Install Varnish Cache With Nginx on CentOS 8

Install Varnish Cache dengan Nginx pada CentOS 8

Artikel ini melanjutkan artikel sebelumnya: Install WordPress dengan Nginx PHP 8 MariaDB 10.6 pada CentOS 8

  • Setting SELinux mode ke Permissive
setenforce 0

nano /etc/selinux/config
SELINUX=permissive

shutdown -r now

  • Update repository packages
yum update -y && yum install epel-release -y && yum install nano wget net-toosl curl unzip -y
  • Install Varnish Cache
yum module install varnish -y
  • Jalankan service varnish cache
systemctl start varnish
systemctl enable varnish
systemctl status varnish
  • Cek versi varnish cache
varnishd -V
varnishd (varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2020 Varnish Software AS
  • Cek status service varnish, varnish listen port 6081
netstat -ltnp | grep 6081
tcp        0      0 0.0.0.0:6081            0.0.0.0:*               LISTEN      41266/varnishd
tcp6       0      0 :::6081                 :::*                    LISTEN      41266/varnishd
  • Edit port nginx 80 menjadi 8080,
  • Pastikan semuaserver block port nginx sudah di ubah menajdi 8080
nano /etc/nginx/conf.d/example.com.conf

listen       8080 default_server;
nano /etc/nginx/conf.d/default.conf

listen       8080;
nano /etc/nginx/conf.d/blog.bikinin.website.conf

listen       8080;

  • Setting Varnish cache dari port 6081 menjadi 80
systemctl edit --full  varnish
ExecStart=/usr/sbin/varnishd -a :80 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -s malloc,256m
  • Cek varnish proxy, pastikan menggunakan port 8080
nano /etc/varnish/default.vcl 
# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "8080";
}
  • Restart service nginx php-fpm varnish
systemctl restart nginx php-fpm varnish
  • Cek status service nginx dan varnish.
  • nginx listen pada port 8080 dan 443, sedangkan varnish listen pada port 80
netstat -tulpn | grep nginx
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      73930/nginx: master
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      73930/nginx: master

netstat -tulpn | grep varnish
tcp        0      0 127.0.0.1:8443          0.0.0.0:*               LISTEN      2649/varnishd
tcp        0      0 127.0.0.1:45381         0.0.0.0:*               LISTEN      2649/varnishd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2649/varnishd
tcp6       0      0 ::1:8443                :::*                    LISTEN      2649/varnishd
tcp6       0      0 :::80                   :::*                    LISTEN      2649/varnishd
tcp6       0      0 ::1:39025               :::*                    LISTEN      2649/varnishd

  • Test Varnish cache dengan curl, akan terlihat via varnish
[root@LNMP admin]# curl -I http://localhost
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 27 Jan 2022 03:49:00 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 28 Dec 2021 18:47:10 GMT
ETag: "61cb5bae-267"
X-Varnish: 10 32778
Age: 7
Via: 1.1 varnish (Varnish/6.0)
Accept-Ranges: bytes
Connection: keep-alive

[root@LNMP admin]# curl -I http://103.169.7.56
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 27 Jan 2022 03:48:14 GMT
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/8.0.15
X-Varnish: 12 3
Age: 75
Via: 1.1 varnish (Varnish/6.0)
Accept-Ranges: bytes
Content-Length: 97599
Connection: keep-alive
  • Cek varnish cache via browser
  • Cek varnish cache stat dengan varnishstat
  • Cek varnish top dengan varnishtop

Aktifkan Varnish cache untuk HTTPS

  • Tambahkan pada file hosts
nano /etc/hosts
127.0.0.1 blog
  • Tambahkan proxy_pass http://blog:80; pada server block /etc/nginx/conf.d/blog.bikinin.website.conf
server {
   server_name blog.bikinin.website;
   root /var/www/html/blog.bikinin.website;

   location / {
       index index.html index.htm index.php;
       try_files $uri $uri/ /index.php?$args;
       proxy_pass http://blog:80;
   }

         add_header X-Frame-Options "SAMEORIGIN";
         add_header X-Content-Type-Options "nosniff";
         add_header X-Xss-Protection "1; mode=block";

         location ~* /\.(?!well-known\/) {
                 deny all;
         }

         location ~\.(ini|log|conf)$ {
                 deny all;
         }

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass unix:/run/php-fpm/www.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
      fastcgi_read_timeout 300;
      proxy_read_timeout 600;
   }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/blog.bikinin.website/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/blog.bikinin.website/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = blog.bikinin.website) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


   listen 8080;
   server_name blog.bikinin.website;
   return 404; # managed by Certbot

}
  • Tambahkan server block baru dengan nama blog.conf pada /etc/nginx/conf.d
server {
   listen 8080;
   server_name blog;
   root /var/www/html/blog.bikinin.website;

   location / {
       index index.html index.htm index.php;
       try_files $uri $uri/ /index.php?$args;
   }

         location ~* /\.(?!well-known\/) {
                 deny all;
         }

         location ~\.(ini|log|conf)$ {
                 deny all;
         }

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass unix:/run/php-fpm/www.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }
}
  • Restart service nginx php-fpm varnish
systemctl restart nginx php-fpm varnish
  • Tambahkan baris berikut pada file wp-config.php , cek disini
$_SERVER['HTTPS'] = 'on';

  • Cek varnish cache dengan curl
[root@LNMP conf.d]# curl -I https://blog.bikinin.website
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 27 Jan 2022 12:12:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 54664
Connection: keep-alive
X-Powered-By: PHP/8.0.15
Link: <https://blog.bikinin.website/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
X-Varnish: 65554 21
Age: 10
Via: 1.1 varnish (Varnish/6.0)
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
  • Cek pada browser dengan url: https://blog.bikinin.website

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.