How to install Varnish and phpMyAdmin on a CentOS 7 VPS with Nginx, MariaDB and PHP-FPM

varnishIn this tutorial, we will show you how to install Varnish cache and phpMyAdmin on a CentOS 7 VPS with Nginx, MariaDB and PHP-FPM. Varnish cache is a web application accelerator created for speeding up dynamic web sites. phpMyAdmin is an open-source web application, created to handle the administration of MySQL databases through a web browser.
Use the following article to install Nginx, MariaDB and PHP-FPM on a CentOS 7 VPS.

Then, it is time to install Varnish and phpMyAdmin.

Enable EPEL Repository:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
yum update
yum install varnish phpMyAdmin

Create a self-signed SSL Certificate so you can access phpMyAdmin using SSL:

mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Configure Varnish to run on port 80 while Nginx on port 8080 and pass the SSL requests straight through to Nginx web server without having to pass it through Varnish. Modify the main Nginx configuration file:

vi /etc/nginx/nginx.conf
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log;

pid        /run/nginx.pid;

events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    keepalive_timeout  60;

    include /etc/nginx/conf.d/*.conf;

    index   index.html index.htm;

    server {
        listen  127.0.0.1:8080;
        root         /usr/share/nginx/html;
        location / {
        }

        error_page  404              /404.html;
        location = /40x.html {
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        }

    location ~ \.php$ {
      root   /usr/share/nginx/html;
      fastcgi_split_path_info  ^(.+\.php)(.*)$;
      fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
      fastcgi_index  index.php;
      fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
      include fastcgi_params;
}
    }


server {
    listen       443;

    ssl                  on;
    ssl_certificate      /etc/nginx/ssl/server.crt;
    ssl_certificate_key  /etc/nginx/ssl/server.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

location / {
root   html;
index  index.html index.htm;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/;
}

location ~ \.php$ {
      root   /usr/share/nginx/html;
      fastcgi_split_path_info  ^(.+\.php)(.*)$;
      fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
      fastcgi_index  index.php;
      fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
      include fastcgi_params;
}
}
}

Open ‘/etc/php-fpm.d/www.conf’ and add/modify the following lines:

vi /etc/php-fpm.d/www.conf
listen = /var/run/php-fpm/php-fpm.sock
user = nginx
group = nginx

Edit the ‘/etc/varnish/default.vcl’ file and add/modify the following lines:

vi /etc/varnish/default.vcl
backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

Edit the ‘/etc/varnish/varnish.params’ file:

vi /etc/varnish/varnish.params
VARNISH_LISTEN_ADDRESS=your_IP
VARNISH_LISTEN_PORT=80

Make sure to change ‘your_IP’ with your actual server IP address.

Enable varnish service to start automatically on server boot using the following command:

systemctl enable varnish.service

Edit the ‘/etc/phpMyAdmin/config.inc.php’ phpMyAdmin configuration file and modify the following line:

vi /etc/phpMyAdmin/config.inc.php

$cfg['Servers'][$i]['auth_type']     = 'http';

Edit ‘php.ini’ and change the ‘session.save_path’ default value to ‘/var/lib/php/session’:

php -i | grep php.ini
Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini
vi /etc/php.ini
session.save_path = "/var/lib/php/session"

Change the ownership of ‘/var/lib/php/session’ directory on your CentOS 7 VPS:

chown -R nginx:nginx /var/lib/php/session

Restart php-fpm, nginx and varnish services:

systemctl restart php-fpm
systemctl restart nginx
systemctl restart varnish

To verify that the Varnish cache is working, check the HTTP response headers:

curl -I http://your_IP

HTTP/1.1 200 OK
Server: nginx/1.6.1
Date: Sat, 16 Aug 2014 00:35:10 GMT
Content-Type: text/html
Last-Modified: Fri, 15 Aug 2014 19:27:58 GMT
ETag: "53ee5f3e-e74"
X-Varnish: 2
Age: 0
Via: 1.1 varnish-v4
Content-Length: 3700
Connection: keep-alive

Open https://your_IP/phpMyAdmin/index.php , enter your MariaDB username and password, and start managing your MariaDB databases.

Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install LEMP, Varnish and phpMyAdmin for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

 

6 thoughts on “How to install Varnish and phpMyAdmin on a CentOS 7 VPS with Nginx, MariaDB and PHP-FPM”

  1. Thanks big time. Every VPS problem has a clear fix in this site. It makes me wish I was your client. Please start selling a 5GB RAM VPS, and I will sign up.

    Reply
    • Thank you for your kind words.
      If you are not satisfied with our pre-defined packages, you can feel free to create a custom VPS at: https://secure.rosehosting.com/clientarea/?cmd=cart&action=add&id=82

      Reply
  2. Hi.
    I can’t start Varnish.

    systemctl restart varnish command result:
    varnish.service - Varnish a high-perfomance HTTP accelerator
    Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled)
    Active: failed (Result: exit-code) since Thu 2014-10-23 10:55:51 IRST; 52min ago
    Process: 8353 ExecStart=/usr/sbin/varnishd -P /var/run/varnish.pid -f $VARNISH_VCL_CONF -a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} -t $VARNISH_TTL -u $VARNISH_USER -g $VARNISH_GROUP -S $VARNISH_SECRET_FILE -s $VARNISH_STORAGE $DAEMON_OPTS (code=exited, status=2)

    my system:
    centsos 7, nginx , php5.4, varnish 4.0.1

    Reply
    • Please check your Varnish and Nginx configuration files and make sure Varnish is configured to run on port 80 while Nginx on port 8080.

      Reply
      • Hi.
        I checked my Varnish and Nginx configuration files.
        every thing is OK.
        but varnish status is same as before. “systemctl status varnish.service”
        this is my SeLinux Alert:
        —————
        SELinux is preventing /usr/sbin/varnishd from using the fowner capability.

        ***** Plugin catchall (100. confidence) suggests **************************

        If you believe that varnishd should have the fowner capability by default.
        Then you should report this as a bug.
        You can generate a local policy module to allow this access.
        Do
        allow this access for now by executing:
        # grep varnishd /var/log/audit/audit.log | audit2allow -M mypol
        # semodule -i mypol.pp

        Additional Information:
        Source Context system_u:system_r:varnishd_t:s0
        Target Context system_u:system_r:varnishd_t:s0
        Target Objects [ capability ]
        Source varnishd
        Source Path /usr/sbin/varnishd
        Port
        Host mycentos
        Source RPM Packages varnish-4.0.1-2.el7.x86_64
        Target RPM Packages
        Policy RPM selinux-policy-3.12.1-153.el7_0.11.noarch
        Selinux Enabled True
        Policy Type targeted
        Enforcing Mode Enforcing
        Host Name mycentos
        Platform Linux mycentos 3.10.0-123.8.1.el7.x86_64 #1 SMP
        Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64
        Alert Count 6
        First Seen 2014-10-23 10:41:58 IRST
        Last Seen 2014-10-26 10:54:38 IRST
        Local ID 3e8d351e-f03a-45fd-91a3-cde86e4272cf

        Raw Audit Messages
        type=AVC msg=audit(1414308278.250:868): avc: denied { fowner } for pid=5923 comm=”varnishd” capability=3 scontext=system_u:system_r:varnishd_t:s0 tcontext=system_u:system_r:varnishd_t:s0 tclass=capability

        type=SYSCALL msg=audit(1414308278.250:868): arch=x86_64 syscall=chmod success=no exit=EPERM a0=7fff6b69d3e0 a1=1ed a2=0 a3=0 items=0 ppid=1 pid=5923 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=varnishd exe=/usr/sbin/varnishd subj=system_u:system_r:varnishd_t:s0 key=(null)

        Hash: varnishd,varnishd_t,varnishd_t,capability,fowner
        ———–
        Thanks.

        Reply

Leave a Comment