Question
How to configure varnish cache for a domain in Plesk?
Answer
This can be achieved in multiple ways.
Docker:
-
Navigate to Docker in Plesk, find and the official varnish image in the catalog, click and select the stable(6.6.2) version to run a varnish containre:
-
Setup Manual Mapping for the docker container. At Docker > varnish > Settings uncheck the "Automatic Port Mapping" function and apply the following manual mappings:
80 -> 32780
8443 -> 32781 (we're not going to use this one) -
Disable the "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option on the domain at Domains > example.com > Hosting Settings
-
Create a Docker Proxy Rule on the domain at Domains > example.com > Docker Proxy Rules:
URL: example.com/
Container: varnish
Port: 80 -> 32780
\ -
Permit connections to the apache2 port 7080 from the docker subnet via iptables:
6.1 Connect to the server via SSH
6.2 Apply the rule using the next command: \# iptables -I INPUT -p tcp --dport 7080 -s 172.17.0.0/24 -j ACCEPT
Note: The rule added via command line would be reset on the system reboot, or after applying a custom firewall script/configuration. In order to make it persistent, rather include it in your iptables configuration, or consider scheduling a server-wide cron task.
-
In case there is a Plesk Firewall extension in use, navigate to Tools & Settings > Security(Firewall) > Add Custom Rule:
7.1 Once the rule is saved, click the "Apply Changes" and "Activate" buttons.Note: make sure the docker container was restarted once the Firewall Rules were applied via extension.
7.2 (Optional) if Fail2ban is used, add the docker network to a trusted list.
Navigate to Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses and click Add trusted IP: 172.17.0.0/24 -
Using the next two commands, adjust the Varnish configuration file to use the IP and port of the apache2:
Warning: The domain's IP address should be specified instead of 203.0.113.2, otherwise you will break the docker container. Also, if the container's name was changed from "varnish" to a custom one, don't forget to adjust it within the commands below:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.port/c\ .port = "7080";' /etc/varnish/default.vcl
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.host/c\ .host = "203.0.113.2";' /etc/varnish/default.vcl
-
Restart the varnish container:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker restart {}
- Starting with Plesk 18.0.56 apache2 now listening on localhost. To make docker container able to fetch data from 0.0.0.0:7080, it is needed to change the apache2 bindings via the next command:
Warning: The operation will take time depending on the server performance and number of domains. Downtime for domains while the operation is performed is expected.
# plesk bin apache --listen-on-localhost false
-
Open the website via browser and check the headers of the page using browser's dev tools. Varnish header should be displayed:
Once the WordPress application is installed on the domain, apply the next steps:
-
Configure the container:
1.1 Download and copy the pre-configured WordPress varnish config template in the container: \# curl -o /tmp/default.vcl --silent https://support.plesk.com/hc/article_attachments/12376956707095/default.vcl && docker ps | grep varnish | awk {'print $1'} | xargs -i docker cp /tmp/default.vcl {}:/etc/varnish/
1.2 Adjust the configuration to match the domain's IP Address:
Warning: The domain's IP address should be specified instead of 203.0.113.2, otherwise you will break the docker container. Also, if the container's name was changed from "varnish" to a custom one, don't forget to adjust it within the command below:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i 's/XXX.XXX.XXX.XXX/203.0.113.2/g' default.vcl
-
Warning: Mare sure the option Permanent SEO-safe 301 redirect from HTTP to HTTPS under Domains > example.com > Hosting Settings is disabled, and option SSL/TLS Support is enabled.
Add the following directives to Domains > example.com > Apache & nginx Settings > Additional directives for HTTP field to enable HTTPS redirect and avoid possible mixed content issue:
CONFIG_TEXT: SetEnvIf X-Forwarded-Proto "https" HTTPS=on
Header append Vary: X-Forwarded-Proto
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule> -
Restart the varnish container:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker restart {}
-
Open the WordPress website using the browser's developer's tools (Network tab) and verify that the varnish cache is being loaded:
Local Varnish server:
Note: Check the script's "help" output to see how to run it in non-interactive mode.
Note: Config supplied with this script by default currently supports the following CMS list:
WordPress 6.0+
Joomla 3.6+ with https://github.com/joomlaworks/url-normalizer installed.
-
Connect to the server via SSH as root
- Download the script:
# curl -LO https://raw.githubusercontent.com/plesk/kb-scripts/master/varnishmng/varnishmng.sh
- Grant it with execute permissions:
# chmod 700 varnishmng.sh
- Execute it:
# ./varnishmng.sh
- Follow the instructions. First install varnishd service, then enable/disable varnish cache on domains.
Comments
17 comments
Are the instructions still up to date?
I tried to install varnish 7.1.2.
docker status shows the message: is assigned with an IP address 172.17.0.0/16
I've changed that accordingly. But the container does not start.
Error: Could not get socket :80: Permission denied (-? gives usage).
I can't find any /etc/varnish/default.vcl either
-bash: cd: /etc/varnish: No such file or directory
Under the domain in Add Docker Proxy Rules, there is also no entry under Port
I appreciate any help.
Thanks very much
Yes, please follow the instructions using the stable docker version specified in there.
Until yesterday we had a great running Varnish Cache in Docker, thanks for the great tutorial. Tonight an update made our Varnish cache unusable. The beautiful error message 503 appears.
The following packages were successfully updated:
- containerd.io 1.6.24-3.1.el8 from the plesk-ext-docker repository (previous version: 1.6.22-3.1.el8 from the plesk-ext-docker repository).
Update: After a second server restart and a reinstallation of Varnish, the error was gone.
Greetings
Stefan
Hello, Stefan Braunersreuther
By the looks of it, the application itself was rather down or misconfigured within the container. Next time this happens, you can enter the container via docker CLI and have a look at the varnish status.
E.g., is it running/listening on the ports.
Varnish Cache works really well for wordpress but for other CMS systems like Joomla 5 - 4 is not working at all.
In CWP the Varnish Cache works like a charm
Hi, Bragi.
Yes that is expected, Joomla will require a different varnish configuration. For instance, you can review the following gists and adjust one for your needs:
https://gist.github.com/fevangelou/84d2ce05896cab5f730a
This seems to be working well for me, but I have a control panel on my site at /panel. Normally I would just add the following to my default.vcf:
But I can't find a way to that with Docker on Plesk. How would I do it?
Do we need to have multiple varnish containers for each domain we decide to proxy through varnish?
I'm concerned about the memory usage
Hello, Christos Tziotzis
One container per IP Address. The number of domains doesn't matter as long as they use the IP Address specified in the varnish conf file inside of a container
this .sh run with almalinux or rockylinux ??
Hello, Carrero
I've tested this on AL8/9 and RockyLinux 8
Works in a clean Plesk installation with default OS repos.
I followed this "Via the custom varnish management script for Plesk" Varnish Cache is running fine, if I use more that 1 WordPress install everything stops working. Varnish Cache will work for some hours then everything will stop working.
I have 18 domains and I want to use Varnish Cache for them all. I´m not a hosting company, I host my own stuff for my own purpose.
I will try using docker and let you all know how that goes.
Edit:
I have a question! I have 2 wordpress and both are using docker Varnish Cache.
What plugin can I use for Wordpress that will flush varnish cache, I have used WP Total Cache and proxy cache purge, it seems that neither plugins are able to flush the cache, the only way for me to flush the cache is restarting the docker.
I have tried to add my public IP, my local IP and even used 172.17.0.0 it doesn´t matter what I try nothing works.
Also there is missing how to uninstall varnish cache for "varnishmng.sh"
Bragi,
I am using Proxy cache purge and have to change the IP Address of the Varnish to be 127.0.0.1:32780. And I also had to edit default.vcl and add "172.17.0.1" to the allowlist for Purges in Varnish. Then the purging from Varnish works as expected.
Plesk Team,
Thank you for this guide as this works pretty well and it actually helps with performance a lot.
The only thing that I can think that needs adjustment is the httpd.conf and/or nginx.conf to allow us to still be able to view the /plesk-stat/ URLs for the domains that we setup in Varnish/Docker.
After following the guide you have here, trying to access the /plesk-stat/webstat-ssl/ or /plesk-stat/webstat/ gives out infinite 301 redirects. This is due to the fact that the Apache 7080 internal port is redirecting to the https://....../plesk-stat/ which then gets routed by the Docker proxy back to the 7080, and so on, causing an infinite loop.
I was able to resolve this by commenting out the https:// redirects in the virtualhost part for port 7080 and adding the basic authentication/location parts for the /plesk-stat/ that exist on port 7081, to port 7080 and the /plesk-stat/ works together with Varnish and Wordpress.
But unfortunately any change I make the domain through the Plesk GUI is going to reset my http.conf and /plesk-stat/ will stop working again. I would do this through the custom template folder but I do not want to make all my domains pass through Varnish yet, as I'm still testing each domain one by one before enabling Varnish on it.
Any chance you can account for this in a future update?
Hello, Yiorgos Zachariades.
Are you using the dockerized version, or in-place varnish installation with a script?
Hello Stefan,
I am using the Dockerized version of Varnish.
Varnish works great thanks! Unfortunately any password protected pages via Wordpress will not be honoured (say if set to private with a password) or using .htaccess passwords do not work. Is there any fix for this?
Please sign in to leave a comment.