How to configure varnish cache for a domain in Plesk?

Log into Plesk

Navigate to Docker in Plesk, find and the official varnish image in the catalog, click and select the stable(6.6.2) version to run a varnish containre:

Setup Manual Mapping for the docker container. At Docker > varnish > Settings uncheck the "Automatic Port Mapping" function and apply the following manual mappings:

80 -> 32780
8443 -> 32781 (we're not going to use this one)

Disable the "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option on the domain at Domains > example.com > Hosting Settings

Create a Docker Proxy Rule on the domain at Domains > example.com > Docker Proxy Rules:
URL: example.com/
Container: varnish
Port: 80 -> 32780

Permit connections to the apache2 port 7080 from the docker subnet via iptables:
6.1 Connect to the server via SSH
6.2 Apply the rule using the next command:

# iptables -I INPUT -p tcp --dport 7080 -s 172.17.0.0/24 -j ACCEPT

Note: The rule added via command line would be reset on the system reboot, or after applying a custom firewall script/configuration. In order to make it persistent, rather include it in your iptables configuration, or consider scheduling a server-wide cron task.

In case there is a Plesk Firewall extension in use, navigate to Tools & Settings > Security(Firewall) > Add Custom Rule:

7.1 Once the rule is saved, click the "Apply Changes" and "Activate" buttons.

Note: make sure the docker container was restarted once the Firewall Rules were applied via extension.
7.2 (Optional) if Fail2ban is used, add the docker network to a trusted list.
Navigate to Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses and click Add trusted IP: 172.17.0.0/24

Using the next two commands, adjust the Varnish configuration file to use the IP and port of the apache2:

Warning: The domain's IP address should be specified instead of 203.0.113.2, otherwise you will break the docker container. Also, if the container's name was changed from "varnish" to a custom one, don't forget to adjust it within the commands below:

# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.port/c .port = "7080";' /etc/varnish/default.vcl

# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.host/c .host = "203.0.113.2";' /etc/varnish/default.vcl

Restart the varnish container:

# docker ps | grep varnish | awk {'print $1'} | xargs -i docker restart {}

Starting with Plesk 18.0.56 apache2 now listening on localhost. To make docker container able to fetch data from 0.0.0.0:7080, it is needed to change the apache2 bindings via the next command:

Warning: The operation will take time depending on the server performance and number of domains. Downtime for domains while the operation is performed is expected.

# plesk bin apache --listen-on-localhost false

Open the website via browser and check the headers of the page…