Set Up Nginx + Varnish for High Traffic Websites

Published: | Last Edited:
Category: tech

Nginx + Varnish


nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server

Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.

This guide will go over how to utilize the two components to power a high traffic website. We will take as an the website we want to set up for high traffic caching.


Install nginx and varnish:

$ sudo apt update
$ sudo apt install varnish nginx -y

Check the ports used by nginx and varnish:

$ sudo netstat -tulpn | grep nginx
tcp        0      0*       LISTEN      764635/nginx: maste
tcp        0      0*       LISTEN      764635/nginx: maste
tcp6       0      0 :::80               :::*            LISTEN      764635/nginx: maste
tcp6       0      0 :::443              :::*            LISTEN      764635/nginx: maste

$ sudo netstat -tulpn | grep varnish
tcp        0      0*       LISTEN      715/varnishd
tcp        0      0*       LISTEN      715/varnishd
tcp6       0      0 :::6081             :::*            LISTEN      715/varnishd
tcp6       0      0 ::1:6082            :::*            LISTEN      715/varnishd

By default, varnish will be configured to talk to port 8080 as its default backend. Verify by checking /etc/varnish/default.vcl:

$ cat /etc/varnish/default.vcl
backend default {
    .host = "";
    .port = "8080";

Configure Nginx

Create /etc/nginx/sites-available/ and add the following:

server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers   on;

    add_header Strict-Transport-Security "max-age=31536000";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Referrer-Policy "strict-origin";
    add_header X-XSS-Protection " 1; mode=block";

    location / {
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header HTTPS "on";

      access_log /var/log/nginx/your-website-access.log;
      error_log  /var/log/nginx/your-website-error.log notice;

server {
    listen 8080;
    listen [::]:8080;
    root /var/www/website;
    index index.html index.htm index.php

Explanation of the above configuration: We created 3 server blocks that listen to port 80, 443 and 8080 respectively:

Enable our website configuration:

$ sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

Restart nginx and varnish:

$ sudo systemctl restart nginx
$ sudo systemctl restart varnish


Cache Test

Use curl to test whether varnish is active:

$ curl -I
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Jul 2020 17:41:01 GMT
Content-Type: text/html
Content-Length: 24349
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 17:07:26 GMT
Vary: Accept-Encoding
X-Varnish: 184865969 184770543
Age: 6878
Via: 1.1 varnish (Varnish/6.2)
ETag: W/"5f1d-5aace6ca3b1d1-gzip"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin
X-XSS-Protection:  1; mode=block

Notice the following headers:

X-Varnish: 184865969 184770543
Age: 6878
Via: 1.1 varnish (Varnish/6.2)

It shows the website is being returned by Varnish cache.

Load Test

The result of a load test with 2000 concurrent users on can be found at

Result of 1000 concurrent clients: 1000 concurrent users

Result of 2000 concurrent clients: 2000 concurrent users

What’s Next?

Varnish supports multiple configurations including cache purging, cache skipping and TTL for cached contents. More resources can be found on their website.


Next Post: Jason's Notes: IPv6 Support and Services Page Enhancement
Previous Post: [Series] PART IV: Example Setup of Distributed Load Balancing Wallabag with Data Tier Clustering