Using Varnish as front end cache for Azure Web Apps

October 6, 2015 jason Uncategorized 0 Comments

Varnish is an Http accelerator designed for content-heavy websites and highly consumable APIs. You can easily spin up a Varnish server on top of your Azure Web Apps to boost your website’s performance. Varnish can cache web pages and provide content to your website users blazing fast. This blog post shows you how to install and configure Varnish with sample configuration files.


Step 1: Create a cloud service using Linux virtual machine on Azure


First, you need to setup a cloud service with a Linux virtual machine, click here for details. For most web apps a single VM is sufficient. However, if you need a failure resilient front end cache, I recommend using at least two virtual machines on your cloud service. For the purpose of this blog post, I will be using Ubuntu LTS.


Step 2: Install Varnish on all VMs


It is recommended to use Varnish packages provided by varnish-cache.org. The only supported architecture is amd64 for Ubuntu LTS. For other Linux distributions, please see install instructions here. Connect to each virtual machine using PuTTY and do the following as root user:


  • Add the security key [Debian and Ubuntu].


wget http://repo.varnish-cache.org/debian/GPG-key.txt
apt-key add GPG-key.txt


  • Add the package URL to apt-get repository sources list.


echo "deb http://repo.varnish-cache.org/ubuntu/ precise varnish-3.0" | sudo tee -a /etc/apt/sources.list


  • Update the package manager and download/install Varnish Cache


apt-get update
apt-get install varnish


Step 3: Varnish configuration


The default settings are not set to run on front-facing port of 80(HTTP) or 443 (for HTTPS) and hence this needs to modified to use port you need for your web app. Port 80 is the default TCP port for HTTP traffic. If you plan on using SSL with your website, you will also need to open port 443 which is the default port for HTTPS traffic.


Login to Azure Preview portal and select your virtual machine to add the endpoint for port 80 (HTTP) or 443 (HTTPS). This needs to be done for every virtual machine. The configuration file on Ubuntu is at  /etc/default/varnish. Using your favorite editor to edit the file, in this blog post I’m using nano editor.



nano /etc/default/varnish


The file will have a few default settings. If you scroll down, you will see a block of text defining the Varnish daemon options starting with the text DAEMON_OPTS, similar to:



DAEMON_OPTS="-a :6081 
-T localhost:6082 
-f /etc/varnish/default.vcl 
-S /etc/varnish/secret 
-s malloc,256m"


Change the port from 6081 to 80 (HTTP) or 443 (HTTPS) :



DAEMON_OPTS="-a :80 
-T localhost:6082 
-f /etc/varnish/default.vcl 
-S /etc/varnish/secret 
-s malloc,256m"


By default the port 80 or 443 is blocked by the firewall , and hence you need to explicitly open the port by using the ufw (uncomplicated Firewall) command or iptables.


Using ufw command:


First you must enable ufw



ufw enable


After enabling ufw, open port 80 using the ufw command.



ufw allow 80


To open port 443 (HTTPS), execute this command:



ufw allow 443


Using iptables:


By running the following commands a root can open port 80 allowing regular Web browsing from websites that communicate via port 80.



iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT


To allow access to secure websites you must open port 443 as well.



iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT 
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT 


Step 4: Modifying the default VCL file under /etc/varnish/


Varnish uses a .vcl file (default located at /etc/varnish/ as default.vcl) containing instructions written in VCL Language in order to run its program. This is used to define how Varnish should handle the requests and how the document caching system should work.


Open the editor once again to modify the contents of default.vcl (located under /etc/varnish/) by using the following command.



nano /etc/varnish/default.vcl


Create a default backend with .host and .port referring to your Azure web app.  Here is a sample of basic VCL configuration file (replace my-azure-webapp.azurewebsites.net with your actual web application custom domain or azurewebsite.net domain URL). Note, if you are using Varnish 4.0 and above you need to include vcl 4.0 at the beginning of the file.



vcl 4.0;
backend default {

      .host = "my-azure-webapp.azurewebsites.net";
      .port = "80";
      .connect_timeout = 600s;
      .first_byte_timeout = 600s;
      .between_bytes_timeout = 600s;
}
sub vcl_recv {
     set req.http.host = "my-azure-webapp.azurewebsites.net";
     set req.backend = default;
     return (lookup);
}



Troubleshooting


If you run into any issues with Varnish server, you can view  the logs by running the following command.



varnishlog cmd


Browse your site again and look at the log in the your VM. For more information, click here.


Sample VCL configuration files


  • WordPress

If you are using a WordPress web app, click here to download a sample Varnish configuration for WordPress.


  • Drupal

If you are using a Drupal web app, click here to download a sample Varnish configuration for Drupal.


Source: Microsoft Azure News

Could not resolve host: urls.api.twitter.com