In this tutorial, we will show you how to install Varnish cache and phpMyAdmin on a CentOS 7 VPS with Nginx, MariaDB and PHP-FPM. Varnish cache is a web application accelerator created for speeding up dynamic web sites. phpMyAdmin is an open-source web application, created to handle the administration of MySQL databases through a web browser.
Use the following article to install Nginx, MariaDB and PHP-FPM on a CentOS 7 VPS.
Then, it is time to install Varnish and phpMyAdmin.
Enable EPEL Repository:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
yum update yum install varnish phpMyAdmin
Create a self-signed SSL Certificate so you can access phpMyAdmin using SSL:
mkdir -p /etc/nginx/ssl cd /etc/nginx/ssl openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr cp server.key server.key.org openssl rsa -in server.key.org -out server.key openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Configure Varnish to run on port 80 while Nginx on port 8080 and pass the SSL requests straight through to Nginx web server without having to pass it through Varnish. Modify the main Nginx configuration file:
vi /etc/nginx/nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 60;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 127.0.0.1:8080;
root /usr/share/nginx/html;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/;
}
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
}
}
Open ‘/etc/php-fpm.d/www.conf’ and add/modify the following lines:
vi /etc/php-fpm.d/www.conf
listen = /var/run/php-fpm/php-fpm.sock user = nginx group = nginx
Edit the ‘/etc/varnish/default.vcl’ file and add/modify the following lines:
vi /etc/varnish/default.vcl
backend default {
.host = "127.0.0.1";
.port = "8080";
}
Edit the ‘/etc/varnish/varnish.params’ file:
vi /etc/varnish/varnish.params
VARNISH_LISTEN_ADDRESS=your_IP VARNISH_LISTEN_PORT=80
Make sure to change ‘your_IP’ with your actual server IP address.
Enable varnish service to start automatically on server boot using the following command:
systemctl enable varnish.service
Edit the ‘/etc/phpMyAdmin/config.inc.php’ phpMyAdmin configuration file and modify the following line:
vi /etc/phpMyAdmin/config.inc.php $cfg['Servers'][$i]['auth_type'] = 'http';
Edit ‘php.ini’ and change the ‘session.save_path’ default value to ‘/var/lib/php/session’:
php -i | grep php.ini Configuration File (php.ini) Path => /etc Loaded Configuration File => /etc/php.ini
vi /etc/php.ini
session.save_path = "/var/lib/php/session"
Change the ownership of ‘/var/lib/php/session’ directory on your CentOS 7 VPS:
chown -R nginx:nginx /var/lib/php/session
Restart php-fpm, nginx and varnish services:
systemctl restart php-fpm
systemctl restart nginx
systemctl restart varnish
To verify that the Varnish cache is working, check the HTTP response headers:
curl -I http://your_IP HTTP/1.1 200 OK Server: nginx/1.6.1 Date: Sat, 16 Aug 2014 00:35:10 GMT Content-Type: text/html Last-Modified: Fri, 15 Aug 2014 19:27:58 GMT ETag: "53ee5f3e-e74" X-Varnish: 2 Age: 0 Via: 1.1 varnish-v4 Content-Length: 3700 Connection: keep-alive
Open https://your_IP/phpMyAdmin/index.php , enter your MariaDB username and password, and start managing your MariaDB databases.
Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install LEMP, Varnish and phpMyAdmin for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
Thanks big time. Every VPS problem has a clear fix in this site. It makes me wish I was your client. Please start selling a 5GB RAM VPS, and I will sign up.
Thank you for your kind words.
If you are not satisfied with our pre-defined packages, you can feel free to create a custom VPS at: https://secure.rosehosting.com/clientarea/?cmd=cart&action=add&id=82
Hi.
I can’t start Varnish.
systemctl restart varnish command result:varnish.service - Varnish a high-perfomance HTTP accelerator
Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled)
Active: failed (Result: exit-code) since Thu 2014-10-23 10:55:51 IRST; 52min ago
Process: 8353 ExecStart=/usr/sbin/varnishd -P /var/run/varnish.pid -f $VARNISH_VCL_CONF -a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} -t $VARNISH_TTL -u $VARNISH_USER -g $VARNISH_GROUP -S $VARNISH_SECRET_FILE -s $VARNISH_STORAGE $DAEMON_OPTS (code=exited, status=2)
my system:
centsos 7, nginx , php5.4, varnish 4.0.1
Please check your Varnish and Nginx configuration files and make sure Varnish is configured to run on port 80 while Nginx on port 8080.
Hi.
I checked my Varnish and Nginx configuration files.
every thing is OK.
but varnish status is same as before. “systemctl status varnish.service”
this is my SeLinux Alert:
—————
SELinux is preventing /usr/sbin/varnishd from using the fowner capability.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that varnishd should have the fowner capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep varnishd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:varnishd_t:s0
Target Context system_u:system_r:varnishd_t:s0
Target Objects [ capability ]
Source varnishd
Source Path /usr/sbin/varnishd
Port
Host mycentos
Source RPM Packages varnish-4.0.1-2.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-153.el7_0.11.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name mycentos
Platform Linux mycentos 3.10.0-123.8.1.el7.x86_64 #1 SMP
Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64
Alert Count 6
First Seen 2014-10-23 10:41:58 IRST
Last Seen 2014-10-26 10:54:38 IRST
Local ID 3e8d351e-f03a-45fd-91a3-cde86e4272cf
Raw Audit Messages
type=AVC msg=audit(1414308278.250:868): avc: denied { fowner } for pid=5923 comm=”varnishd” capability=3 scontext=system_u:system_r:varnishd_t:s0 tcontext=system_u:system_r:varnishd_t:s0 tclass=capability
type=SYSCALL msg=audit(1414308278.250:868): arch=x86_64 syscall=chmod success=no exit=EPERM a0=7fff6b69d3e0 a1=1ed a2=0 a3=0 items=0 ppid=1 pid=5923 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=varnishd exe=/usr/sbin/varnishd subj=system_u:system_r:varnishd_t:s0 key=(null)
Hash: varnishd,varnishd_t,varnishd_t,capability,fowner———–
Thanks.
You can either configure your SeLinux to allow access to Varnish or disable your SeLinux and try again.