Varnish behind a box redirecting ports


I try to make the first setup you explained on your detailed post

But my architecture is a bit different : my ubuntu LAMP server is just behind my internet box which redirects all needed ports to my server LAN IP :

So i used this IP for both varnish and apache setup, but of course it does not seem to be the right solution.

Can you please help ?

Configure your Internet box (usually ISP router or custom firewall) to send traffic internally. It is called port forwarding. If you Internet box is another Linux system with root shell you can configure iptables firewall to forward port 80/443 (or any port of your choice) to internal LAN port.

Thanks for your quick answer!
Actually the port forwarding is already done and works perfectly as my server is hosting several sites on 80 or 443.
But should i set varnish to listen on public IP or internal server IP ?

You don’t have public IP added to varnish. Your public IP assiged to router. So you setup it as follows:

public ip on router -> varnish on port 80 -> nginx/apache on 8080

Thanks! Yes i tried to do that, so basically configuring varnish with ( is my ubuntu sever IP on the LAN):

ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,1024m


backend default {
    .host = "";
    .port = "8080";

and apache with


And virutalhosts with


Is this correct ?
Thanks a lot

Yup. That is how you chain it. Talk to each layer and do caching where needed.