How to configure varnish cache for a domain in Plesk?

Follow

Comments

23 comments

  • Avatar
    Lanthopus X

    In the second option (Wordpress config), in step 1.1 the wrong url is posted. It should be https://support.plesk.com/hc/en-us/article_attachments/4446947540498/default.vcl instead of https://support.plesk.com/hc/en-us/article_attachments/4405703421586/default.vcl the post id is wrong which results in a 404. Therefor the wordpress varnish configuration will not be downloaded.

    0
    Comment actions Permalink
  • Avatar
    SamParis

    Stefan Yakubov

    Thank you for the post,

    Could you provide us with the instructions for a Magento 2 website?
    I can provide a staging server with a working Magento 2 if needed.

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello,

    Lanthopus X

    Thank you, the link was redacted.

     

    SamParis

    You can use the official Magento tools to export and adapt the varnish configuration:
    https://devdocs.magento.com/guides/v2.4/config-guide/varnish/config-varnish-magento.html

     

    0
    Comment actions Permalink
  • Avatar
    Michel vd Lingen (Edited )

    Weird.... I am getting the following error when starting Varnish:

    Error: Could not get socket :80: Permission denied

    Though I have set all ports correctly:

    • 80 to external 32780
    • 8443 to external 32781

    I have no clue what I am doing wrong. I double checked everything and on my test server it worked. This is a new / fresh Plesk server. Grrrrr..... Going crazy here.

     

    //edit

    Well... I found the issue! It's was caused by Varnsh v7.1. That issue is bogus and causes the above issue. I compared the new server with my test server and the test server used "latest" version of Varnish, which is: varnish-7.0.2 (according to the information screen). Weird.

    0
    Comment actions Permalink
  • Avatar
    Bragi Austfjörð (Edited )

    You need to update this article so people can Include Docker IP to IP Address Banning (Fail2Ban)

     

    Go to --> Server Management / Tools & Settings / IP Address Banning (Fail2Ban) / Trusted IP Addresses / add 172.17.0.0/24 as trusted IP for the Docker.

     

    I had to do this as the server blocked the IP 172.17.0.0/24

     

    1
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, Bragi Austfjörð

    Thank you for your input. The article was updated.

    0
    Comment actions Permalink
  • Avatar
    Michael Pratt

    Sorry if this is a stupid question, but do you have to set up a docker for each domain you want to use varnish for? Or can you use a single docker container to cache multiple domains?

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, Michael Pratt

    Single docker container can serve multiple websites, as long as the subscriptions to which domains belong are using the IP Address specified in part 1 step 8.

    0
    Comment actions Permalink
  • Avatar
    Michael Pratt

    Thanks Stefan, 

    So if I have 2 IP addresses I use on my server for my websites, then I would need 2 Varnish docker containers? Or is there a way to have 2 or more IP addresses? 

    Also, this does not seem to be working properly, as in the headers I do not see X-Cache object under "via". I do see "via: 1.1 varnish (Varnish/6.6) though. Not sure if it matters. If it is working, it is not faster than Hummingbird with just Memcached. 

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, Michael Pratt

    > So if I have 2 IP addresses I use on my server for my websites, then I would need 2 Varnish docker containers?

    Correct.

    > as in the headers I do not see X-Cache object under "via".

    That's expected. The header is not supplied.

     

     

    0
    Comment actions Permalink
  • Avatar
    Michael Pratt (Edited )

    Regardless of what I do, I cannot get ANY plugin, to purge cache from WordPress... I have tried all user comment suggestions, opened ports, and tried targeting every single IP address and port associated with this... It is caching fine, and I can see that I got a hit. But purging cache from plugin or from SSH (curl -X PURGE domain.com) gives:

    <!DOCTYPE html>
    <html>
      <head>
        <title>200 Purged</title>
      </head>
      <body>
        <h1>Error 200 Purged</h1>
        <p>Purged</p>
        <h3>Guru Meditation:</h3>
        <p>XID: 186</p>
        <hr>
        <p>Varnish cache server</p>
      </body>
    </html>

    I saw somewhere that meant that the cache was purged but when I refresh the page, I get a hit (when first refresh should be a miss) and the same cached ID. Until I restart the docker container. Many plugins for this ask for the IP address of the varnish server (usually localhost 127.0.0.1 etc. but that doesnt work) and some request a port, I tried every port associated with this functionality as well, local IP's and ports for the container, server, website, private, public.... checked iptables, firewalls (including fail2ban, immunify360, aws external, etc.)...

    Really frustrated. This has a ton of support on the suggestions. Plesk really should just implement something.

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov (Edited )

    Hello, Michael Pratt

    Meanwhile, you do have an option to purge cache by restarting the container, you can also do so with curl queries:
    https://docs.varnish-software.com/varnish-administration-console/super-fast-purger/usage/

    As I can see, you've tried that by now, however the IP Address should be added in the default.vcl acl as allowed first, e.g.

    # acl purge {
    "localhost";
    "127.0.0.1";
    "1.2.3.4/32";
    }

     

    0
    Comment actions Permalink
  • Avatar
    Michael Pratt

    Yeah, I have every IP address listed, including my office IP. Every public and private IP of the server, every variation of localhost, the docker container IP, all of them. This is an issue for sure with the website sending the purge request being unable to successfully send the container the request. My knowledge of docker, Plesk network, and varnish are relatively limited. SOMETHING is blocking it in Plesk, or docker, based on how they are setup, maybe even the default varnish container, but it must be beyond my ability to figure out because I have tried everything. 

    0
    Comment actions Permalink
  • Avatar
    Michael Pratt

    It isnt an ACL issue, I opened up ALL IP addresses and it still doesnt work with curl. 

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, Michael Pratt

    In case the curl requests reach the docker container, no other entities could interfere with the requests processing. Neither Plesk nor the docker service itself. 

    Therefore, that should be further checked with the varnish configuration/docs.

    0
    Comment actions Permalink
  • Avatar
    Stefano Fiorito (Edited )

    Hi, 
    after following the tutorial, I still have issues connecting the docker to the Apache interface. 
    I'm getting back a  "504 Gateway Time-out" from Ngix. 
    It seems that point 5. (Create a Docker Proxy Rule), 6. (adding Iptables condition) 7.(configure the firewall) and 7.1 (Failtoban) aren't working correctly in my case.
    I'm doing it on a Lighsails machine on AWS, there is any chance regarding a conflicts with the external firewall?

    any help or suggestions? 
    thank you 

     

    allowing "system policy incoming traffic", it start to work in some way but using only the 7. no, why? 
    I've set this 

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, Stefano Fiorito

    As this setup wasn't tested with AWS, I can recommend you to log in via the docker image itself and perform the network diagnostic steps. The image is debian-based with a small busybox.

    0
    Comment actions Permalink
  • Avatar
    Jay Chu

    Error 503 Backend fetch failed

    Backend fetch failed
    Guru Meditation:

    XID: 12

    Varnish cache server

    I got the "503 Backend fetch failed". But I don't any error log in varnishlog

     

    0
    Comment actions Permalink
  • Avatar
    Sami CHANGUEL (Edited )

    Thank you for this nice tutorial.

    It worked fine until I increased VARNISH_SIZE value : the Varnish Cache server returns error: Error 503 Service Unavailable / Guru Meditation with an XID number !

    I had to remove the docker container and make a fresh install :(

    If you want to change the default value you have to do it in step #1.3, don't try to update it from Plesk, you can do it inside the container :

    $ docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} export VARNISH_SIZE=2G

    1
    Comment actions Permalink
  • Avatar
    Manuel Kuhn (Edited )

    @Stefan Yakubov 
    You have created a great example and guide. But does not work together with Cloudflare Proxy.

    How should I enter all IPs from Cloudflare in the config :)

    edit://
    I add this IP´s under  Plesk -> example.com/ Config Apache&nginx / Nginx


    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2c0f:f248::/32;
    set_real_ip_from 2a06:98c0::/29;

    real_ip_header CF-Connecting-IP;

    and works :)

     


    thanks in advance
    Manu

     

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, @Manuel Kuhn,

    Yes that's correct. Meanwhile the virtualhost's IP needs to be specified in the varnish config, the directives to pass the real IP's from CloudFlare should be added on the "nginx additional directives" level.

    0
    Comment actions Permalink
  • Avatar
    Jiraboon Narktong

    How do I modify the vcl file or replace the vcl file from my computer?

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, @Jiraboon Narktong

    First copy it out of the docker container:

    # docker ps | grep varnish | awk {'print $1'} | xargs -i docker cp {}:/etc/varnish/default.vcl ~

    Edit is as required and upload it back to docker:

    # docker ps | grep varnish | awk {'print $1'} | xargs -i docker cp default.vcl {}:/etc/varnish/default.vcl

     

    Then restart the docker container to apply changes. Make sure to avoid mistakes in syntax as docker won't boot up with invalid config, thus the container will need to be recreated as per the first steps within the article.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request