March 19, 2011
Using Varnish To Proxy Content Via Firewall
*While writing this post, I realized that Varnish has been updated to 2.1.5 (not in EPEL yet) and this configuration will now break if setup.
If you have not yet setup Varnish or don’t understand the basics of Varnish, please read my post “Setup Pound, Varnish & Apache w/ Multiple IPs & BackEnds”. This article also assumes you understand the basics of a Firewall.
At work, I am setting up a new server environment for a client on our Cloud Servers from Rackspace. We have come up with our first approach to their needs, which is the following. One (1) Firewall Server using Varnish as a reverse proxy for web content to the other servers, Two (2) Production Web Servers running Varnish for Caching, One (1) Production Database Server, One (1) Development Web/Database Server.
Since I am still in the process of setting it up, I may not have it all figured out yet, but the basic concept is this. All DNS records for each site point to the IP Address of the Firewall Server. Next, set varnish to listen on that IP. You have two options for setting up the backend servers.
- Use rsync to synchronize the two production web servers. Then use Varnish as a load balancer to send equal or weighted amount of traffic to different servers.
- Use Varnish to proxy specific websites to different backend servers.
I am implementing option 2 into this environment. We have one website (high traffic) that will be on its own server and the client’s other sites will be on the second production server. On the backend server’s varnish configuration, you will change your listening IP to the IP address listed on the backend on the Firewall server. If you have a private IP address associated with each server, I would recommend using it as the IP addresses since those are faster and usually your hosting provider allows unlimited transfer between private IPs.
On the firewall server varnish vcl (Note: these aren’t the real private IP Addresses)
backend mydomain{
.host = "192.168.1.2";
.port = "80";
}
backend otherdomain{
.host = "192.168.1.3";
.port = "80";
}
sub vcl_recv {
if (req.http.host ~ "mydomain.com") {
set req.backend = mydomain;
}elseif (req.http.host ~ "otherdomain.com") {
set req.backend = otherdomain;
}
}
On the backend server’s varnish configuration (/etc/sysconfig/varnish)
DAEMON_OPTS="-a 192.168.1.2:80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u varnish -g varnish \
-s file,/var/lib/varnish/varnish_storage.bin,1G"
DAEMON_OPTS="-a 192.168.1.3:80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u varnish -g varnish \
-s file,/var/lib/varnish/varnish_storage.bin,1G"
The rest of the configuration would be your standard vcl from Varnish.
There are other solutions to what I am trying to do that might be much easier for the organization as a whole, but we are already using Varnish for caching on the server.
