CentOS7 - Varnish

Install

Make sure EPEL repo is installed.

# yum install -y varnish

Change default port from 6081 to 80:

# vim /etc/varnish/varnish.params

...
VARNISH_LISTEN_PORT=80
...

Create simple loadbalancing configuration:

# vim /etc/varnish/default.vcl

vcl 4.0;

import directors;    # Load the directors

backend host1 {
    .host = "192.168.1.1";
    .port = "80";
    .connect_timeout = 5s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
    .probe = {
        .request = "GET /check.flag HTTP/1.1"
            "Host: 192.168.1.1"
            "Connection: close"
            "Accept: */*";
        .interval = 5s;
        .timeout = 1s;
        .window = 5;
        .threshold = 3;
    }
}

backend host2 {
    .host = "192.168.1.2";
    .port = "80";
    .connect_timeout = 5s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
    .probe = {
        .request = "GET /check.flag HTTP/1.1"
            "Host: 192.168.1.2"
            "Connection: close"
            "Accept: */*";
        .interval = 5s;
        .timeout = 1s;
        .window = 5;
        .threshold = 3;
    }
}

sub vcl_init {
    #create new loadbalancer and add the backend hosts
    new lb = directors.round_robin();
    lb.add_backend(host1);
    lb.add_backend(host2);
}

sub vcl_recv {
    #send all traffic to the lb director:
    set req.backend_hint = lb.backend();

    #cloudflare is doing the caching
    return (pass);
}

Enable and start:

# systemctl enable varnish
# systemctl enable varnishlog
# systemctl start varnish
# systemctl start varnishlog

Test:

# varnishadm backend.list

Try to remove check.flag probe file and touch it back to see if status correctly changes from healthly to sick and back for all hosts.

Updating configuration

List of run-time parameters: https://varnish-cache.org/docs/4.0/reference/varnishd.html#run-time-parameters

For example disabling HTTP Ranges:

# systemctl edit --full varnish.service
# vim /etc/systemd/system/varnish.service

...
ExecStart=/usr/sbin/varnishd \
    -P /var/run/varnish.pid \
    -f $VARNISH_VCL_CONF \
    -a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
    -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
    -S $VARNISH_SECRET_FILE \
    -u $VARNISH_USER -g $VARNISH_GROUP \
    -s $VARNISH_STORAGE \
    -p "http_range_support=off" \
    $DAEMON_OPTS
...

# systemctl daemon-reload
# systemctl restart varnish