{{tag>Brouillon Proxy Web Perf}}

= Notes Varnish

Varnish

Voir :
* [[https://info.varnish-software.com/hubfs/E-books/New%20Varnish%20Book%20(2020)/Varnish_6_by_Example.pdf|PDF Book Varnish 6 by example]]
* https://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-138/Varnish-un-proxy-qui-vous-veut-du-bien
* https://makina-corpus.com/blog/metier/2018/varnish-et-drupal-gerer-un-cache-anonyme-etendu

<code bash>
apt-get install varnish varnish-doc
</code>

''/etc/systemd/system/varnish.service.d/plop.conf''
<code ini>
# To add or override specific settings for the Varnish service, place a copy of
# this file in /etc/systemd/system/varnish.service.d/ with a ".conf" suffix,
# and edit to taste.  See man:systemd.directives for what you can change.
#
# To activate, run:
# * "systemctl daemon-reload"
# * "systemctl restart varnish"

# Add a documentation link to my own system documentation
[Unit]
Documentation=https://doc.example.com/client_a/varnish_service

[Service]
# Clear existing ExecStart= (required)
ExecStart=
# Set a new ExecStart=
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:8080 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,16g
</code>

''/etc/varnish/default.vcl''
<code c>
#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples.

# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;

# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

sub vcl_recv {
    # Happens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.
}

sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.
}

sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
}

</code>

VCL configuration Varnish will automatically append to your VCL file during compilation/loading : \\ ''/usr/share/doc/varnish/examples/builtin.vcl.gz''

Deux services : 
* varnish
* varnishncsa (Display Varnish logs in Apache / NCSA combined log format)

<code bash>
mkdir /lib/systemd/system/varnish.service.d
#cp -p /lib/systemd/system/varnish.service /lib/systemd/system/varnish.service.d/plop.conf
cp -p /usr/share/doc/varnish/examples/systemd/varnish.commandline.conf /lib/systemd/system/varnish.service.d/plop.conf
vim !$
</code>

Varnish admin CLI
<code bash>
#varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
</code>


== Reload Varnish 

Reload Varnish VCL without losing cache data


''/usr/local/bin/varnish_reload.sh''
<code bash>
#!/bin/bash

TIME=$(date +%s)
varnishadm vcl.load r_$TIME /etc/varnish/default.vcl
varnishadm vcl.use r_$TIME
</code>

''/lib/systemd/system/varnish.service.d/reload.conf''
<code ini>
[Service]
ExecReload=/usr/local/bin/varnish_reload.sh
</code>

<code bash>
chmod +x /usr/local/bin/varnish_reload.sh
systemctl daemon-reload

# Now you can reload with :
#systemctl reload varnish
</code>

== VCL


Voir : 
* Schéma https://raw.githubusercontent.com/varnish/Varnish-Book/master/ui/img/simplified_fsm.svg
* https://github.com/varnish/Varnish-Book/blob/master/varnish_book.rst

VCL

Actions coté client et backend :
* fail (Transition vers ''vcl_synth'')

Actions coté client :
* synth (synthérique, Transition vers ''vcl_synth'' 
* pass (OK, ne pas utiliser le cache, eveltuelle transition vers ''vcl_pass'')
* pipe (bypass Varnish, Transition vers ''vcl_pipe'')
* restart

Actions coté backend :
* abandon (Unless the backend request was a background fetchTransition vers ''vcl_synth'')

Les Built-in subroutines coté client :
* vcl_recv (point d'entrée)
* vcl_pipe (bypass)
* etc...


== Debug

<code bash>
varnishd -d -f /etc/varnish/default.vcl
</code>

Pour avoir la command de lancement du daemon avec les arguments :
<code bash>
systemctl status varnish
</code>

On enlève le ''-F'' et on le remplace par un ''-d''
<code bash>
#sudo /usr/sbin/varnishd -j unix,user=vcache -d -F -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
sudo /usr/sbin/varnishd -j unix,user=vcache -d -d -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
</code>

Tapez ''start'' pour lancer le service

Vérifier la syntax du fichier VCL
<code bash>
varnishd -Cf /etc/varnish/default.vcl
</code>

Changer les headers

<code c>
sub vcl_deliver {
        unset resp.http.Via;
        #unset resp.http.X-Powered-By;
        unset resp.http.X-Varnish;
        #unset resp.http.Age;
        unset resp.http.Server;
}
</code>


=== Purge du cache

<code bash>
curl -X PURGE -H "host: www.example.com" "www.example.com/foo"

# HTTPie
http PURGE "www.example.com/foo"
</code>


=== Bloquer (BAN)

<code bash>
varnishadm ban req.http.host == example.com '&&' req.url '~' '\\.png$
</code>


== Autres 


* https://www.formatux.fr/formatux-services/module-111-varnish/index.html
* https://www.varnish-software.com/wiki/content/tutorials/varnish/varnish_ubuntu.html
* https://techexpert.tips/fr/varnish-fr/varnish-installation-sur-ubuntu-linux/
* https://www.linuxtricks.fr/wiki/installer-et-configurer-varnish-sur-gentoo-calculatelinux
* https://www.linuxjournal.com/content/speed-your-web-site-varnish
* https://wiki.archlinux.org/index.php/Varnish
* https://www.varnish-software.com/wiki/content/tutorials/varnish/sample_vclTemplate.html
* https://varnish-cache.org/docs/6.1/users-guide/increasing-your-hitrate.html
* https://www.osaxis.fr/mise-en-place-d-un-serveur-de-cache-varnish-reverse-proxy/
* https://devdocs.magento.com/guides/v2.4/config-guide/varnish/config-varnish-configure.html
* https://serverfault.com/questions/715649/extract-configuration-from-a-running-varnish-instance
* https://wiki.evolix.org/HowtoVarnish
* https://ffwagency.com/learning/blog/start-stop-and-restart-varnish-mac
* https://wiki.minet.net/wiki/divers/ha/varnish
* https://blog.link-value.fr/varnish-et-le-cache-55bf23935bd9
* https://feryn.eu/blog/varnish-4-1-haproxy-get-the-real-ip-by-leveraging-proxy-protocol-support/
* https://www.formatux.fr/formatux-services/module-111-varnish/index.html
* https://techexpert.tips/fr/varnish-fr/varnish-installation-sur-ubuntu-linux/
* https://wiki.bruno-tatu.com/doku.php?id=wiki:install-cache-varnish

Architecture :
* https://harish11g.blogspot.com/2012/03/deployment-architectures-varnish-amazon.html
* https://www.infoq.com/fr/presentations/varnishcon-emanuele-rocca-scaling-wikipedia/

<code bash>
varnishlog -g raw
varnishstat -l
varnishstat -1 -n varnish_instancename
sudo varnishlog -n varnish_instancename -q 'ReqHeader ~ "Host: plop.fr"'
</code>

purge :
* http://wiki.tuxunix.com/index.php/Purger_le_cache_de_varnish
* https://info.varnish-software.com/blog/failure-to-purge-a-story-about-client.ip-and-proxies

<code c>
sub vcl_recv {
  # Add a unique header containing the client address
  remove req.http.X-Forwarded-For;
  set    req.http.X-Forwarded-For = client.ip;
  # [...]
}
</code>