This ISPConfig plugin is built for those who wants setup Varnish Cache in ISPConfig. We use Varnish for cache, Apache for the backend, and we added NGINX for SSL termination.
So, we can have two scenario :
Visitor > Varnish > Apache
Visitor > NGINX > Varnish > Apache
I've done test with the following configuration:
This should work fine with Ubuntu, and may requires small adjustments to work well on CentOS & RHEL-based distributions.
Install dependancies:
apt-get install debian-archive-keyring curl gnupg apt-transport-https gnupg2 ca-certificates lsb-release git -y
curl -s https://packagecloud.io/install/repositories/varnishcache/varnish64/script.deb.sh | sudo bash
echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" \
| tee /etc/apt/sources.list.d/nginx.list
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -
apt-get update
apt-get install nginx varnish -y
Clone the repo:
git clone https://github.com/manoaratefy/ispconfig3-varnish.git
Change Apache2 ports:
sed -i 's/Listen 80/Listen 6080/g' /etc/apache2/ports.conf
sed -i 's/Listen 443/Listen 6443/g' /etc/apache2/ports.conf
Change Varnish ports:
cp /lib/systemd/system/varnish.service /tmp/varnish.service.old
perl -pe 's/(\s*)ExecStart(\s*)=(\s*)\/usr\/sbin\/varnishd(.*)/ExecStart=\/usr\/sbin\/varnishd -a :80 -a :7443 -f \/etc\/varnish\/default.vcl -s malloc,256m/g' /tmp/varnish.service.old | tee /lib/systemd/system/varnish.service > /dev/null
systemctl daemon-reload
Move all files to its place:
cd ispconfig3-varnish
cp -R etc/* /etc/
cp -R usr/* /usr/
Avoid NGINX to listen to port 80 and prepare folders:
rm /etc/nginx/conf.d/default.conf
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
Enable the plugin:
ln -s /usr/local/ispconfig/server/plugins-available/varnish_plugin.inc.php /usr/local/ispconfig/server/plugins-enabled/varnish_plugin.inc.php
Fix remote IP detection:
a2enmod remoteip
cp /etc/apache2/sites-available/ispconfig.conf /etc/apache2/sites-available/ispconfig.conf.old
perl -pe 's/(\s*)LogFormat(\s+)"(.*)%h(.*)"(.*)combined_ispconfig/LogFormat "%v %a %l %u %t \\"%r\\" %>s %O \\"%{Referer}i\\" \\"%{User-Agent}i\\"" combined_ispconfig/g' /etc/apache2/sites-available/ispconfig.conf.old | tee /etc/apache2/sites-available/ispconfig.conf > /dev/null
Then, rebuild all vHost BEFORE RESTARTING SERVICES (in other case, Apache may not start then you'll not be able to open ISPConfig control panel).
ISPConfig > Tools > Sync Tools > Resync > Check "Websites" > Start
After that, you can restart all services:
systemctl restart apache2
systemctl restart varnish
systemctl restart nginx
Apache ports: 6080 (non SSL) / 6443 (pseudo-SSL) Varnish ports: 80 (non SSL) / 7443 (pseudo SSL) NGINX ports: N/A (non SSL) / 443 (SSL)
The pseudo-SSL is a particular port used by Apache & Varnish to be a back-end for the NGINX SSL. The traffic itself is not SSL but the environment is configured to say to PHP scripts that we are on SSL connection (X-Forwarded-Proto & HTTPS environment variable).
I'm not a ISPConfig developer. I don't know if the way I do thing is good enough to have long-term compatibility with ISPConfig. I'm just making things working. So, I'm calling other developers to review my code and to adjust things that I do wrong.
Here is a short list of things I think I'm not doing great:
There may be other improvements. Just open an issue/request a feature.
Do you need a sysadmin to install this module into your ISPConfig? I'm available for you. Contact me.
If my work was useful for your business, buy me a coffee:
32NriafwyTELpL7GgH8XoimsnA8Hh8U9FU
833wfJerqTVb9fLhSgBNSQLQBSqsR4Tvr3sCE721JtD3bVpybqUWfHQUexcDYxJkX63rAZyPdqWDMP6BZULsL71yJN8xvTL
I've found very useful information in the following URL:
Of course, my code is proudly used on professional web hosting that I would highly recommend.