Translations: English
Search on Docs:
   
ActionItem Search:

Varnish

Varnish is a HTTP caching server, and using it together with Noosfero is highly recommended. See http://www.varnish-cache.org/ for more information on Varnish.

This guide is based on INSTALL.varnish.

Installation

The supported varnish version is 2.1. If you are using Ubuntu, please follow these downgrade instructions.

Varnish can be set up to use with Noosfero with the following steps:

1) setup Noosfero with apache according to the INSTALL file. If you used the

Debian package to install noosfero, you don't need to do anything about this.

2) Install Varnish

sudo apt-get install varnish

Install the RPAF apache module (or skip this step if not using apache):

sudo apt-get install libapache2-mod-rpaf

3) Change Apache to listen on port 8080 instead of 80

  1. Edit /etc/apache2/ports.conf, and:
    • change NameVirtualHost *:80 to NameVirtualHost *:8080
    • change Listen 80 to Listen 127.0.0.1:8080
  2. Edit /etc/apache2/sites-enabled/*, and change <VirtualHost *:80> to <VirtualHost *:8080>
  3. Restart apache: sudo service apache2 restart

4) Varnish configuration

4a) Edit /etc/default/varnish

  • change the line that says START=no to say START=yes
  • change -a :6081 to -a :80

4b) Edit /etc/varnish/default.vcl and add the following lines at the end:

  include "/etc/noosfero/varnish-noosfero.vcl";
  include "/etc/noosfero/varnish-accept-language.vcl";

On manual installations, change /etc/noosfero/* to {Rails.root}/etc/noosfero/*

NOTE: it is very important that the *.vcl files are included in that order, i.e. first include varnish-noosfero.vcl, and after noosfero-accept-language.cvl.

4c) Restart Varnish

sudo service varnish restart

5) Enable varnish logging:

5a) Edit /etc/default/varnishncsa and uncomment the line that contains:

VARNISHNCSA_ENABLED=1

The varnish log will be written to /var/log/varnish/varnishncsa.log in an apache-compatible format. You should change your statistics generation software (e.g. awstats) to use that instead of apache logs.

5b) Restart Varnish Logging service

sudo service varnish restart

Sharing noosfero with other domains that don't use varnish

The common noosfero setup for varnish/apache/rails is:
  • Varnish at port 80
  • Apache at port 8080
(varnish:80) -> (apache:8080) -> (thin(s):50000-50004)

But if you have sites that don't go with a Varnish setup and works only directly with Apache? Then you are going to need a setup like this:
  • Varnish at port 8080
  • Apache at ports 80 and 81

The port 80 holds the sites that uses varnish and for those that don't. For those that use, you need to proxy the request to varnish, by putting the following to its VirtualHost:
<VirtualHost *:80>
  ServerName 
  ProxyPreserveHost On
  RewriteEngine On
  RewriteRule ^.*$ http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L]
</VirtualHost>

For noosfero this setup will mean:
(apache:80) -> (varnish:8080) -> (apache:81) -> (thin(s):50000-50004)

After that, setup the varnish backend (at /etc/varnish/default.vcl) with port 81 and change noosfero proxy balancer VirtualHost to port 81.

SSL

Read more about noosfero with SSL.

Varnish doesn't support SSL even on its newer versions. So you need a SSL terminate (decrypter) that will deliver http instead of https to varnish.

Apache will decrypt and proxy to varnish. The final setup looks like this:
(apache:80 redirects to apache:443) -> (varnish:8080) -> (apache:81) -> (thin(s):50000-50004)

Follow the above section's instructions and see Apache. You'll end up with something like:
<VirtualHost *:80>
  ServerName 
  RewriteEngine On
  SSLProxyEngine On
  RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName 

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/server.crt
  SSLCertificateKeyFile /etc/ssl/private/server.key
  #SSLCertificateChainFile /etc/ssl/certs/GandiXXXSSLCA.pem
  SSLVerifyClient None

  RewriteEngine On
  ProxyPreserveHost On
  RewriteRule ^.*$ http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L]
</VirtualHost>

<VirtualHost *:81>
  # noosfero proxybalancer configuration
</VirtualHost>

References


Add comment
You need to login to be able to comment.
 
Topic revision: r1 - 22 May 2015, UnknownUser

irc Talk with Devs Now!

Copyright © 2007-2019 by the Noosfero contributors
Colivre - Cooperativa de Tecnologias Livres