Monday 18 January 2016

Setting up and configuring Varnish Cache as a reverse proxy

** I will be using Debian Jessie for this tutorial **

We should firstly install the relevent packages we will require:

sudo apt-get update && sudo apt-get install apt-transport-https
curl | sudo apt-key add -
echo "deb jessie varnish-4.1" >> /etc/apt/sources.list.d/varnish-cache.list
sudo apt-get update
sudo apt-get install varnish libvarnishapi-dev build-essential libmicrohttpd-dev pkg-config libcurl4-openssl-dev autogen dh-autoreconf libmicrohttpd-dbg

We can now unmask the service:

sudo systemctl unmask varnish.service

and then ensure the service is started:

sudo service varnish status

Varnish will bind to two ports by default:

Port 6081: Provides client / proxy access
Port 6082: Management interface (that is bound to loopback only)

Accessing <your-ip-address>:6081 should return something like:

Error 503 Backend fetch failed

You can edit any default startup options (i.e. ports etc.) by editing:

sudo vi /etc/default/varnish

and we can then grab 'Varnish Client 2' from github:

and compile with:


make install

We then want to run the varnish agent interactively (you can ommit this in future by removing the '-r' argument) to easily debug any initial errors:

sudo /usr/local/bin/varnish-agent -d

(You might see it complaining about not being able to connect to VAC - the enterprise control panel - don't worry about this unless you are using the paid version of Varnish)

And then attempt to access the varnish agent GUI with:


We can now edit the default VCL and configure it too act as a reverse proxy to another webserver running somewhere else:

sudo vi /etc/varnish/default.vcl

backend default {
    .host = "";
    .port = "8080";

** There is some great documentation here ( that explains the Varnish Configuration Language (VCL) **


Post a Comment