Questions? Feedback? powered by Olark live chat software
Ignorar Navegação

Using Varnish as front end cache for Azure Web Apps

Publicado em 6 outubro, 2015

Program Manager, Azure App Service

Varnish is an Http accelerator designed for content-heavy websites and highly consumable APIs. You can easily spin up a Varnish server on top of your Azure Web Apps to boost your website's performance. Varnish can cache web pages and provide content to your website users blazing fast. This blog post shows you how to install and configure Varnish with sample configuration files.

Step 1: Create a cloud service using Linux virtual machine on Azure

First, you need to setup a cloud service with a Linux virtual machine, click here for details. For most web apps a single VM is sufficient. However, if you need a failure resilient front end cache, I recommend using at least two virtual machines on your cloud service. For the purpose of this blog post, I will be using Ubuntu LTS.

Step 2: Install Varnish on all VMs

It is recommended to use Varnish packages provided by varnish-cache.org. The only supported architecture is amd64 for Ubuntu LTS. For other Linux distributions, please see install instructions here. Connect to each virtual machine using PuTTY and do the following as root user:

  • Add the security key [Debian and Ubuntu].
wget http://repo.varnish-cache.org/debian/GPG-key.txt
apt-key add GPG-key.txt
  • Add the package URL to apt-get repository sources list.
echo "deb http://repo.varnish-cache.org/ubuntu/ precise varnish-3.0" | sudo tee -a /etc/apt/sources.list
  • Update the package manager and download/install Varnish Cache
apt-get update
apt-get install varnish

Step 3: Varnish configuration

The default settings are not set to run on front-facing port of 80(HTTP) or 443 (for HTTPS) and hence this needs to modified to use port you need for your web app. Port 80 is the default TCP port for HTTP traffic. If you plan on using SSL with your website, you will also need to open port 443 which is the default port for HTTPS traffic.

Login to Azure Preview portal and select your virtual machine to add the endpoint for port 80 (HTTP) or 443 (HTTPS). This needs to be done for every virtual machine. The configuration file on Ubuntu is at  /etc/default/varnish. Using your favorite editor to edit the file, in this blog post I’m using nano editor.

nano /etc/default/varnish

The file will have a few default settings. If you scroll down, you will see a block of text defining the Varnish daemon options starting with the text DAEMON_OPTS, similar to:

DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

Change the port from 6081 to 80 (HTTP) or 443 (HTTPS) :

DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

By default the port 80 or 443 is blocked by the firewall , and hence you need to explicitly open the port by using the  iptables command

Using iptables:

By running the following commands a root can open port 80 allowing regular Web browsing from websites that communicate via port 80.

iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT

To allow access to secure websites you must open port 443 as well.

iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT 
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT 

Step 4: Modifying the default VCL file under /etc/varnish/

Varnish uses a .vcl file (default located at /etc/varnish/ as default.vcl) containing instructions written in VCL Language in order to run its program. This is used to define how Varnish should handle the requests and how the document caching system should work.

Open the editor once again to modify the contents of default.vcl (located under /etc/varnish/) by using the following command.

nano /etc/varnish/default.vcl

Create a default backend with .host and .port referring to your Azure web app.  Here is a sample of basic VCL configuration file (replace my-azure-webapp.azurewebsites.net with your actual web application custom domain or azurewebsite.net domain URL). Note, if you are using Varnish 4.0 and above you need to include vcl 4.0 at the beginning of the file. To learn more about Varnish 4.0 VCL documentation click here.

vcl 4.0;
backend default {

      .host = "my-azure-webapp.azurewebsites.net";
      .port = "80";
      .connect_timeout = 600s;
      .first_byte_timeout = 600s;
      .between_bytes_timeout = 600s;
}
sub vcl_recv {
     set req.http.host = "my-azure-webapp.azurewebsites.net";
     set req.backend = default;
     return (lookup);
}

Troubleshooting

If you run into any issues with Varnish server, you can view  the logs by running the following command.

varnishlog cmd

Browse your site again and look at the log in the your VM. For more information, click here.

Sample VCL configuration files

  • WordPress

If you are using a WordPress web app, click here to download a sample Varnish configuration for WordPress.

  • Drupal

If you are using a Drupal web app, click here to download a sample Varnish configuration for Drupal.