Rodolfo Bandeira

Rodolfo Bandeira

software, electronics, security, devops, thoughts

Installing Varnish on OpenBSD

Installing Varnish Cache:

Want to install Varnish on OpenBSD? First let’s check our variable $PKG_PATH since we’re using OpenBSD ports:

echo $PKG_PATH

http://openbsd.cs.toronto.edu/pub/OpenBSD/5.7/packages/amd64/

All good! Now let’s install it running:

sudo pkg_add varnish

Password:
quirks-2.54 signed on 2015-03-08T12:33:05Z
useradd: Warning: home directory `/var/varnish' doesn't exist, and -m was not specified
varnish-4.0.2: ok
The following new rcscripts were installed: /etc/rc.d/varnishd
See rcctl(8) for details.
--- +varnish-4.0.2 -------------------
Varnish has a default configuration built in, however see vcl(7)
or the following link for more information:

        http://www.varnish-cache.org/wiki/VCLExamples

and for further information:

        https://www.varnish-cache.org/docs/4.0/

Since I’m using httpd as webserver on my OpenBSD (no, it’s not apache) it’s their own webserver. I had to change the default 80 port to 8080. I’m not gonna cover the binding to 8080 only for local network but you must think about it to avoid someone bypassing your varnish.


Block 8080 from external access using firewall:

Let’s setup a quick firewall rule on your Packet Filter (pf) to block all incoming traffic on port 8080. Let’s edit our pf.conf

sudo vim /etc/pf.conf

And add the rule bellow:

block in on vio0 proto tcp to port 8080

Then you need to reload your pf with:

sudo pfctl -f /etc/pf.conf

You can verify the rules your pf is using with: sudo pfctl -sr


Running Varnish:

To start your varnish, you can use the example config coming out of the box with varnish. The file /etc/varnish/example.vcl doesn’t have actually any real rules or config. It’s a nice point of start to forward connections into your backend running your webserver.

sudo varnishd -f /etc/varnish/example.vcl

I’m probably gonna start studying about varnish from now. Keep in touch to read some posts about it. If you have questions please message me. My contact information on about link.

Rodolfo

Last modified:

LinkedIn
WhatsApp