Install Varnish 3.0 with VSF (Varnish Security Firewall) on centos 6

Table of Contents

Just finished setting up our cluster of varnish servers and its working nicely.
Using lsyncd to replicate the varnish configs, but thats for another post.

Here is a step by step on howto install varnish with VSF (Varnish Security Firewall) on centos 6.
If have already installed varnish then be sure to uninstall it before completing the steps below.

sed -i 's/SELINUX=.*/SELINUX=permissive/' /etc/sysconfig/selinux
setenforce 0

yum groupinstall "Development Tools" -y
yum install docutils pcre-devel gcc* git nano -y

cd /tmp
wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz
tar xf varnish-3.0.3.tar.gz && cd varnish-3.0.3 && ./configure
make -j3 && make install
cd -

git clone https://github.com/comotion/VSF.git
cd VSF/

git clone https://github.com/fastly/libvmod-urlcode.git
git clone https://github.com/nand2/libvmod-throttle.git
git clone https://github.com/xcir/libvmod-parsereq.git
git clone https://github.com/varnish/libvmod-shield.git

for mod in parsereq urlcode shield throttle; do
   cd libvmod-$mod
   ./autogen.sh && VARNISHSRC=/tmp/varnish-3.0.3 VMODDIR=/usr/lib64/varnish/vmods ./configure && make -j3
   make install
   cd -
done

cd /tmp/varnish-3.0.3 
make uninstall

rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm
yum install varnish -y
chkconfig varnish on

mv /tmp/VSF/ /usr/share/
cd /etc/varnish && ln -s /usr/share/VSF/vcl security

nano /etc/varnish/default.vcl

Now add:
include “/etc/varnish/security/vsf.vcl”;
edit /etc/sysconfig/varnish to change the listen port to 80

reboot and you should be good to go!

Our Services