** last updated 2019-06-07 **
Custombuild 2 gives us an opportunity to have a reverse-proxy Nginx in front of Apache on a server with DirectAdmin, and the setup is quite easy. We need only a small customization in order to add Varnish Cache between them.
IMPORTANT: the guide does not cover an installation process of Varnish Cache in full, the guide does not cover a configuration process of Varnish Cache either. The guide only covers the process of integration Varnish Cache into Nginx+Apache scheme.
Instructions can be found here: Reverse-proxy NGINX + Apache on Directadmin powered server
Install a needed version of Varnish using a guide from the official site:
If you are not sure what version to choose, it is a good start to install varnish from the epel repository for CentOS (if you run the OS of course).
For example CentOS 7.x at the moment offers Varnish 4.0.5, so to get it installed you will need to run:
yum -y install varnish
on Debian/Ubuntu run the following command:
sudo apt-get install varnish
or from the official Varnish Cache repository which is now hosted at Packagecloud.io.
IMPORTANT: For a full installation instructions refer to the official documentation by the link above.
Copy
/usr/local/directadmin/data/templates/nginx_server.conf /usr/local/directadmin/data/templates/nginx_server_secure.conf /usr/local/directadmin/data/templates/nginx_server_secure_sub.conf /usr/local/directadmin/data/templates/nginx_server_sub.conf
to the custom folder:
/usr/local/directadmin/data/templates/custom/
Modify the files
/usr/local/directadmin/data/templates/custom/nginx_server.conf /usr/local/directadmin/data/templates/custom/nginx_server_secure.conf /usr/local/directadmin/data/templates/custom/nginx_server_secure_sub.conf /usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
change lines:
proxy_pass http://|PROXY_IP|:|PORT_8080|;
and
proxy_pass https://|PROXY_IP|:|PORT_8081|;
to
proxy_pass http://|IP|:6081;
Yes, it should be exactly http for all 4 files. Varnish does not support HTTPS.
Change 6081 to any other value of TCP post where Varnish is accepting connections.
As for now varnish does not support SSL, all the requests both from HTTP and HTTPS will be routed after Varnish Cache to plain HTTP backend managed by Apache.
IMPORTANT: If you have different versions of a site for HTTP and HTTPS you should either unify them, or quit using Varnish. The guide does not cover this usage case.
Add the line
proxy_set_header X-Forwarded-Proto $scheme;
into mentioned nginx templates under a line:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Add the lines into:
<IfModule setenvif_module> SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on SetEnvIf X-Forwarded-Proto "^https$" X_SERVER_PORT=443 SetEnvIf X-Forwarded-Proto "^https$" X_REQUEST_SCHEME=https </IfModule>
/etc/httpd/conf/extra/httpd-includes.conf
You might need to change mod_rewrite rules if you use it to something like this:
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC] RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
or use DirectAdmin native feature to redirect users from HTTP to HTTPS.
Rewrite nginx virtual hosts:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue /usr/local/directadmin/dataskq
Have a good day!
We have many reports and emails that the guide is not working (they think so)! Be sure, it's still working. The root cause of a confuse is that the guide does not cover how to install and configure Varnish. You still need to update settings in /etc/varnish/default.vcl. And at least the backend port should be changed to 8080.