Without messing with cPanel or Apache’s setup, we can still install Varnish to cache our pages a lot quicker, via the iptables firewall!

The problem was that changing the apache httpd.conf didnt work as expected, as cPanel does a lot of auto generating and tweaking of system files. yuk. i much prefer a terminal any day. Anyway! Lets have a look:

yum install varnish
nano /etc/sysconfig/varnish

comment out configuration 1, 3, and 4, uncomment config 2 and set as follows:

DAEMON_OPTS = " -a :8080 \                                          
                -T localhost:6082 \             
                -f /etc/varnish/default.vcl \              
                -S /etc/varnish/secret \             
                -s malloc,256m"

The -a line is the port varnish will run on. In a normal configuration, Varnish will take over port 80, so make it port 80. In the case of a server using cPanel, if you cant change your apache port to 8080, then you can set varnish to 8080 instead.

nano /etc/varnish/default.vcl

backend default {
    .host = "";
    .port = "80";

The backend is Apache. In a normal varnish setup, this port should be 8080.  Using a reverse system using iptables, apache stays as port 80. Also, the host should become the external IP in this configuration.

Now, depending on your setup, depends what happens next.

Without cPanel, under a standard setup, you will have set Varnish to port 80 and Apache to port 8080. In this case, you must edit your apache httpd.conf, searching and replacing :80 with :8080. Then just stop and start the services as below, skipping the iptables stuff.

With cPanel, we can leave that alone and instead use an iptable rule to send all port 80 requests to varnish at port 8080. Edit ~/.bashrc, pasting this in:

alias varnishon='iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080'
alias varnishoff='iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080'
alias varnishstatus='iptables -L -t nat |grep -q 8080; if [ "test$?" = "test0" ]; then echo "Varnish On"; else echo "Varnish Off"; fi'


You can now call, varnishon, varnishoff, and varnishstatus next login. So logout and login.

Restart Apache and start up varnish:

service httpd restart
service varnish start

You should be able to access your site on port 80 AND port 8080. The difference? Run a curl command to see the headers:

curl -I http://mysite.com
curl -I http://mysite.com:8080

You’ll see the port 8080 mentions varnish.

Last thing to do is enable the iptables rule: Type in your alias command you put in bashrc:


Now port 80 is routing to port 8080, and you have varnished pages, and haven’t touched your cPanel setup!

Considerations: the header shows the page in this weird cPanel workaround setup as 301 moved permanently. Also, the site i was using captured IP addresses, but due to the proxy nature of this setup, the ips captured belonged to the server! The actual way should be to have Apache on 8080 and varnish on 80, and no ip rules at all. If you have access to WHM or cPanel, you are looking for tweak settings, and change the default apache port to 8080 in there! Good luck!