Install Varnish with Plesk 10.3

[RaphaëlD]

Hello,

I have a dedicated server with Plesk 10.3 in ubuntu 11.04

I try to install Varnish as HTTP Accelerator.

1) I managed to change the default port for apache: http://kb.parallels.com/11232
2) I followed a tutorial to install varnish: http://www.euperia.com/linux/setting-up-varnish-with-apache-tutorial

3) When I try to access my site (I have only one vhost currently), the site m'affiche the famous "IT works" Apache instead of my current site. I think my vhost does not listen to the correct port.

Does anyone have an idea of ​​configurations to accommodate Varnish with Plesk?

Thank you for your assistance to come.

 

[RaphaëlD]

I continued to work on Varnish + Plesk ... but it still does not work.

1) I changed the port for apache in plesk General

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e'replace into misc (param, val) values ("http_port", 8008)'

1.1) I rebuild the server conf

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all


2) I changed the apache conf files (if those were not taking full plesk top)

vim /etc/apache2/ports.conf

NameVirtualHost *:8008
Listen 8008

2.1) I do the same with `/etc/apache2/sites-enables/000-default`

3) I changed the port of my vhost (a single server)

vim /var/www/vhosts/MYDOMAIN.COM/conf/XXXXXXXXX.http.include

Replace the port 80 by this I want.

Rebuild the vhost conf

/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=<domain_name>
with <domain_name> without www

(See my issue in serverfault: http://serverfault.com/questions/333652/edit-vhost-port-in-plesk-10-3 )

4) I installed varnish by following this tutorial : http://www.euperia.com/linux/setting-up-varnish-with-apache-tutorial

5) I restart apache 2 + varnish

service apache2 restart
service varnish restart

When I go to my site, I come across a page of apache

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

Can somebody help me ?

This means that my vhost does not point to the right place.
Why? What to do? How?

 

[ArduinoP]

Hello,


i'm having similar issue on my server. Right now i'have this configuration:

Varnish default.vlc:

backend default {
.host = "domain1.it";
.port = "8080";

}

(where domain1.it is one of my domain)

Apache
Listen 8080

Servers IP example: 1.1.1.1 - 1.1.1.2 - 1.1.1.3

domain1 is on IP 1.1.1.3 and it's resolving well on port 80 with varnish.

Then i have other 20 websites that are located on 1.1.1.1 or 1.1.1.2 that are showing Plesk default page right now, but they're loading on port 8080.

I've tryed adding this second backend:

backend domain2 {
.host = "127.0.0.1";
.port = "8080";
}
sub vcl_recv {
if (req.http.host == "domain2.it") {
#You will need the following line only if your backend has multiple virtual host names
set req.http.host = "domain2.it";
set req.backend = domain2;
return (lookup);
}
}


with no luck yet, i've looked at vhost.conf of all my domains and all of them are to run on port 8080, but i can't understand why only 1 domain is loading correctly on port 80 and all other are on port 8080.

Hope someone could help.

Regards in advance.

 

[ArduinoP]

So i'm moving all my website to IP releated to domain1.it as this is the only IP that make pages load normally. Don't ask me why 'cause i've no idea, i would have prefered to have websites on different IPs but this actually seems to be impossibile with varnish...

 

[nevakee]

I've solved it with iptables.
Apache run normally on port 80 and varnish on port 8080 for example.

/sbin/iptables -I PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

/etc/varnish/default.vcl:

backend default {
.host = "SERVER_IP";
.port = "80";
}

 

[ArduinoP]

So this is working also for more than 1 IP?

edit: you just setup default backend with 1 random ip associated with your server, right?

 

[nevakee]

This is for more than 1 IP.

iptables -I PREROUTING -t nat -i eth0 -d 10.0.0.1 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:8080

iptables -I PREROUTING -t nat -i eth0 -d 10.0.0.2 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:8080

iptables -I PREROUTING -t nat -i eth0 -d 10.0.0.3 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3:8080

Is not the best solution but it works.

 

[Frater]

Yes Nevakee, I did it that way as well....

To automate it I have automated is using this script.
Now you can stop the server and it will go directly to Apache.
I'm using this approach as well for pound and assp (smtp-proxy)

#! /bin/sh

### BEGIN INIT INFO
# Provides:          varnish
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start HTTP accelerator
# Description:       This script provides a server-side cache
#                    to be run in front of a httpd and should
#                    listen on port 80 on a properly configured
#                    system
### END INIT INFO

# Source function library
. /lib/lsb/init-functions

NAME=varnishd
DESC="HTTP accelerator"
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/varnishd
PIDFILE=/var/run/$NAME.pid

test -x $DAEMON || exit 0

#################################################### iptables modification
# if varnish should redirect port 80
REDIRECT=1
ht=`echo -e '\011'` # codify horizontal tab
IPLIST=`mktemp`

getiplist ()
{
  SRVPORT=$1
  echo -n '' >${IPLIST}
  if [ ! -z "${SRVPORT}" ] ; then
    # get IP's varnish is listening to (no localhost)
    netstat -lntp | grep 'tcp ' | egrep -o "[0-9.]+:${SRVPORT}" | grep -v '^127\.'  | awk -F: '{print $1}' >${IPLIST}
    # if it is listening to all interfaces (0.0.0.0) then get the ipv4 interfacelist
    grep -q '0\.0\.0\.0' ${IPLIST} && ifconfig | egrep -o 'inet addr:[0-9.]+' | awk -F: '{print $2}' | grep -v '^127\.' >${IPLIST}
  fi
}

ins_ipt_rule ()
{
        echo "Check if ports need to be translated"
        while read IP ; do
                # check if rule isn't yet present
                if ! iptables-save | grep PREROUTING | grep "${IP}" | grep 'dport 80' | grep -q "${VARNISH_PORT}" ; then
                        echo "Traffic going to ${IP}:80 will be translated to ${IP}:${VARNISH_PORT}"
                        iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}
                fi
        done < ${IPLIST}
}

del_ipt_rule ()
{
        echo "Check if port translations need to be deleted"
        while read IP ; do
                # check if rule is present
                if iptables-save | grep PREROUTING | grep "${IP}" | grep 'dport 80' | grep -q "${VARNISH_PORT}" ; then
                        echo "Traffic going to ${IP}:80 will NOT be translated anymore to ${IP}:${VARNISH_PORT}"
                        iptables -t nat -D PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}
                fi
        done < ${IPLIST}
}

################################################### end

# Include varnish defaults if available
if [ -f /etc/default/varnish ] ; then
        . /etc/default/varnish
fi

VARNISH_PORT=`echo "${DAEMON_OPTS}" | grep -o '\-a [a-z0-9.]*:.* ' | awk -F: '{print $2}' | awk '{print $1}'`
# if VARNISH_LISTEN_PORT is used in /etc/default/varnish it will take precedence
VARNISH_PORT=${VARNISH_PORT:=${VARNISH_LISTEN_PORT}}


# Open files (usually 1024, which is way too small for varnish)
ulimit -n ${NFILES:-131072}

# Maxiumum locked memory size for shared memory log
ulimit -l ${MEMLOCK:-82000}

# If $DAEMON_OPTS is not set at all in /etc/default/varnish, use minimal useful
# defaults (Backend at localhost:8080, a common place to put a locally
# installed application server.)
DAEMON_OPTS=${DAEMON_OPTS:--b localhost}

# Ensure we have a PATH
export PATH="${PATH:+$PATH:}/usr/sbin:/usr/bin:/sbin:/bin"

start_varnishd() {
    log_daemon_msg "Starting $DESC" "$NAME"
    output=$(/bin/tempfile -s.varnish)
    if start-stop-daemon \
        --start --quiet --pidfile ${PIDFILE} --exec ${DAEMON} -- \
        -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1; then
        log_end_msg 0
        if [ ${REDIRECT} -ne 0 ] && [ ! -z "${VARNISH_PORT}" ] ; then
                sleep 1                                 # Wait for Varnish to settle
                getiplist "${VARNISH_PORT}"
                ins_ipt_rule
        elif [ ${REDIRECT} -ne 0 ] ; then
                echo "Could not detect port on which Varnish is running"
        fi
    else
        log_end_msg 1
        cat $output
        exit 1
    fi
    rm $output
}

disabled_varnishd() {
    log_daemon_msg "Not starting $DESC" "$NAME"
    log_progress_msg "disabled in /etc/default/varnish"
    log_end_msg 0
}

stop_varnishd() {
    log_daemon_msg "Stopping $DESC" "$NAME"
    if [ ${REDIRECT} -ne 0 ] && [ ! -z "${VARNISH_PORT}" ] ; then
        getiplist ${VARNISH_PORT}
    elif [ ${REDIRECT} -ne 0 ] ; then
        echo "Could not detect port on which Varnish is running"
    fi
    if start-stop-daemon \
        --stop --quiet --pidfile $PIDFILE --retry 10 \
        --exec $DAEMON; then
        log_end_msg 0
        del_ipt_rule
    else
        log_end_msg 1
    fi
}

reload_varnishd() {
    log_daemon_msg "Reloading $DESC" "$NAME"
    if /usr/share/varnish/reload-vcl -q; then
        log_end_msg 0
    else
        log_end_msg 1
    fi
}

status_varnishd() {
    status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}"
}

case "$1" in
    start)
        case "${START:-}" in
            [Yy]es|[Yy]|1|[Tt]|[Tt]rue)
                start_varnishd
                ;;
            *)
                disabled_varnishd
                ;;
        esac
        ;;
    stop)
        stop_varnishd
        ;;
    reload)
        reload_varnishd
        ;;
    status)
        status_varnishd
        ;;
    restart|force-reload)
        $0 stop
        sleep 2
        $0 start
        ;;
    *)
        log_success_msg "Usage: $0 {start|stop|restart|force-reload}"
        exit 1
        ;;
esac

[ -f ${IPLIST} ] && rm -f ${IPLIST}

exit 0

 

[ArduinoP]

Thanks for helping.

Yes actually this is not really the best solution, but as it's working then is ok.

 

[ArduinoP]

Hi,

so i got this config now:

Apache:
Listen 8080

/etc/varnish/default.vcl:
backend default {
.host = "domain1.it";
.port = "8080";

}

/etc/sysconfig/varnish:
## Alternative 3, Advanced configuration
#
# See varnishd(1) for more information.
#
# # Main configuration file. You probably want to change it
VARNISH_VCL_CONF=/etc/varnish/default.vcl
#
# # Default address and port to bind to
# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
#VARNISH_LISTEN_ADDRESS=
VARNISH_LISTEN_PORT=80

iptables -I PREROUTING -t nat -i eth0 -d 1.1.1.2 -p tcp --dport 80 -j DNAT --to-destination 1.1.1.2:8080

Issue is now that websites on 1.1.1.2 is taking like 10seconds to open because of the redirect, does this happening only to me? I've also tryed to add backend like domain2.it on both port 80 and 8080 but this didn't change the situation. Testing with PingDom tools it just take ages to resolve dns, then files charging is fast.

All the websites on domain1.it IP are resolving fast like hell and using varnish with no problem at all.

Thanks in advance.



edit: seems working just fine now without editing any configuration

Thanks again nevakee!

 

[nevakee]

edit: seems working just fine now without editing any configuration

Thanks again nevakee!

This is also the meaning of the iptables rule.
The apache2 configuration must not be changed.

 

[Prinny]

Correct me if I'm wrong, but wouldn't ArduinoP's settings bypass Varnish entirely? If Apache is listening on 8080 and he's redirecting all port 80 traffic to 8080, then Varnish wouldn't even see any of it. If that's the case, then he's simply serving pages from Apache while Varnish runs in the background taking up resources.

 

[ArduinoP]

well actually page loading time dropped from 4-5seconds to 900ms...

 

[Frater]

One should also change how Apache logs otherwise it will log all traffic as if it was coming from the server itself....

I wrote a sort of "Howto" which I had to follow myself just recently after installing 2 new plesk servers...
I did have difficulty following it, because I'm only putting 'diff' statements where files need to be edited, but there weren't any faults there...

So, if you want proper logging (with the original IP-addresses instead of the same) you need to check this:

http://forum.parallels.com/showthread.php?p=556864#post556864


If someone wants to write a better HowTo, please do

 

[ArduinoP]

did you tryed with mod_rpaf?

 

[Frater]

I didn't know about that mod..
I just reversed my modification and installed mod_rpaf which turns out was in ubuntu's repo

reverse my own mod

mv /opt/psa/admin/conf/templates/custom /opt/
/opt/psa/admin/sbin/httpdmng --reconfigure-all

Installed mod_rpaf and edited /etc/apache2/mods-available/rpaf.conf (add my proxy IP)

apt-get install libapache2-mod-rpaf
vi /etc/apache2/mods-available/rpaf.conf
/etc/init.d/apache2 restart

I did a short test and found out it worked for access_log, but not for error_log :-(
My solution does work for both files, but this one is much less intrusive....
And it will (probably) not get confused if I turn off the reverse-proxy and someone connects with a forward-proxy.
In that case I don't want to detect the original IP (as it can be faked) and am merely interested in the IP of that foreign forward-proxy.

 

[ArduinoP]

Is there a way to get plesk update working? Right now i got repo error because of varnish installation...

 

[KristianM]

This is for more than 1 IP.



Is not the best solution but it works.

Hi,

what does your default.vcl look like for this case?

Thanks
Kristian

 

[nevakee]

File: /etc/varnish/default.vcl

backend default {
.host = "10.0.0.1";
.port = "80";
}
backend default2 {
.host = "10.0.0.2";
.port = "80";
}
backend default3 {
.host = "10.0.0.3";
.port = "80";
}


acl defaultip
{ "10.0.0.1"; }
acl default2ip
{ "10.0.0.2"; }
acl default3ip
{ "10.0.0.3"; }

sub vcl_recv {

if (server.ip ~ defaultip) {
set req.backend = default;
}

if (server.ip ~ default2ip) {
set req.backend = default2;
}

if (server.ip ~ default3ip) {
set req.backend = default3;
}

}

 

[sosbilisim]

I'm not use plesk 10 but I use plesk 11

worked with iptables rule to varnish work great but i have a problem with multiple ip with varnish backend.

I use default configuration for varnish then i added my second ip to varnish backend varnish cant start. say failed and not working