Question

How can I enable varnish caching on a LEMP stack while using W3 Total Cache?

Posted October 31, 2019 532 views
NginxCachingLEMPUbuntu 18.04

I tried following this guide: https://www.digitalocean.com/community/tutorials/how-to-configure-varnish-cache-4-0-with-ssl-termination-on-ubuntu-14-04 - however its very old, and most tutorials I can find is either for the LAMP stack, or they do not describe how to function with SSL.

I am kinda stuck in regards to the

proxy_pass section under location / since my own configration looks different, because I have W3 Total Cache enabled.

Could someone point me in the right direction with my nginx configuration? I have installed varnish. I’d like to enable varnish on SSL/https requests.

My nginx configuration:

    server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html/current;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name staging.mysite.com www.staging.mysite.com;

        #location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            #try_files $uri $uri/ =404;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;

            # see https://gist.github.com/magnetikonline/11312172#determine-fastcgi-response-sizes
            fastcgi_buffers 8 16k;
            fastcgi_buffer_size 32k;

        #
        #   # With php7.0-cgi alone:
        #   fastcgi_pass 127.0.0.1:9000;
        #   # With php7.0-fpm:
            fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
           deny all;
        }


        #WordPress specific

            location = /favicon.ico {
                    log_not_found off;
                    access_log off;
            }

            location = /robots.txt {
                    allow all;
                    log_not_found off;
                    access_log off;
            }

            location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                    expires max;
                    log_not_found off;
            }

            #W3 TOTAL CACHE CHECK
            set $cache_uri $request_uri;

            # POST requests and urls with a query string should always go to PHP
            if ($request_method = POST) {
                    set $cache_uri 'null cache';
            }
            if ($query_string != "") {
                    set $cache_uri 'null cache';
            }

            # Don't cache uris containing the following segments
            if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
                    set $cache_uri 'null cache';
            }

            # Don't use the cache for logged in users or recent commenters
            if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
                    set $cache_uri 'null cache';
            }
            #ADD mobile rules from WP SUPER CACHE section above
            #APPEND A CODE BLOCK FROM BELOW..

            # Use cached or actual file if they exists, otherwise pass request to WordPress
            location / {
                    try_files /wp-content/w3tc/pgcache/$cache_uri/_index.html $uri $uri/ /index.php?$args ;
            }


        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/staging.mysite.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/staging.mysite.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    }


    # Virtual Host configuration for example.com
    #
    # You can move that to a different file under sites-available/ and symlink that
    # to sites-enabled/ to enable it.
    #
    #server {
    #   listen 80;
    #   listen [::]:80;
    #
    #   server_name example.com;
    #
    #   root /var/www/example.com;
    #   index index.html;
    #
    #   location / {
    #       try_files $uri $uri/ =404;
    #   }
    #}
    server {
        if ($host = staging.mysite.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot



        server_name staging.mysite.com www.staging.mysite.com;
        listen 80;
        return 404; # managed by Certbot


    }

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi @mattiasf,

There is a way for Varnish to listen on port 443 and use it for SSL however it’s not something I or anyone that has used Varnish recommend it.

Varnish is used primarily on port 80 and not on 443. The standard setup is - varnish to listen on port 80 and Nginx to listen on port 443.

I’ve seen Varnish being used on port 443 just once and it was quite the abomination so to say. Every time a change was required everything broke and didn’t function correctly.

If you do find a viable way though, I’ll be glad if you can post it here so that we can discuss it.

Regards,
KDSys

Submit an Answer