The sys admin's daily grind: Varnish
Slow and Steady
Columnist Charly gives Apache a slick coat of Varnish for better performance.
One still hears the saying, "Salad tastes much better if you replace it with a juicy steak shortly before you dine," although the humor is debatable. Admins are given tips in the same vein: "Apache delivers static content much faster if you replace it with Nginx shortly before the launch." The saying may not faze vegetarians, but it can cause a stir among server admins, including me.
I've just been assigned the task of tweaking Apache 2.2, which outputs almost only static content, for maximum performance. For several reasons, I can't just send the old guy into the desert. Apache is undisputed in terms of flexibility; however, when it comes to performance, it doesn't even bother to take off in pursuit of its rivals.
If I'm not allowed to ditch Apache, I would at least like to put it on a faster steed, such as a fast cache like Varnish [1]. The makers of Varnish designed it from scratch as a caching instance, and its capabilities are accordingly powerful. I could create complex rules in the specially provided Varnish Cache Language (VCL), but for buffering a static website, all I really need is a lean configuration. To begin, I reroute Apache using NameVirtualHost
and Lists
so that it listens on port 8080 instead of port 80 in future; Varnish can then take over on port 80, and its cache can pass on rich content directly to the client.
Most distributions include Varnish. Debian and its derivatives configure Varnish in /etc/default/varnish
, whereas Red Hat and its relatives use /etc/sysconfig/varnish
. I just need to adjust the command-line parameters for the call (DAEMON_OPTS
). Figure 1 shows the configuration I use for my Apache accelerator; -a :80
specifies that Varnish accepts connections to port 80 on all IPv4 and IPv6 addresses. The -b
parameter tells Varnish where Apache has set up camp.
A running Varnish can be controlled via a Telnet interface whose address and port are specified with the -T
option. For security reasons, I only open the port on localhost
. Additionally, I must know the secret, which is stored in the file for the -S
parameter. The -u
and -g
parameters define the username and group membership, as you might expect.
Cache and Carry
The last line, with the -s
parameter, is the most important one in terms of performance, because it controls the type and size of the cache. I can create the cache in RAM or on a disk partition. In this case, I type:
file, /var/cache/varnish.cache,50%
Varnish then uses up to half of the disk space below /var/cache
. The tool occupies the space immediately, but the cache file only grows gradually.
Cold Turkey
Still, no one should expect miracles from a disk cache. My server fortunately has 16GB of RAM: Apache and Varnish consume some of this, but I can afford to hand over 10GB to the cache. If you try to skimp here, Varnish detours into swap space, and the speed advantage is gone. Thus, with -s malloc,10g
, my legacy Apache can gallop off happily into the sunset.
Infos
- Varnish: http://www.varnish-cache.org
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome Fans Everywhere Rejoice for the Latest Release
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.