Varnish behind a box redirecting ports

crouti · October 2, 2018, 8:36pm

Hi,

I try to make the first setup you explained on your detailed post https://www.cyberciti.biz/faq/how-to-install-and-configure-varnish-cache-on-ubuntu-linux-16-04-lts/

But my architecture is a bit different : my ubuntu LAMP server is just behind my internet box which redirects all needed ports to my server LAN IP : 192.168.0.17

So i used this IP for both varnish and apache setup, but of course it does not seem to be the right solution.

Can you please help ?
Thanks!

nixcraft · October 3, 2018, 4:44am

Configure your Internet box (usually ISP router or custom firewall) to send traffic internally. It is called port forwarding. If you Internet box is another Linux system with root shell you can configure iptables firewall to forward port 80/443 (or any port of your choice) to internal LAN port.

crouti · October 3, 2018, 6:43am

Thanks for your quick answer!
Actually the port forwarding is already done and works perfectly as my server is hosting several sites on 80 or 443.
But should i set varnish to listen on public IP or internal server IP ?
Cheers

tomboi · October 3, 2018, 8:55am

You don’t have public IP added to varnish. Your public IP assiged to router. So you setup it as follows:

public ip on router -> varnish on port 80 -> nginx/apache on 8080

crouti · October 3, 2018, 9:01am

Thanks! Yes i tried to do that, so basically configuring varnish with (192.168.0.17 is my ubuntu sever IP on the LAN):

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a 192.168.0.17:80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,1024m

and

backend default {
    .host = "192.168.0.17";
    .port = "8080";
}

and apache with

Listen 192.168.0.17:8080

And virutalhosts with

<VirtualHost 192.168.0.17:8080>

Is this correct ?
Thanks a lot

nixcraft · October 4, 2018, 5:10am

Yup. That is how you chain it. Talk to each layer and do caching where needed.