search

manoaratefy / ispconfig3-varnish

This ISPConfig 3 plugin implements Varnish as reverse proxy, NGINX as SSL Termination and Apache as backend.
MIT License
10 stars 4 forks source link

readme

README

This ISPConfig plugin is built for those who wants setup Varnish Cache in ISPConfig. We use Varnish for cache, Apache for the backend, and we added NGINX for SSL termination.

So, we can have two scenario :

I've done test with the following configuration:

This should work fine with Ubuntu, and may requires small adjustments to work well on CentOS & RHEL-based distributions.

Installation steps:

Install dependancies:

apt-get install debian-archive-keyring curl gnupg apt-transport-https gnupg2 ca-certificates lsb-release git -y

Install Varnish repo

curl -s https://packagecloud.io/install/repositories/varnishcache/varnish64/script.deb.sh | sudo bash

Install NGINX repo

echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" \
| tee /etc/apt/sources.list.d/nginx.list
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -

Install Varnish and NGINX

apt-get update
apt-get install nginx varnish -y

Clone the repo:

git clone https://github.com/manoaratefy/ispconfig3-varnish.git

Change Apache2 ports:

sed -i 's/Listen 80/Listen 6080/g' /etc/apache2/ports.conf
sed -i 's/Listen 443/Listen 6443/g' /etc/apache2/ports.conf

Change Varnish ports:

cp /lib/systemd/system/varnish.service /tmp/varnish.service.old
perl -pe 's/(\s*)ExecStart(\s*)=(\s*)\/usr\/sbin\/varnishd(.*)/ExecStart=\/usr\/sbin\/varnishd -a :80 -a :7443 -f \/etc\/varnish\/default.vcl -s malloc,256m/g' /tmp/varnish.service.old | tee /lib/systemd/system/varnish.service > /dev/null
systemctl daemon-reload

Move all files to its place:

cd ispconfig3-varnish
cp -R etc/* /etc/
cp -R usr/* /usr/

Avoid NGINX to listen to port 80 and prepare folders:

rm /etc/nginx/conf.d/default.conf
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled

Enable the plugin:

ln -s /usr/local/ispconfig/server/plugins-available/varnish_plugin.inc.php /usr/local/ispconfig/server/plugins-enabled/varnish_plugin.inc.php

Fix remote IP detection:

a2enmod remoteip
cp /etc/apache2/sites-available/ispconfig.conf /etc/apache2/sites-available/ispconfig.conf.old
perl -pe 's/(\s*)LogFormat(\s+)"(.*)%h(.*)"(.*)combined_ispconfig/LogFormat "%v %a %l %u %t \\"%r\\" %>s %O \\"%{Referer}i\\" \\"%{User-Agent}i\\"" combined_ispconfig/g' /etc/apache2/sites-available/ispconfig.conf.old | tee /etc/apache2/sites-available/ispconfig.conf > /dev/null

Then, rebuild all vHost BEFORE RESTARTING SERVICES (in other case, Apache may not start then you'll not be able to open ISPConfig control panel).

ISPConfig > Tools > Sync Tools > Resync > Check "Websites" > Start

After that, you can restart all services:

systemctl restart apache2
systemctl restart varnish
systemctl restart nginx

Notes

Apache ports: 6080 (non SSL) / 6443 (pseudo-SSL) Varnish ports: 80 (non SSL) / 7443 (pseudo SSL) NGINX ports: N/A (non SSL) / 443 (SSL)

The pseudo-SSL is a particular port used by Apache & Varnish to be a back-end for the NGINX SSL. The traffic itself is not SSL but the environment is configured to say to PHP scripts that we are on SSL connection (X-Forwarded-Proto & HTTPS environment variable).

What needed to be improved?

I'm not a ISPConfig developer. I don't know if the way I do thing is good enough to have long-term compatibility with ISPConfig. I'm just making things working. So, I'm calling other developers to review my code and to adjust things that I do wrong.

Here is a short list of things I think I'm not doing great:

There may be other improvements. Just open an issue/request a feature.

Installation services

Do you need a sysadmin to install this module into your ISPConfig? I'm available for you. Contact me.

Donations

If my work was useful for your business, buy me a coffee:

Credits & Sponsors

I've found very useful information in the following URL:

Of course, my code is proudly used on professional web hosting that I would highly recommend.