Question
How to configure varnish cache for a domain in Plesk?
Answer
This can be achieved using Docker.
Refer to the following steps in order to configure Varnish on the Plesk server using the official varnish docker image.
-
Navigate to Docker in Plesk, find and the official varnish image in the catalog, click
and select the stable(6.6.2) version to run a varnish containre:
-
Setup Manual Mapping for the docker container. At Docker > varnish > Settings uncheck the "Automatic Port Mapping" function and apply the following manual mappings:
80 -> 32780
8443 -> 32781 (we're not going to use this one) -
Disable the "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option on the domain at Domains > example.com > Hosting Settings
-
Create a Docker Proxy Rule on the domain at Domains > example.com > Docker Proxy Rules:
URL: example.com/
Container: varnish
Port: 80 -> 32780
\ -
Permit connections to the apache2 port 7080 from the docker subnet via iptables:
6.1 Connect to the server via SSH
6.2 Apply the rule using the next command: \# iptables -I INPUT -p tcp --dport 7080 -s 172.17.0.0/24 -j ACCEPT
Note: The rule added via command line would be reset on the system reboot, or after applying a custom firewall script/configuration. In order to make it persistent, rather include it in your iptables configuration, or consider scheduling a server-wide cron task.
-
In case there is a Plesk Firewall extension in use, navigate to Tools & Settings > Security(Firewall) > Add Custom Rule:
7.1 Once the rule is saved, click the "Apply Changes" and "Activate" buttons.Note: make sure the docker container was restarted once the Firewall Rules were applied via extension.
7.2 (Optional) if Fail2ban is used, add the docker network to a trusted list.
Navigate to Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses and click Add trusted IP: 172.17.0.0/24 -
Using the next two commands, adjust the Varnish configuration file to use the IP and port of the apache2:
Warning: The domain's IP address should be specified instead of 203.0.113.2, otherwise you will break the docker container. Also, if the container's name was changed from "varnish" to a custom one, don't forget to adjust it within the commands below:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.port/c\ .port = "7080";' /etc/varnish/default.vcl
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.host/c\ .host = "203.0.113.2";' /etc/varnish/default.vcl
-
Restart the varnish container:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker restart {}
-
Test the header of the page using browsers dev tools. It should return the varnish output.
Once the WordPress application is installed on the domain, apply the next steps:
-
Configure the container:
1.1 Download and copy the pre-configured WordPress varnish config template in the container: \# curl -o /tmp/default.vcl --silent https://support.plesk.com/hc/article_attachments/4446947540498/default.vcl && docker ps | grep varnish | awk {'print $1'} | xargs -i docker cp /tmp/default.vcl {}:/etc/varnish/
1.2 Adjust the configuration to match the domain's IP Address:
Warning: The domain's IP address should be specified instead of 203.0.113.2, otherwise you will break the docker container. Also, if the container's name was changed from "varnish" to a custom one, don't forget to adjust it within the command below:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i 's/XXX.XXX.XXX.XXX/203.0.113.2/g' default.vcl
-
Warning: Mare sure the option Permanent SEO-safe 301 redirect from HTTP to HTTPS under Domains > example.com > Hosting Settings is disabled, and option SSL/TLS Support is enabled.
Add the following directives to Domains > example.com > Apache & nginx Settings > Additional directives for HTTP field to enable HTTPS redirect and avoid possible mixed content issue:
CONFIG_TEXT: SetEnvIf X-Forwarded-Proto "https" HTTPS=on
Header append Vary: X-Forwarded-Proto
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule> -
Restart the varnish container:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker restart {}
-
Open the WordPress website using the browser's developer's tools (Network tab) and verify that the varnish cache is being loaded:
Comments
6 comments
In the second option (Wordpress config), in step 1.1 the wrong url is posted. It should be https://support.plesk.com/hc/en-us/article_attachments/4446947540498/default.vcl instead of https://support.plesk.com/hc/en-us/article_attachments/4405703421586/default.vcl the post id is wrong which results in a 404. Therefor the wordpress varnish configuration will not be downloaded.
Stefan Yakubov
Thank you for the post,
Could you provide us with the instructions for a Magento 2 website?
I can provide a staging server with a working Magento 2 if needed.
Hello,
Lanthopus X
Thank you, the link was redacted.
SamParis
You can use the official Magento tools to export and adapt the varnish configuration:
https://devdocs.magento.com/guides/v2.4/config-guide/varnish/config-varnish-magento.html
Weird.... I am getting the following error when starting Varnish:
Though I have set all ports correctly:
I have no clue what I am doing wrong. I double checked everything and on my test server it worked. This is a new / fresh Plesk server. Grrrrr..... Going crazy here.
//edit
Well... I found the issue! It's was caused by Varnsh v7.1. That issue is bogus and causes the above issue. I compared the new server with my test server and the test server used "latest" version of Varnish, which is: varnish-7.0.2 (according to the information screen). Weird.
You need to update this article so people can Include Docker IP to IP Address Banning (Fail2Ban)
I had to do this as the server blocked the IP 172.17.0.0/24
Hello, Bragi Austfjörð
Thank you for your input. The article was updated.
Please sign in to leave a comment.