Question
How to configure varnish cache for a domain in Plesk?
Answer
This can be achieved using Docker.
Refer to the following steps in order to configure Varnish on the Plesk server using the official varnish docker image.
1. Initial docker preparation and configuring varnish for a static page
-
Navigate to Docker in Plesk, find and the official varnish image in the catalog, click and select the stable(6.6.2) version to run a varnish containre:
-
Setup Manual Mapping for the docker container. At Docker > varnish > Settings uncheck the "Automatic Port Mapping" function and apply the following manual mappings:
80 -> 32780
8443 -> 32781 (we're not going to use this one) -
Disable the "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option on the domain at Domains > example.com > Hosting Settings
-
Create a Docker Proxy Rule on the domain at Domains > example.com > Docker Proxy Rules:
URL: example.com/
Container: varnish
Port: 80 -> 32780 -
Permit connections to the apache2 port 7080 from the docker subnet via iptables:
6.1 Connect to the server via SSH
6.2 Apply the rule using the next command:# iptables -I INPUT -p tcp --dport 7080 -s 172.17.0.0/24 -j ACCEPT
Note: The rule added via command line would be reset on the system reboot, or after applying a custom firewall script/configuration. In order to make it persistent, rather include it in your iptables configuration, or consider scheduling a server-wide cron task.
-
In case there is a Plesk Firewall extension in use, navigate to Tools & Settings > Security(Firewall) > Add Custom Rule:
7.1 Once the rule is saved, click the "Apply Changes" and "Activate" buttons.Note: make sure the docker container was restarted once the Firewall Rules were applied via extension.
7.2 (Optional) if Fail2ban is used, add the docker network to a trusted list.
Navigate to Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses and click Add trusted IP: 172.17.0.0/24 -
Using the next two commands, adjust the Varnish configuration file to use the IP and port of the apache2:
Warning: The domain's IP address should be specified instead of 203.0.113.2, otherwise you will break the docker container. Also, if the container's name was changed from "varnish" to a custom one, don't forget to adjust it within the commands below:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.port/c .port = "7080";' /etc/varnish/default.vcl
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker exec -t {} sed -i '/.host/c .host = "203.0.113.2";' /etc/varnish/default.vcl
-
Restart the varnish container:
# docker ps | grep varnish | awk {'print $1'} | xargs -i docker restart {}
- Starting with Plesk 18.0.56 apache2 now listening on localhost. To make docker container able to fetch data from 0.0.0.0:7080, it is needed to change the apache2 bindings via the next command:
Warning: The operation will take time depending on the server performance and number of domains. Downtime for domains while the operation is performed is expected.
# plesk bin apache --listen-on-localhost false
-
Open the website via…