{"id":17487,"date":"2024-04-04T07:45:39","date_gmt":"2024-04-04T07:45:39","guid":{"rendered":"https:\/\/cloudkul.com\/blog\/?p=17487"},"modified":"2024-10-22T12:23:03","modified_gmt":"2024-10-22T12:23:03","slug":"impact-of-varnish-on-wordpress","status":"publish","type":"post","link":"https:\/\/cloudkul.com\/blog\/impact-of-varnish-on-wordpress\/","title":{"rendered":"Impact of Varnish on WordPress"},"content":{"rendered":"\n

What is Varnish?<\/strong><\/h2>\n\n\n\n

Varnish is a software that helps websites load faster by storing a copy of the website’s content in a special place called a cache. <\/p>\n\n\n\n

Varnish Cache <\/a>is a web application accelerator also known as a caching HTTP reverse proxy. However, You can install it in front of your web server. <\/p>\n\n\n\n

When someone visits the website, instead of fetching all the information from scratch, varnish quickly retrieves the stored copy, making the website load much faster.<\/p>\n\n\n\n

In this blog, we will learn how to implement Varnish and Apache.<\/p>\n\n\n\n

Benefits of using varnish<\/strong><\/h2>\n\n\n\n

Speed<\/strong>: Websites load faster because varnish serves up cached copies of web pages instead of generating them from scratch every time someone visits.<\/p>\n\n\n\n

Reduced Server Load:<\/strong> Since varnish reduces the number of requests to the main server, it helps to lower the burden on the server, which can handle more visitors without slowing down.<\/p>\n\n\n\n

Better User Experience:<\/strong> Faster loading times mean visitors spend less time waiting for pages to load, leading to a better overall experience and higher satisfaction.<\/p>\n\n\n\n

Scalability:<\/strong> Varnish can handle a large number of simultaneous requests, making it suitable for high-traffic websites.<\/p>\n\n\n\n

Cost Savings:<\/strong> By reducing server load and increasing efficiency, varnish can help save on hosting costs.<\/p>\n\n\n\n

In simple terms, varnish is like a turbocharger for websites, making them faster and more efficient, which benefits both website owners and visitors.<\/p>\n\n\n\n

How to set up\/install Varnish?<\/strong><\/h2>\n\n\n\n

It completely depends on the OS of the server. Based on the server OS you will run the command to install.<\/p>\n\n\n\n

Note – <\/strong>Here we are using the Ubuntu 20.04 server<\/a>.<\/p>\n\n\n\n

Please run the below commands:<\/p>\n\n\n\n

This command updates the package list to get information on the latest available packages.<\/p>\n\n\n\n

sudo apt-get update<\/pre>\n\n\n\n
This command will install the further dependencies to configure the package repository.<\/p>\n\n\n\n
sudo apt-get install debian-archive-keyring curl gnupg apt-transport-https<\/pre>\n\n\n\n
Here’s a breakdown of what each of these packages does and why they might be required:<\/strong><\/h3>\n\n\n\n
> Debian-archive-keyring: <\/strong>This package contains the GnuPG archive keys of the Debian archive. These keys are used to verify the authenticity of Debian packages during installation. <\/p>\n\n\n\n
Installing this package ensures that your system can authenticate packages from the Debian repository.<\/p>\n\n\n\n
> Curl: <\/strong>Curl is a command-line tool and library for transferring data with URLs. However, it supports various protocols, including HTTP, HTTPS, FTP, and more.<\/p>\n\n\n\n
It’s commonly used for downloading files or interacting with web services from the command line.<\/p>\n\n\n\n
> gnupg:<\/strong> GnuPG (GNU Privacy Guard) is a complete and free implementation of the OpenPGP standard. It’s used for encryption and signing of data and communication. <\/p>\n\n\n\n
It’s likely included here because it’s a dependency for other packages or because it’s commonly used for secure communication or package verification.<\/p>\n\n\n\n
> apt-transport-https:<\/strong> This package allows apt-get to retrieve and download packages over HTTPS. <\/p>\n\n\n\n
It’s essential for fetching packages from repositories that use HTTPS, which is increasingly becoming the standard for package repositories to ensure data integrity and security during transmission.<\/p>\n\n\n\n
Further, the next command will import the GPG key into the package manager configuration:<\/p>\n\n\n\n
curl -s -L https:\/\/packagecloud.io\/varnishcache\/varnish60lts\/gpgkey | sudo apt-key add -<\/pre>\n\n\n\n
This command retrieves a GNU Privacy Guard key from the specified URL (https:\/\/packagecloud.io\/varnishcache\/varnish60lts\/gpgkey<\/a>).<\/p>\n\n\n\n
And then adds it to the list of trusted keys used by the APT package manager on a Debian-based Linux system.<\/p>\n\n\n\n
Here’s a breakdown of the components:<\/strong><\/h3>\n\n\n\n
> curl: <\/strong>This is the command-line tool used for transferring data with URLs. In this command, it’s fetching the GPG key from the specified URL.<\/p>\n\n\n\n
> -s:<\/strong> This flag makes the curl operate in silent mode, meaning it doesn’t show progress or error messages.<\/p>\n\n\n\n
> -L: <\/strong>This flag tells the curl to follow any HTTP redirects, so it will automatically go to the final destination URL if there are any redirections.<\/p>\n\n\n\n
You can retrieve the GPG key from the URL – https:\/\/packagecloud.io\/varnishcache\/varnish60lts\/gpgkey<\/a><\/p>\n\n\n\n
><\/strong> |: This is the pipe operator, which redirects the output of the curl command (the GPG key) to the next command (sudo apt-key add -).<\/p>\n\n\n\n
><\/strong> sudo apt-key add -: This command adds the GPG key received from curl to the list of trusted keys used by APT. sudo is used to run the command with administrative privileges.<\/p>\n\n\n\n
And finally, we have to update the package list once again. This will ensure the Package-cloud repository is included:<\/p>\n\n\n\n
sudo apt-get update<\/pre>\n\n\n\n
Now that the repositories are added and the right repository preferences are configured, you can install Varnish by running the following command:<\/p>\n\n\n\n
sudo apt-get install varnish<\/pre>\n\n\n\n
How to configure Varnish?<\/strong><\/h2>\n\n\n\n
Varnish usually listens for requests on port 6081, but we’re configuring Varnish to listen on port 80, We are also adjusting how much Varnish can store in memory by making changes to its unit file.<\/p>\n\n\n\n
vim \/lib\/systemd\/system\/varnish.service<\/pre>\n\n\n\n
Default block:
<\/p>\n\n\n\n
ExecStart=\/usr\/sbin\/varnishd \\\n\t  -a :6081 \\\n\t  -a localhost:6082,PROXY \\\n\t  -p feature=+http2 \\\n\t  -f \/etc\/varnish\/default.vcl \\\n\t  -s malloc,256m<\/pre>\n\n\n\n
After doing the required changes our block will look like this:
<\/p>\n\n\n\n
ExecStart=\/usr\/sbin\/varnishd \\\n          -j unix,user=vcache \\\n          -F \\\n          -a :80 \\\n          -T localhost:6082 \\\n          -p feature=+http2 \\\n          -f \/etc\/varnish\/default.vcl \\\n          -S \/etc\/varnish\/secret \\\n          -s malloc,2g<\/pre>\n\n\n\n
This block is a configuration for starting the Varnish Cache daemon (varnishd). <\/p>\n\n\n\n
Let’s break down each option:<\/h3>\n\n\n\n
> ExecStart: <\/strong>This is a directive typically found in a systemd service unit file (*.service). It specifies the command to execute when starting the service.<\/p>\n\n\n\n
> \/usr\/sbin\/varnishd:<\/strong> This is the path to the Varnish Cache daemon executable.<\/p>\n\n\n\n
> -j unix,user=vcache: <\/strong>This option tells Varnish to create a shared memory file (VSM) using Unix domain sockets with permissions granted to the vcache user. <\/p>\n\n\n\n
We are using this for inter-process communication.<\/p>\n\n\n\n
> -F: <\/strong>This option tells Varnish to run in the foreground, meaning it won’t daemonize and detach from the terminal.<\/p>\n\n\n\n
> -a :80:<\/strong> This option specifies the address and port on which Varnish should listen for incoming client requests. <\/p>\n\n\n\n
In this case, it’s listening on port 80 of all available network interfaces (: represents all interfaces).<\/p>\n\n\n\n
> -T localhost:6082:<\/strong> This option specifies the address and port where the Varnish administration interface (Varnish Management Interface, VSM) is available. <\/p>\n\n\n\n
It’s listening on localhost (127.0.0.1) on port 8443. <\/p>\n\n\n\n
This interface is typically used for administration tasks such as cache inspection, statistics gathering, and dynamic configuration updates.<\/p>\n\n\n\n
> -p feature=<\/strong>+http2: This option enables HTTP\/2 support in Varnish. <\/p>\n\n\n\n
HTTP\/2 is the latest version of the HTTP protocol and offers improvements over HTTP\/1.1, including multiplexing as well as header compression.<\/p>\n\n\n\n
> -f \/etc\/varnish\/default.vcl: <\/strong>This option specifies the location of the Varnish Configuration Language (VCL) file that Varnish uses for configuring its behavior. <\/p>\n\n\n\n
In this case, it’s using \/etc\/varnish\/default.vcl.<\/p>\n\n\n\n
> -S \/etc\/varnish\/secret:<\/strong> This option specifies the location of the secret file used for securing communication between Varnish and varnishadm (the management CLI for Varnish). <\/p>\n\n\n\n
Hence, this file typically contains a shared secret key.<\/p>\n\n\n\n
> -s malloc,2g<\/strong>: This option specifies the storage method and size for the Varnish cache. In this case, it’s using the malloc storage backend, which stores cache objects in memory. <\/p>\n\n\n\n
The 2g indicates that Varnish should allocate 2 gigabytes of memory for caching.<\/p>\n\n\n\n
We’ve finished configuring Varnish. Now, we’re setting up the web server – Apache.<\/h2>\n\n\n\n
Now we’ll install the Apache<\/a> on the Ubuntu server. For Apache, we’ll have it running on port 8080.<\/p>\n\n\n\n
sudo apt install apache2<\/pre>\n\n\n\n
In Apache, we’ll tweak settings in both the virtual hosts (vhosts) files and the port.conf file.<\/p>\n\n\n\n
First, we will change the port in the ports.conf which is located at \/etc\/apache2\/ports.conf. Here you will change the port from 80 to 8080.<\/p>\n\n\n
\n
\"apache\"<\/a><\/figure><\/div>\n\n\n
Now, we will make the changes in this file 000-default.conf, it is located at \/etc\/apache2\/sites-enabled\/000-default.conf.<\/p>\n\n\n\n
Here also you will change Apache port from 80 to 8080.<\/p>\n\n\n
\n
\"port\"<\/a><\/figure><\/div>\n\n\n

Varnish gives us a WordPress VCL (Varnish Configuration Language) file, and we’ll use it for our setup.<\/p>\n\n\n\n
Here’s the full VCL file:<\/h2>\n\n\n\n
vcl 4.1;\n\nimport std;\n\nbackend default {\n    .host = \"127.0.0.1\";\n    .port = \"8080\";\n}\n\n# Add hostnames, IP addresses and subnets that are allowed to purge content\nacl purge {\n    \"localhost\";\n    \"127.0.0.1\";\n    \"::1\";\n}\n\nsub vcl_recv {   \n    # Remove empty query string parameters\n    # e.g.: www.example.com\/index.html?\n    if (req.url ~ \"\\?$\") {\n        set req.url = regsub(req.url, \"\\?$\", \"\");\n    }\n\n    # Remove port number from host header\n    set req.http.Host = regsub(req.http.Host, \":[0-9]+\", \"\");\n\n    # Sorts query string parameters alphabetically for cache normalization purposes\n    set req.url = std.querysort(req.url);\n\n    # Remove the proxy header to mitigate the httpoxy vulnerability\n    # See https:\/\/httpoxy.org\/\n    unset req.http.proxy;\n    \n    # Add X-Forwarded-Proto header when using https\n    if (!req.http.X-Forwarded-Proto) {\n        if(std.port(server.ip) == 443 || std.port(server.ip) == 8443) {\n            set req.http.X-Forwarded-Proto = \"https\";\n        } else {\n            set req.http.X-Forwarded-Proto = \"http\";\n        }\n    }\n\n    # Purge logic to remove objects from the cache. \n    # Tailored to the Proxy Cache Purge WordPress plugin\n    # See https:\/\/wordpress.org\/plugins\/varnish-http-purge\/\n    if(req.method == \"PURGE\") {\n        if(!client.ip ~ purge) {\n            return(synth(405,\"PURGE not allowed for this IP address\"));\n        }\n        if (req.http.X-Purge-Method == \"regex\") {\n            ban(\"obj.http.x-url ~ \" + req.url + \" && obj.http.x-host == \" + req.http.host);\n            return(synth(200, \"Purged\"));\n        }\n        ban(\"obj.http.x-url == \" + req.url + \" && obj.http.x-host == \" + req.http.host);\n        return(synth(200, \"Purged\"));\n    }\n\n    # Only handle relevant HTTP request methods\n    if (\n        req.method != \"GET\" &&\n        req.method != \"HEAD\" &&\n        req.method != \"PUT\" &&\n        req.method != \"POST\" &&\n        req.method != \"PATCH\" &&\n        req.method != \"TRACE\" &&\n        req.method != \"OPTIONS\" &&\n        req.method != \"DELETE\"\n    ) {\n        return (pipe);\n    }\n\n    # Remove tracking query string parameters used by analytics tools\n    if (req.url ~ \"(\\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=\") {\n        set req.url = regsuball(req.url, \"&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\\-\\.%25]+)\", \"\");\n        set req.url = regsuball(req.url, \"\\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\\-\\.%25]+)\", \"?\");\n        set req.url = regsub(req.url, \"\\?&\", \"?\");\n        set req.url = regsub(req.url, \"\\?$\", \"\");\n    }\n\n    # Only cache GET and HEAD requests\n    if (req.method != \"GET\" && req.method != \"HEAD\") {\n        set req.http.X-Cacheable = \"NO:REQUEST-METHOD\";\n        return(pass);\n    }\n\n    # Mark static files with the X-Static-File header, and remove any cookies\n    # X-Static-File is also used in vcl_backend_response to identify static files\n    if (req.url ~ \"^[^?]*\\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\\?.*)?$\") {\n        set req.http.X-Static-File = \"true\";\n        unset req.http.Cookie;\n        return(hash);\n    }\n\n    # No caching of special URLs, logged in users and some plugins\n    if (\n        req.http.Cookie ~ \"wordpress_(?!test_)[a-zA-Z0-9_]+|wp-postpass|comment_author_[a-zA-Z0-9_]+|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_[a-zA-Z0-9]+|wordpress_logged_in_|comment_author|PHPSESSID\" ||\n        req.http.Authorization ||\n        req.url ~ \"add_to_cart\" ||\n        req.url ~ \"edd_action\" ||\n        req.url ~ \"nocache\" ||\n        req.url ~ \"^\/addons\" ||\n        req.url ~ \"^\/bb-admin\" ||\n        req.url ~ \"^\/bb-login.php\" ||\n        req.url ~ \"^\/bb-reset-password.php\" ||\n        req.url ~ \"^\/cart\" ||\n        req.url ~ \"^\/checkout\" ||\n        req.url ~ \"^\/control.php\" ||\n        req.url ~ \"^\/login\" ||\n        req.url ~ \"^\/logout\" ||\n        req.url ~ \"^\/lost-password\" ||\n        req.url ~ \"^\/my-account\" ||\n        req.url ~ \"^\/product\" ||\n        req.url ~ \"^\/register\" ||\n        req.url ~ \"^\/register.php\" ||\n        req.url ~ \"^\/server-status\" ||\n        req.url ~ \"^\/signin\" ||\n        req.url ~ \"^\/signup\" ||\n        req.url ~ \"^\/stats\" ||\n        req.url ~ \"^\/wc-api\" ||\n        req.url ~ \"^\/wp-admin\" ||\n        req.url ~ \"^\/wp-comments-post.php\" ||\n        req.url ~ \"^\/wp-cron.php\" ||\n        req.url ~ \"^\/wp-login.php\" ||\n        req.url ~ \"^\/wp-activate.php\" ||\n        req.url ~ \"^\/wp-mail.php\" ||\n        req.url ~ \"^\/wp-login.php\" ||\n        req.url ~ \"^\\?add-to-cart=\" ||\n        req.url ~ \"^\\?wc-api=\" ||\n        req.url ~ \"^\/preview=\" ||\n        req.url ~ \"^\/\\.well-known\/acme-challenge\/\"\n    ) {\n\t     set req.http.X-Cacheable = \"NO:Logged in\/Got Sessions\";\n\t     if(req.http.X-Requested-With == \"XMLHttpRequest\") {\n\t\t     set req.http.X-Cacheable = \"NO:Ajax\";\n\t     }\n        return(pass);\n    }\n\n    # Remove any cookies left\n    unset req.http.Cookie;\n    return(hash);\n}\n\nsub vcl_hash {\n    if(req.http.X-Forwarded-Proto) {\n        # Create cache variations depending on the request protocol       \n        hash_data(req.http.X-Forwarded-Proto);\n    }\n}\n\nsub vcl_backend_response {\n    # Inject URL & Host header into the object for asynchronous banning purposes\n    set beresp.http.x-url = bereq.url;\n    set beresp.http.x-host = bereq.http.host;\n\n    # If we dont get a Cache-Control header from the backend\n    # we default to 1h cache for all objects\n    if (!beresp.http.Cache-Control) {\n        set beresp.ttl = 1h;\n        set beresp.http.X-Cacheable = \"YES:Forced\";\n    }\n\n    # If the file is marked as static we cache it for 1 day\n    if (bereq.http.X-Static-File == \"true\") {\n        unset beresp.http.Set-Cookie;\n        set beresp.http.X-Cacheable = \"YES:Forced\";\n        set beresp.ttl = 1d;\n    }\n\n\t# Remove the Set-Cookie header when a specific Wordfence cookie is set\n    if (beresp.http.Set-Cookie ~ \"wfvt_|wordfence_verifiedHuman\") {\n\t    unset beresp.http.Set-Cookie;\n\t }\n\t\n    if (beresp.http.Set-Cookie) {\n        set beresp.http.X-Cacheable = \"NO:Got Cookies\";\n    } elseif(beresp.http.Cache-Control ~ \"private\") {\n        set beresp.http.X-Cacheable = \"NO:Cache-Control=private\";\n    }\t\n}\n\nsub vcl_deliver {\n    # Debug header\n    if(req.http.X-Cacheable) {\n        set resp.http.X-Cacheable = req.http.X-Cacheable;    \n    } elseif(obj.uncacheable) {\n        if(!resp.http.X-Cacheable) {\n            set resp.http.X-Cacheable = \"NO:UNCACHEABLE\";        \n        }\n    } elseif(!resp.http.X-Cacheable) {\n        set resp.http.X-Cacheable = \"YES\";\n    }\n    \n    # Cleanup of headers\n    unset resp.http.x-url;\n    unset resp.http.x-host;    \n}<\/pre>\n\n\n\n
This is a Varnish Configuration Language (VCL) script used for configuring Varnish Cache, an HTTP accelerator. Let’s break down the script section by section:<\/p>\n\n\n\n
Backend Configuration:<\/strong><\/p>\n\n\n\n
backend default {\n    .host = \"127.0.0.1\";\n    .port = \"8080\";\n}<\/pre>\n\n\n\n
This section defines the default backend server to which Varnish will forward requests.<\/p>\n\n\n\n
Purge ACL:<\/strong><\/p>\n\n\n\n
acl purge {\n    \"localhost\";\n    \"127.0.0.1\";\n    \"::1\";\n}<\/pre>\n\n\n\n
Defines an ACL (Access Control List) named “purge” containing IP addresses and hostnames allowed to perform cache purges.<\/p>\n\n\n\n
vcl_recv (Receive)<\/strong>
This subroutine handles incoming client requests and performs various actions:<\/p>\n\n\n\n