Home Debian How to Install Varnish on Debian

How to Install Varnish on Debian

Debian September 4, 2025 0 Comment

Install Varnish on Debian

Are you looking to supercharge your website’s performance? Installing Varnish on Debian might just be the game-changer you need. This powerful HTTP accelerator can dramatically reduce your server load and improve page loading times by up to 1000%. In this comprehensive guide, I’ll walk you through every step of installing and configuring Varnish on your Debian system.

What is Varnish Cache?

Varnish Cache is a web application accelerator, also known as a caching HTTP reverse proxy. Think of it as a super-fast middleman that sits between your users and your web server. When someone requests a page from your website, Varnish serves the cached version instead of making your backend server do all the heavy lifting again.

Key Benefits of Using Varnish

The statistics speak for themselves – websites using Varnish typically see:

  • 300-1000% improvement in response times
  • 90% reduction in backend server load
  • Significantly better user experience leading to higher conversion rates
  • Lower hosting costs due to reduced server resource usage

Major companies like Facebook, Twitter, and The Guardian rely on Varnish to handle millions of requests daily. That’s how powerful this tool can be for your infrastructure.

How Varnish Works

Varnish operates using a simple but effective principle. When a user requests content:

  1. Varnish checks if it has a cached version
  2. If yes, it serves the cached content immediately
  3. If no, it fetches the content from your backend server
  4. Varnish then caches this content for future requests

This process happens in milliseconds, making your website feel lightning-fast to users.

Prerequisites for Installing Varnish on Debian

Before we dive into the installation process, let’s make sure your system is ready.

System Requirements

Your Debian system should meet these minimum requirements:

  • Debian 9 (Stretch) or newer – I recommend Debian 11 or 12 for best results
  • Minimum 512MB RAM – though 1GB+ is recommended for production use
  • Root or sudo access – you’ll need administrative privileges
  • Active internet connection – for downloading packages

Required Permissions

You’ll need either root access or a user account with sudo privileges. Most of the commands in this guide will require elevated permissions, so make sure you’re prepared.

Checking Your Debian Version

Let’s start by confirming your Debian version:

lsb_release -a

Or alternatively:

cat /etc/debian_version

This information will help us choose the best installation method for your system.

Installing Varnish on Debian Using APT

The easiest way to install Varnish is through Debian’s default package repository. This method ensures compatibility and automatic security updates.

Updating Your System

First, let’s make sure your system is up to date:

sudo apt update && sudo apt upgrade -y

This command refreshes your package lists and upgrades any outdated packages. It’s always a good practice to start with a fresh system.

Installing Varnish from Default Repository

Now, let’s install Varnish:

sudo apt install varnish -y

The installation process typically takes 2-3 minutes, depending on your internet connection. The package manager will automatically handle all dependencies.

Verifying the Installation

Once installation completes, verify that Varnish is properly installed:

varnishd -V

You should see output showing the Varnish version and build information. If you see this, congratulations – Varnish is successfully installed!

Installing Varnish from Official Repository

While the default repository works fine, you might want the latest features and security updates. The official Varnish repository often has newer versions.

Adding the Varnish Repository

First, let’s add the official Varnish repository. We need to install some prerequisites:

sudo apt install curl gnupg apt-transport-https -y

Next, add the repository key:

curl -fsSL https://packagecloud.io/varnishcache/varnish70/gpgkey | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/varnishcache_varnish70.gpg

Now add the repository:

echo "deb https://packagecloud.io/varnishcache/varnish70/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/varnishcache_varnish70.list

Installing Latest Varnish Version

Update your package lists and install Varnish:

sudo apt update
sudo apt install varnish -y

Comparing Repository Options

Here’s a quick comparison to help you decide:

Default Repository:

  • ✅ Stable and tested
  • ✅ Automatic security updates
  • ❌ Older versions
  • ❌ Fewer features

Official Repository:

  • ✅ Latest features
  • ✅ Recent security patches
  • ❌ Potentially less stable
  • ❌ Manual repository management

For production environments, I typically recommend the default repository unless you need specific new features.

Basic Varnish Configuration

Now that Varnish is installed, let’s configure it properly. The configuration process might seem complex initially, but I’ll guide you through each step.

Understanding the Default Configuration

Varnish’s main configuration file is located at /etc/varnish/default.vcl. Let’s examine it:

sudo cat /etc/varnish/default.vcl

This file uses Varnish Configuration Language (VCL), which defines how Varnish handles requests. The default configuration is quite basic and needs customization for most use cases.

Configuring Backend Servers

Your backend server is where Varnish fetches content when it’s not cached. Let’s configure this:

sudo nano /etc/varnish/default.vcl

Add or modify the backend definition:

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

This configuration assumes your web server (Apache/Nginx) runs on port 8080. You’ll need to reconfigure your web server to use a different port since Varnish will use port 80.

Setting Up VCL Files

VCL files control Varnish’s behavior. Here’s a basic configuration that works well for most websites:

vcl 4.1;

backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .connect_timeout = 600s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
}

sub vcl_recv {
    # Remove cookies for static content
    if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|pdf|flv|txt)$") {
        unset req.http.cookie;
    }
}

sub vcl_backend_response {
    # Cache static content for 1 hour
    if (bereq.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|pdf|flv|txt)$") {
        set beresp.ttl = 3600s;
        set beresp.http.Cache-Control = "public, max-age=3600";
    }
}

Starting and Managing Varnish Service

With configuration in place, let’s get Varnish running.

Starting Varnish for the First Time

Before starting Varnish, we need to configure the service settings:

sudo nano /etc/default/varnish

Modify these key settings:

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

This configuration:

  • Sets Varnish to listen on port 80
  • Enables management interface on port 6082
  • Allocates 256MB for cache storage

Enabling Auto-Start on Boot

Enable and start the Varnish service:

sudo systemctl enable varnish
sudo systemctl start varnish

Managing Varnish with Systemd

Here are essential systemd commands for managing Varnish:

# Check status
sudo systemctl status varnish

# Restart service
sudo systemctl restart varnish

# Stop service
sudo systemctl stop varnish

# View logs
sudo journalctl -u varnish

Testing Your Varnish Installation

Testing is crucial to ensure everything works correctly.

Checking Varnish Status

First, verify that Varnish is running:

sudo systemctl status varnish

You should see “active (running)” in green. If not, check the logs for error messages.

Testing Cache Performance

Let’s test if caching works properly. Make a request to your server:

curl -I http://your-server-ip/

Look for these headers in the response:

  • Via: 1.1 varnish – confirms request went through Varnish
  • X-Varnish: 123456 – shows Varnish request ID
  • Age: 0 – indicates cache age (0 for first request)

Make the same request again – the Age header should now show a positive number, confirming the content was served from cache.

Using Varnish Administration Tools

Varnish includes powerful administration tools. Connect to the management interface:

sudo varnishadm

Useful commands within varnishadm:

  • ban req.url ~ ".*" – clear all cache
  • ban req.url ~ "/path" – clear specific path
  • backend.list – show backend status

Advanced Configuration Options

Let’s explore some advanced settings to optimize your Varnish installation.

Memory Management Settings

Memory allocation significantly impacts performance. For a server with 4GB RAM, consider:

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,1g"

The general rule is to allocate 50-70% of available RAM to Varnish, leaving enough for the operating system and other services.

Port Configuration

You might need to adjust ports based on your setup:

# For HTTPS setups with SSL termination
DAEMON_OPTS="-a :8080 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,512m"

SSL/TLS Considerations

Varnish doesn’t handle SSL directly. For HTTPS websites, you have two options:

  1. SSL Termination Proxy: Use Nginx or Apache as SSL terminator
  2. Load Balancer: Use external load balancer for SSL handling

Here’s a typical setup with Nginx as SSL terminator:

  • Nginx handles HTTPS on port 443
  • Nginx forwards to Varnish on port 80
  • Varnish forwards to backend on port 8080

Common Issues and Troubleshooting

Even with careful installation, you might encounter some issues. Let’s address the most common ones.

Permission Errors

If you see permission denied errors, check:

# Verify varnish user exists
id varnish

# Check file permissions
ls -la /etc/varnish/

Fix permissions if needed:

sudo chown -R varnish:varnish /var/lib/varnish/
sudo chmod 644 /etc/varnish/default.vcl

Port Conflicts

Port 80 conflicts are common. Check what’s using port 80:

sudo netstat -tulpn | grep :80

If Apache or Nginx is using port 80, reconfigure them to use port 8080:

For Apache:

sudo nano /etc/apache2/ports.conf
# Change Listen 80 to Listen 8080

For Nginx:

sudo nano /etc/nginx/sites-available/default
# Change listen 80 to listen 8080

Performance Issues

If Varnish seems slow, check these factors:

  1. Insufficient memory allocation
  2. Backend server performance
  3. VCL configuration errors
  4. Network connectivity issues

Use these diagnostic commands:

# Check memory usage
sudo varnishstat

# Monitor backend health
sudo varnishadm backend.list

# View detailed logs
sudo varnishlog

Best Practices for Varnish on Debian

Following best practices ensures optimal performance and security.

Security Hardening

Implement these security measures:

1. Restrict management interface:

DAEMON_OPTS="-a :80 \
             -T 127.0.0.1:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,512m"

2. Secure the secret file:

sudo chmod 600 /etc/varnish/secret
sudo chown varnish:varnish /etc/varnish/secret

3. Use firewall rules:

sudo ufw deny 6082
sudo ufw allow 80

Performance Optimization

Optimize for maximum performance:

  1. Tune cache policies based on your content
  2. Set appropriate TTL values for different content types
  3. Use Grace mode for better user experience during backend issues
  4. Monitor cache hit rates and adjust accordingly

Monitoring and Maintenance

Set up monitoring to track:

  • Cache hit ratio – should be above 80%
  • Backend response times – monitor for slowdowns
  • Memory usage – prevent cache thrashing
  • Error rates – catch issues early

Use tools like:

  • varnishstat for real-time statistics
  • varnishlog for detailed request logging
  • External monitoring with tools like Nagios or Zabbix

Frequently Asked Questions

1. What’s the difference between installing from default repository vs official repository?
The default Debian repository offers more stable, well-tested versions with automatic security updates, while the official Varnish repository provides the latest features and versions. For production environments, I recommend the default repository unless you need specific new features.

2. How much RAM should I allocate to Varnish?
Generally, allocate 50-70% of your available RAM to Varnish cache storage, leaving enough for the operating system and other services. For example, on a 4GB server, allocating 1-2GB to Varnish is typically optimal.

3. Can I use Varnish with SSL/HTTPS websites?
Varnish doesn’t handle SSL directly, but you can use SSL termination with a reverse proxy like Nginx or Apache. The proxy handles HTTPS requests and forwards them to Varnish over HTTP internally.

4. How do I clear the Varnish cache?
You can clear cache using the varnishadm command: sudo varnishadm "ban req.url ~ .*" clears all cache, or sudo varnishadm "ban req.url ~ /specific-path" clears specific URLs.

5. Why isn’t my cache working properly?
Common reasons include: cookies preventing caching, incorrect VCL configuration, short TTL values, or backend sending no-cache headers. Check your VCL file and use varnishlog to debug request handling.

Marshall https://linuxtips.us
Marshall Anthony is a professional Linux DevOps writer with a passion for technology and innovation. With over 8 years of experience in the industry, he has become a go-to expert for anyone looking to learn more about Linux.

Related Posts

How to Install Jenkins on Debian

How to Install MongoDB on Debian

How to Install Vivaldi Browser on Debian

How to Install Thunderbird on Debian

How to Install Firefox on Debian

How to Install Microsoft Edge on Debian