimbra@zimbra:/backups/zmigrate$ zmprov gad > domains.txt
zimbra@zimbra:/backups/zmigrate$ cat domains.txt
fun.com
myserver.com
justfortest.com
checkit.com
dieanotherday.com
gnutest.com
foo.com
zimbra.foo.com
zimbra@zimbra:/backups/zmigrate$

Now remove all domains and subdomains related with the main hostname of your server foo.com , from this list (domains.txt) because it was already created in your new server. So there is no need to create a new domain with the same name.

4.2 Find all admin accounts

Most of these servers will have only one admin. But some servers have multiple admins. So it will be good to find all admin accounts. We will store the admins list in admins.txt

zimbra@zimbra:/backups/zmigrate$ zmprov gaaa > admins.txt
zimbra@zimbra:/backups/zmigrate$ cat admins.txt
admin@foo.com
zimbra@zimbra:/backups/zmigrate

4.3 Find all email accounts

Next step is to find all the email accounts hosted in your old server. Get a list of your email accounts and save in the file emails.txt . So from this file we can see how many accounts that need to migrate.

zimbra@zimbra:/backups/zmigrate$ zmprov -l gaa >emails.txt
zimbra@zimbra:/backups/zmigrate$ cat emails.txt
gm@fun.com
forest@fun.com
galsync@fun.com
fax@myserver.com
paul@myserver.com
angela@myserver.com
brooke@myserver.com
hnmobile1@myserver.com
maria@justfortest.com
samantha@justfortest.com
backupmail@justfortest.com
admin@checkit.com
sandra@checkit.com
zimbra@zimbra:/backups/zmigrate$

Please remove all the email accounts from the file /backups/zmigrate/emails.txt with a starting words like spam, virus, ham, galsync . There is no need to restore these accounts. Even if you still need to restore , you can do it. I don’t like spam and virus emails.

4.4 Get all distribution lists

You need to get all the distributions list and store it in a file called distributinlist.txt.

 
zimbra@zimbra:~$ zmprov gadl > /backups/zmigrate/distributinlist.txt
zimbra@zimbra:~$ cat /backups/zmigrate/distributinlist.txt
budgetrtodomainusers@fun.com
healthnowdomainusers@myserver.com
checkit.comdomainusers@checkit.com
northpointessdomainusers@dieanotherday.com
parkatnorthhillsdomainusers@gnutest.com
zimbra@zimbra:~$

4.5 Get all members in distribution lists

In this step we are going to collect all members in each of these distributions. We will create a folder called distributinlist_members and create a file under this folder named distributinlist.txt , then store all the distributions members.

zimbra@zimbra:~$ mkdir /backups/zmigrate/distributinlist_members
zimbra@zimbra:~$ for i in `cat /backups/zmigrate/distributinlist.txt`; do zmprov gdlm $i > /backups/zmigrate/distributinlist_members/$i.txt ;echo "$i"; done
budgetrtodomainusers@fun.com
healthnowdomainusers@myserver.com
checkit.comdomainusers@checkit.com

4.6 Find all email account’s passwords

Now need to find the encrypted password of all of your old email accounts and store it under a folder named userpass/ as follows:

zimbra@zimbra:/backups/zmigrate$ mkdir userpass
zimbra@zimbra:/backups/zmigrate$ for i in `cat emails.txt`; do zmprov  -l ga $i userPassword | grep userPassword: | awk '{ print $2}' > userpass/$i.shadow; done

4.7 Backup all user names , Display names and Given Names

Zimbra will accept a Names and Disaplay names in email accounts during account creation. So we need to restore those data too. We will create a directory called userdata/ which contains these details of each of those email accounts

zimbra@zimbra:/backups/zmigrate$ mkdir userdata
zimbra@zimbra:/backups/zmigrate$ for i in `cat emails.txt`; do zmprov ga $i  | grep -i Name: > userdata/$i.txt ; done

4.8 Now backup all email account

This will take some time to take backup of all email accounts. So you can run this command behind “screen”. A tgz file will be created with each emails name. We will use this files to transfer email accounts.

 
zimbra@zimbra:/backups/zmigrate$ for email in `cat /backups/zmigrate/emails.txt`; do for i in `cat ../emails.txt `; do zmmailbox -z -m $i getRestURL '/?fmt=tgz' > $i.tgz ;  echo $email ; done
gm@fun.com
forest@fun.com
galsync@fun.com
fax@myserver.com
fax2@myserver.com
paul@myserver.com

This tgz files contains

• Mail
• Contacts
• Calendars
• Briefcase
• Tasks
• Searches
• Tags
• Folders

All subfolders are included, except Junk and Trash. There is no way to include these in the big dump, but they can be exported separately:

4.9 Now backup alias

Some times your server may have email aliases for certain accounts. So you need to copy those aliases too. We will create a sub folder called alias/ for storing the backup of Alias.

 
zimbra@zimbra:/backups/zmigrate$ mkdir -p alias/
zimbra@zimbra:/backups/zmigrate$ for i in `cat emails.txt`; do zmprov ga  $i | grep zimbraMailAlias |awk '{print $2}' > alias/$i.txt ;echo $i ;done
gm@fun.com
forest@fun.com

Some of your email accounts don’t have alias. So the above created files may be an empty file. Remove those empty files as follows,’\

zimbra@zimbra:/backups/zmigrate$ find alias/ -type f -empty | xargs -n1 rm -v 

4.10 Rsync folder to new server

Now we have all the required data to do the migration process. As a summery :

• /backups/zmigrate – Have all the backups stored
• /backups/zmigrate/domains.txt – Contains the domains names
• /backups/zmigrate/emails.txt – Contains the list of email accounts
• /backups/zmigrate/distributinlist.txt – Contains the distribution lists
• /backups/zmigrate/distributinlist_members – Contains the members in each of your distributions
• /backups/zmigrate/userpass – Contains the encrypted password of your email accounts
• /backups/zmigrate/userdata – containts the email accounts user informations
• /backups/zmigrate/alias – Contains all the aliases of your email accounts

Also the parent folder /backups/zmigrate contains a lot of zip file which are the data inside emails.

Now rsync the files as follows,

root@newserver # rsync -avp -e 'ssh -p 22' root@old-server-ip:/backups/zmigrate /backups/

5. Restore in new server

So after finishing the rsync process , we need to restore this in your new server as follows:

All this operations must be carried out as zimbra sudo user itself. Don’t use root account to store the backups

[root@zimbra ~]# su - zimbra
[zimbra@zimbra]$

5.1 Restore all domains

Now create all the domains that we have from the file /backups/zmigrate/domains.txt

[zimbra@zimbra zmigrate]$ for i in `cat /backups/zmigrate/domains.txt `; do  zmprov cd $i zimbraAuthMech zimbra ;echo $i ;done
2c86f244-de9d-4b7c-8e22-2246a8256219
myserver.com
dbf75058-d85e-4d60-8b69-1f148a456eb6
justfortest.com
ee90ffa2-505d-449f-82fd-129acb21cb5e
checkit.com
8b6bf287-f61e-4930-ada0-96b817292556
dieanotherday.com
17d3c73c-14f7-43aa-9fd2-c9be9e29c9e5

You can also verify the domains created from the zimbra admin panel too

5.2 Create email accounts and set the old password

We need to create the email accounts for storing the mails. We also need to set the old passwords too. We already collected the account info and passwords.

To Create email accounts and restore passwords . Please use the following script to create it

#!/bin/bash
#Scrit  for creating the email accounts createacct.sh
USERPASS="/backups/zmigrate/userpass"
USERDDATA="/backups/zmigrate/userdata"
USERS="/backups/zmigrate/emails.txt"
for i in `cat $USERS`
do
givenName=$(grep givenName: $USERDDATA/$i.txt | cut -d ":" -f2)
displayName=$(grep displayName: $USERDDATA/$i.txt | cut -d ":" -f2)
shadowpass=$(cat $USERPASS/$i.shadow)
tmpPass="CHANGEme"
zmprov ca $i CHANGEme cn "$givenName" displayName "$displayName" givenName "$givenName" 
zmprov ma $i userPassword "$shadowpass"
done

5.3 Restore email accounts

Now we are going to restore the emails from the Zip file. This process may take some hours. So it will be good to run behind “screen” command.

[zimbra@zimbra zmigrate]$ for i in `cat /backups/zmigrate/emails.txt`; do zmmailbox -z -m $i postRestURL "/?fmt=tgz&resolve=skip" /backups/zmigrate/$i.tgz ;  ; echo "$i -- finished "; done
gm@fun.com -- finished 
forest@fun.com -- finished 

5.4 Now recreate the distribution lists

It is time to recreate all the distribution lists as follows.

[zimbra@zimbra zmigrate]$ for i in `cat distributinlist.txt`; do zmprov cdl $i ; echo "$i -- done " ; done
2a852fd8-6e66-426e-a76d-15192536042a
budgetrtodomainusers@fun.com -- done 
a0f6ddb3-8525-4194-9397-6cf0a920dda6

5.5 Restore the distribution lists

After creating the distribution lists we need to add all the members inside the distribution lists. We have the distribution lists in the folder distributinlist_members/ and the list is in distributionlist.txt file. Please use the following small script to restore the distribution lists.

[zimbra@zimbra zmigrate]$ cat restoredist.sh 
#!/bin/bash
# add all memebers to each of these distribution lists
for i in `cat distributinlist.txt`
do
 for j in `grep -v '#' distributinlist_members/$i.txt |grep '@'` 
 do
 zmprov adlm $i $j
 echo " $j member has been added to list $i"
 done

done

5.6 Restore Alias accounts

Please use the following script to restore alias. This will add all the aliases in your email accounts.

#!/bin/bash
for i in `cat /backups/zmigrate/emails.txt`
do
 if [ -f "alias/$i.txt" ]; then
 for j in `grep '@' /backups/zmigrate/alias/$i.txt`
 do
 zmprov aaa $i $j
 echo "$i HAS ALIAS $j --- Restored"
 done
 fi
done

6. Conclusion

So now we migrated all our email accounts. It is time for DNS change. You need to shut down the old zimbra services and change the DNS. After that send some test emails and make sure everything is working fine. Next step is to secure your zimbra server. You need to install ssl certificates and firewall in your new zimbra server. Now you have a new server with new packages and files with the same old email accounts and its data.

7. References

https://wiki.zimbra.com/wiki/Zmprov_Examples
https://wiki.zimbra.com/wiki/Zmprov
https://wiki.zimbra.com/wiki/Backing_up_and_restoring_Zimbra_%28Open_Source_Version%29
'https://xmission.com/blog/2015/04/30/zimbra-server-admin-tip-mailbox-password-migration-and-server-settings-comparison'
http://stdout.no/zimbra-open-source-backup-strategy-and-scripts/

How to install Nagios and NRPE in Centos 7 or RHEL 7

1. Introduction

Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes.
Nagios runs periodic checks on user-specified resources and services.

Resources that can be monitored include:
Memory usage
Disk usage
Microprocessor load
The number of currently running processes
Log files.

Services that can be monitored include:
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol 3 (POP3)
Hypertext Transfer Protocol (HTTP) and other common network protocols.

A user-friendly Web-based graphical user interface is provided. An authorization system allows the administrator to restrict access as necessary.

2. Features

• Monitor your entire IT infrastructure;
• Identify problems before they occur;
• Know immediately when problems arise;
• Share availability data with stakeholders.hypothetical question;
• Detect security breaches;
• Plan and budget for IT upgrades;
• Reduce downtime and business losses.

3. Prerequisition

Nagios server:

Operating system : CentOS 7
IP Address : 138.201.3.27/32

Nagios client:

Operating System : ubuntu 15.10
IP Address : 138.201.3.28/32

If you have a fresh server you should configure lamp stack on the same.

Also install the following prerequisites too. All commands should be run as root user.

# yum install gd gd-devel gcc glibc glibc-common wget

Nagios user and group

 #useradd -m nagios
 #passwd nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

   # groupadd nagcmd
   #usermod -a -G nagcmd nagios
   #usermod -a -G nagcmd apache

4. Download Nagios And Plugins

By using wget utility we can retrieve files for the installation of latest version of Nagios.

For a good practise download the files in to “/usr/local/src”.

#cd /usr/local/src

#wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz

Download nagios plugins too. Nagios plugins allow you to monitor hosts, devices, services, protocols, and applications with Nagios.

#wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz

5. Install Nagios And Plugins

5.1 Install nagios:

Change directory to “/usr/local/src” and extract nagios.

#tar xzf nagios-4.1.1.tar.gz

change to the nagios directory then compile and install.

#cd nagios-4.1.1/
#sudo ./configure --with-command-group=nagcmd
#make all
#make install
#make install-init
#make install-config
#make install-commandmode

5.2 Install Nagios Web interface

Enter the following commands to compile and install nagios web interface.

 #make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account. You’ll need it while logging in to nagios web interface..

# sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

#systemctl restart httpd

5.3 Install Nagios plugins

Go to the directory /usr/local/src where you downloaded the nagios plugins, and extract it.

#cd /usr/local/src
#tar xzf nagios-plugins-2.0.3.tar.gz

After extracting down loaded file change directory to nagios-plugins by using cd commandand compile and install plugins

#cd nagios-plugins-2.0.3
#./configure --with-nagios-user=nagios --with-nagios-group=nagios
#make 
#make install

6.Access Nagios Web Interface

Open nagios administrator console with URL http://nagios-server-ip/nagios and enter the username as “nagiosadmin” and its password which we created in the earlier steps.

Now we can see home page of Nagios, there is an option “Hosts”on the left panel ,by clicking on that we can see hosts currently monitoring by the Nagios server.

Here we can see that Host status and details of host.

In left panel there is an option “Services” which shows that the current status of all services of the localhost.

7.Add Monitoring targets to Nagios server

Now nagios server is ready to monitor so, the next step is to add Nagios clients to monitor, Here Ubuntu 15.10 server has been taken as nagios client.

nrpe and nagios-plugins are need to add in our monitoring targets.

#apt-get install nagios-nrpe-server nagios-plugins

7.1 Configure nagios Client

Then add the nagios server IP to which nagios client should be listen.

Edit /etc/nagios/nrpe.cfg file,Add your Nagios server ip address:

# vi /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1 138.201.3.27

Start nrpe service on Ubuntu client:

/etc/init.d/nagios-nrpe-server restart

Now, go back to your Nagios server, and add the clients in the configuration file.

open “/usr/local/nagios/etc/nagios.cfg” and uncomment below line:

# vi /usr/local/nagios/etc/nagios.cfg

cfg_dir=/usr/local/nagios/etc/servers

Create a directory called “servers” under “/usr/local/nagios/etc/”.

# mkdir /usr/local/nagios/etc/servers

Create config file to the client to be monitored and make changes as follows

$vi /usr/local/nagios/etc/servers/clients.cfg


define host{
use                             linux-server
host_name                       arunima-ubuntu15 
alias                           arunima-ubuntu15 
address                         138.201.3.28
max_check_attempts              5
check_period                    24x7
notification_interval           30
notification_period             24x7
}

Here my nagios client ip is “138.201.3.28” and hostname arunima-ubuntu15 .

Then restart nagios server

#systemctl restart nagios

Wait for few seconds, and refresh nagios admin console in the browser and navigate to “Hosts” section in the left pane. You will see the newly added client will be visible there. Click on the host to see if there is anything wrong or any alerts it has.

http://IP-Address/nagios

Define services

We have just defined the monitoring host. Now, let us add some services of the monitoring host. Here i have added ssh, ftp and http services to monitor.

# vi /usr/local/nagios/etc/servers/clients.cfg

define service {
        use                             generic-service
        host_name                       arunima-ubuntu15
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
        }
define service {
        use                             generic-service
        host_name                       arunima-ubuntu15
        service_description             VSFTPD
        check_command                   check_ftp
        notifications_enabled           0
        }
define service {
        use                             generic-service
        host_name                       arunima-ubuntu15
        service_description             HTTPD
        check_command                   check_http
        notifications_enabled           0
        }

Before adding services to monitor make sure that all are currently running in nagios client.

#systemctl restart nagios

Navigate your browser to http://IP-Address/nagios and enter the Username and Password then click “Hosts”, Here you can see the new linux host and status of services which has been added.

How to Install Varnish on CentOS 7 or RHEL 7

1. Introduction

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic web sites. By redirecting traffic to static pages, varnish reduces the number of dynamic page calls, thus reducing load. Varnish is designed for content-heavy dynamic web sites as well as heavily consumed APIs. In contrast to other web accelerators, such as Squid, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator.

2. Varnish Cache Performance Parameters

Once installed, Varnish Cache allows us to use several apps to evaluate the server by means of statistics. These apps are the ones mentioned below.

• varnishtop: grouped list with the most usual entries from different logs.
• varnishhist: a histogram that shows the time taken for the requests processing.
• varnishsizes: it performs the same task as “varnishhist” but showing the size of the objects.
• varnishstat: it shows many contents on cache hits, resource consumption, etc..
• varnishlog: it allows us to see all the requests made to the web backend server.

3. Requirements

You may need an operating system RHEL 7 or Centos 7 in your dedicated or vps server. Please make sure to set a hostname for your server and its dns is pointing to the IP address of the server.

4. Installation Steps

Before you begin please install LAMP(Linux Apache Mysql PHP) in your server. To install LAMP, Please refer the documentation from here

Update your server with latest packages.

# yum update

Now install varnish on Centos.

# yum install varnish

4.1 How to setup Varnish 4 for Apache

# vi /etc/varnish/varnish.params

Change Listen Port to 80 as we are going to run Varnish in front of Apache:

VARNISH_LISTEN_PORT=80

Now edit Apache configuration file:

# vi /etc/httpd/conf/httpd.conf

Then look for the line that says “Listen 80” and change it to “Listen 8080”

Now restart Apache at first so the webserver run on port 8080 leaving port 80 being usable by Varnish:

# systemctl restart httpd.service

# systemctl restart varnish.service

# systemctl enable varnish.service

You can see varnish running on port 80 using the following command:

# netstat -tunlp | grep :80
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22368/httpd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      22145/varnishd

5. Testing varnish

# varnishd -V

Gives you an output something like this:

varnishd (varnish-3.0.7 revision f544cd8)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2014 Varnish Software AS

You can check it like this

# curl -I 
# curl -I 192.168.3.18
HTTP/1.1 403 Forbidden
Date: Sun, 17 Jan 2016 10:42:54 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
X-Varnish: 13
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive

About the author