SearchVarnish Cloud
Choose a Varnish product from the AWS Marketplace and click “Continue to subscribe”.
Login to your AWS account.
You will see “Terms and conditions”, software offers from Varnish, pricing, and available EC2 instance types. You can choose to subscribe to an annual license to save 20% off the total price. Once you’ve made your selections, click “Continue to configuration”.
First time users may need to click “Accept terms and conditions” before being able to click the ‘Continue to configuration’ button.
Next choose a fulfillment option; a software version and a region to run the product in. Then click “Continue to launch”. You can view pricing details on the right side of the page.
Under “Choose action”, select “Launch from website”.
Scroll down to choose EC2 instance type, VPC settings, subnet settings, security group settings, and key pair settings.
Click “Launch” to run an instance.
Your Varnish Software instance is now up and running!
You can start the instance manually with more flexible options through the AWS EC2 console.
Select “Launch through EC2” and click on the “Launch” button.
The “Request instance wizard” will display. On the first screen (Step 2), set an instance name, choose an appropriate instance type, pick a SSH key, adjust network settings, and configure storage. You can also set how many instances you’d like to start with.
Click “Launch instance” to run an instance.
Your Varnish Software instance is up and running!
You can use the AWS Service Catalog to run an instance.
Select “Copy to service catalog” from the drop-down menu with the correct region and software version selected.
Click “Copy to Service Catalog”.
Note: This tutorial doesn’t cover how to deploy Varnish Software products on Service Catalog.
For more info, visit:
Use the following command to establish a connection:
ssh -i /PATH/TO/SSHKEY username@IPADDRESS
How to access your Linux instance on AWS:
The configuration files are located in different places based on what kind of AMIs you’re running; VCS, Varnish Cache, or Varnish Enterprise.
We’ll cover configuration basics, but for more details and advanced configuration possibilities, refer to these materials:
The enterprise version of Varnish Cache, VE6, contains easy-to-use improvements and performance enhancements, additional functionality such as the Varnish Massive Storage Engine (MSE), Varnish High Availability (VHA), and SSL/TLS backend support. Varnish Enterprise customers can enable frontend SSL/TLS by using Varnish Plus Add-on SSL (Hitch), which is included with the image.
By default, the varnishd process should be running on TCP 80 and 8443. Hitch will be running on port 443.
Default VCL configuration file:
/etc/varnish/default.vcl
Your Varnish instance has been pre-configured with the default settings, which suit most Varnish users, but we advise you to take a look and update the configuration according to your needs. Our documentation site has a reference section with the available runtime options. This will help you to properly configure your Varnish process.
To look at system parameters, run this command:
sudo systemctl cat varnish.service
To change runtime options, input this command on your Varnish instance to override default values:
sudo systemctl edit varnish.service
Edit and save your file. Now restart Varnish by running the following command:
sudo systemctl restart varnish.service
Note: You can do the same for hitch.service.
VCS should be running out of the box without any additional effort. The default password for username vcs is your AWS instance id. Use it when browsing to an instance hostname/ip address.
Red Hat: /etc/varnish/vstatd.params
Ubuntu: /etc/default/vstatd
Find the network information for your running instances on the AWS EC2 Running Instances page via the AWS EC2 Dashboard -> Instances (Running).
Select an instance and you’ll see all related information in the ‘“Detail” tab.
To verify that VCS is running, point your browser to the hostname/ip address of the TCP 6555 (e.g. http://52.51.180.13:6555). The default username is vcs and the default password is an instance id. Once you input credentials correctly, you can see the VCS dashboard without any issues or problems.
In VE6 instances, there should be two varnishd processes running when you SSH to the instances to verify the process table. But, you can simply verify the process status by pointing your browser to http://[ip-address] or https://[ip-address] where you’ll see a “Welcome” page.
Your varnishd should now be running nicely. You can assign a running web server backend to a default VCL configuration in /etc/varnish/default.vcl.
If you don’t see a welcome page, the process is not running or you don’t have port 80 and 443 open to the instance.
If you log into the instance with SSH, you can check the status on Varnish with this command:
terminal$ sudo systemctl status varnish.service
varnish.service - Varnish Cache, a high-performance HTTP accelerator
Loaded: loaded (/lib/systemd/system/varnish.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/varnish.service.d
└─override.conf
Active: active (running) since Mon 2020-05-04 14:19:24 UTC; 3min 39s ago
Process: 9904 ExecStart=/usr/sbin/varnishd -a :80 -a 127.0.0.1:8443,proxy -S /etc/varnish/secret -T localhost:6082 -f /etc/varnish/default.vcl -s malloc,256m (code=exited, status=0/SUCCESS)
Main PID: 9919 (varnishd)
Tasks: 217
CGroup: /system.slice/varnish.service
├─9919 /usr/sbin/varnishd -a :80 -a 127.0.0.1:8443,proxy -S /etc/varnish/secret -T localhost:6082 -f /etc/varnish/default.vcl -s malloc,256m
└─9938 /usr/sbin/varnishd -a :80 -a 127.0.0.1:8443,proxy -S /etc/varnish/secret -T localhost:6082 -f /etc/varnish/default.vcl -s malloc,256m
May 04 14:19:23 ip-10-0-1-88 systemd[1]: Stopped Varnish Cache, a high-performance HTTP accelerator.
May 04 14:19:23 ip-10-0-1-88 systemd[1]: Starting Varnish Cache, a high-performance HTTP accelerator...
May 04 14:19:24 ip-10-0-1-88 varnishd[9904]: Debug: Version: varnish-6.0.6 revision 29a1a8243dbef3d973aec28dc90403188c1dc8e7
May 04 14:19:24 ip-10-0-1-88 varnishd[9919]: Version: varnish-6.0.6 revision 29a1a8243dbef3d973aec28dc90403188c1dc8e7
May 04 14:19:24 ip-10-0-1-88 varnishd[9904]: Debug: Platform: Linux,4.15.0-1065-aws,x86_64,-junix,-smalloc,-sdefault,-hcritbit
May 04 14:19:24 ip-10-0-1-88 varnishd[9919]: Platform: Linux,4.15.0-1065-aws,x86_64,-junix,-smalloc,-sdefault,-hcritbit
May 04 14:19:24 ip-10-0-1-88 varnishd[9904]: Debug: Child (9938) Started
May 04 14:19:24 ip-10-0-1-88 varnishd[9919]: Child (9938) Started
May 04 14:19:24 ip-10-0-1-88 varnishd[9919]: Child (9938) said Child starts
May 04 14:19:24 ip-10-0-1-88 systemd[1]: Started Varnish Cache, a high-performance HTTP accelerator.
To show what process is listening on what port, you can use netstat. Hitch should listen on 443 and varnishd should listen on port 80, 8443, and 6082:
terminal$ netstat -peanut
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 45162 9919/varnishd
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 101 15837 653/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 19211 978/sshd
tcp 0 0 127.0.0.1:8443 0.0.0.0:* LISTEN 0 45164 9919/varnishd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 19342 992/hitch
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 0 45187 9919/varnishd
tcp 0 356 10.0.1.88:22 46.9.119.82:52976 ESTABLISHED 0 25997 2291/sshd: ubuntu [
tcp6 0 0 :::80 :::* LISTEN 0 45163 9919/varnishd
tcp6 0 0 :::22 :::* LISTEN 0 19222 978/sshd
tcp6 0 0 :::443 :::* LISTEN 0 19343 992/hitch
udp 0 0 127.0.0.53:53 0.0.0.0:* 101 15836 653/systemd-resolve
udp 0 0 10.0.1.88:68 0.0.0.0:* 100 46003 638/systemd-network
Next steps:
Configure the location of a web server backend. You have to SSH to the instance and edit /etc/varnish/default.vcl, add a backend, and define your VCL caching rules:
terminal$ sudo vi /etc/varnish/default.vcl
Restart varnishd service to activate the current configuration:
terminal$ sudo systemctl restart varnish.service
Update your site’s DNS record to be a hostname/ip address of the running Varnish Cache or Varnish Enterprise instances. After making changes in the DNS record (allowing for DNS TTL expiry), traffic will start coming to this instance.
For more advanced features of VE6, please refer to the Varnish Enterprise documentation.
Contact The Cloud Team if your instance is not running as expected. Customers who purchase VCS or VE AMIs on AWS are eligible for Varnish Cloud support and software updates provided by the engineering team. Submit the Varnish Cloud Support Activation form for help.
Check out After Configuration for more things you can do with Varnish Cloud products.