Change your web server port to run Varnish on the same server

When using Varnish, the goal is to offload pressure from the web servers where the content originates. This is done by pointing the DNS name of your service to the server where Varnish is running. Varnish basically takes over port 80 and 443 for HTTP and HTTPS traffic.

Typically, Varnish and the web server run on different machines. Varnish proxies incoming requests to the web server and caches the responses. However, on smaller setups Varnish can run on the same machine as your web server.

This tutorial explains how to reconfigure the web server to avoid port clashes with Varnish.

Varnish runs on ports 80 and 443#

The first assumption when running Varnish on a “traditional” server setup is that Varnish runs on ports 80 and 443. The following example shows how the varnishd program configures the listening ports with the -a parameter definitions:

/usr/sbin/varnishd \
  -a :80 \
  -a :443,https \

Reconfigure Apache to run on ports 8080 and 8443#

If you’re using Apache, change the listen port values in /etc/apache2/ports.conf or /etc/httpd/conf/httpd.conf from Listen 80 to Listen 8080 and replace <VirtualHost *:80> with <VirtualHost *:8080> in all virtual host files. Depending on your Linux distribution, the Apache home directory is either /etc/apache2 or /etc/httpd.

The following command will handle this:

sudo find /etc/apache2 /etc/httpd -name '*.conf' -exec sed -r -i 's/\bListen 80\b/Listen 8080/g; s/<VirtualHost ([^:]+):80>/<VirtualHost \1:8080>/g' {} ';' 2>/dev/null

If SSL or TLS is enabled, run the following command to replace the entries for port 443 with 8443:

sudo find /etc/apache2 /etc/httpd -name '*.conf' -exec sed -r -i 's/\bListen 443\b/Listen 8443/g; s/<VirtualHost ([^:]+):443>/<VirtualHost \1:8443>/g' {} ';' 2>/dev/null

Then restart Apache with the following command on Debian and Ubuntu systems:

sudo systemctl restart apache2

If your using a Red Hat-based distribution, run the following command to restart Apache:

sudo systemctl restart httpd

Reconfigure Nginx to run on ports 8080 and 8443#

If you’re using Nginx, it’s simply a matter of modifying the listening port in the various virtual host configurations.

The following command will replace listen 80; with listen 8080; in all virtual host files:

sudo find /etc/nginx -type f -exec sed -r -i 's/\blisten (\[[^]]*\]:|[^:]+:)?80\b([^;]*);/listen \18080\2;/g' {} ';'

This command will replace listen 80; with listen 8080; in all files in the /etc/nginx/ folder and all of its subfolders.

If SSL or TLS is enabled, run the following command to replace the entries for port 443 with 8443:

sudo find /etc/nginx -type f -exec sed -r -i 's/\blisten (\[[^]]*\]:|[^:]+:)?443\b([^;]*);/listen \18443\2;/g' {} ';'

Then restart Nginx with the following command:

sudo systemctl restart nginx

Connect Varnish to your web server#

Now that port clashes are avoided by running your web server on ports 8080 and 8443, Varnish needs a backend definition to connect to the web server.

Here’s the minimal VCL code you need to define in /etc/varnish/default.vcl to connect to your local web server on port 8080:

vcl 4.1;

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

If you want to connect over TLS, this is the backend definition you need to securely connect on port 8443:

vcl 4.1;

backend default {
    .host = "127.0.0.1";
    .port = "8443";
    .ssl = 1;
}