Notes Varnish

Varnish

Voir :

• PDF Book Varnish 6 by example
• https://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-138/Varnish-un-proxy-qui-vous-veut-du-bien
• https://makina-corpus.com/blog/metier/2018/varnish-et-drupal-gerer-un-cache-anonyme-etendu

apt-get install varnish varnish-doc

/etc/systemd/system/varnish.service.d/plop.conf

# To add or override specific settings for the Varnish service, place a copy of
# this file in /etc/systemd/system/varnish.service.d/ with a ".conf" suffix,
# and edit to taste.  See man:systemd.directives for what you can change.
#
# To activate, run:
# * "systemctl daemon-reload"
# * "systemctl restart varnish"
 
# Add a documentation link to my own system documentation
[Unit]
Documentation=https://doc.example.com/client_a/varnish_service
 
[Service]
# Clear existing ExecStart= (required)
ExecStart=
# Set a new ExecStart=
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:8080 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,16g

/etc/varnish/default.vcl

#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples.
 
# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
 
# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "8080";
}
 
sub vcl_recv {
    # Happens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.
}
 
sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.
}
 
sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
}

VCL configuration Varnish will automatically append to your VCL file during compilation/loading :
/usr/share/doc/varnish/examples/builtin.vcl.gz

Deux services :

• varnish
• varnishncsa (Display Varnish logs in Apache / NCSA combined log format)

mkdir /lib/systemd/system/varnish.service.d
#cp -p /lib/systemd/system/varnish.service /lib/systemd/system/varnish.service.d/plop.conf
cp -p /usr/share/doc/varnish/examples/systemd/varnish.commandline.conf /lib/systemd/system/varnish.service.d/plop.conf
vim !$

Varnish admin CLI

#varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082

Reload Varnish VCL without losing cache data

/usr/local/bin/varnish_reload.sh

#!/bin/bash
 
TIME=$(date +%s)
varnishadm vcl.load r_$TIME /etc/varnish/default.vcl
varnishadm vcl.use r_$TIME

/lib/systemd/system/varnish.service.d/reload.conf

[Service]
ExecReload=/usr/local/bin/varnish_reload.sh

chmod +x /usr/local/bin/varnish_reload.sh
systemctl daemon-reload
 
# Now you can reload with :
#systemctl reload varnish

Voir :

• Schéma https://raw.githubusercontent.com/varnish/Varnish-Book/master/ui/img/simplified_fsm.svg
• https://github.com/varnish/Varnish-Book/blob/master/varnish_book.rst

VCL

Actions coté client et backend :

• fail (Transition vers vcl_synth)

Actions coté client :

• synth (synthérique, Transition vers vcl_synth
• pass (OK, ne pas utiliser le cache, eveltuelle transition vers vcl_pass)
• pipe (bypass Varnish, Transition vers vcl_pipe)
• restart

Actions coté backend :

• abandon (Unless the backend request was a background fetchTransition vers vcl_synth)

Les Built-in subroutines coté client :

• vcl_recv (point d'entrée)
• vcl_pipe (bypass)
• etc…

varnishd -d -f /etc/varnish/default.vcl

Pour avoir la command de lancement du daemon avec les arguments :

systemctl status varnish

On enlève le -F et on le remplace par un -d

#sudo /usr/sbin/varnishd -j unix,user=vcache -d -F -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
sudo /usr/sbin/varnishd -j unix,user=vcache -d -d -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

Tapez start pour lancer le service

Vérifier la syntax du fichier VCL

varnishd -Cf /etc/varnish/default.vcl

Changer les headers

sub vcl_deliver {
        unset resp.http.Via;
        #unset resp.http.X-Powered-By;
        unset resp.http.X-Varnish;
        #unset resp.http.Age;
        unset resp.http.Server;
}

curl -X PURGE -H "host: www.example.com" "www.example.com/foo"
 
# HTTPie
http PURGE "www.example.com/foo"

varnishadm ban req.http.host == example.com '&&' req.url '~' '\\.png$

• https://www.formatux.fr/formatux-services/module-111-varnish/index.html
• https://www.varnish-software.com/wiki/content/tutorials/varnish/varnish_ubuntu.html
• https://techexpert.tips/fr/varnish-fr/varnish-installation-sur-ubuntu-linux/
• https://www.linuxtricks.fr/wiki/installer-et-configurer-varnish-sur-gentoo-calculatelinux
• https://www.linuxjournal.com/content/speed-your-web-site-varnish
• https://wiki.archlinux.org/index.php/Varnish
• https://www.varnish-software.com/wiki/content/tutorials/varnish/sample_vclTemplate.html
• https://varnish-cache.org/docs/6.1/users-guide/increasing-your-hitrate.html
• https://www.osaxis.fr/mise-en-place-d-un-serveur-de-cache-varnish-reverse-proxy/
• https://devdocs.magento.com/guides/v2.4/config-guide/varnish/config-varnish-configure.html
• https://serverfault.com/questions/715649/extract-configuration-from-a-running-varnish-instance
• https://wiki.evolix.org/HowtoVarnish
• https://ffwagency.com/learning/blog/start-stop-and-restart-varnish-mac
• https://wiki.minet.net/wiki/divers/ha/varnish
• https://blog.link-value.fr/varnish-et-le-cache-55bf23935bd9
• https://feryn.eu/blog/varnish-4-1-haproxy-get-the-real-ip-by-leveraging-proxy-protocol-support/
• https://www.formatux.fr/formatux-services/module-111-varnish/index.html
• https://techexpert.tips/fr/varnish-fr/varnish-installation-sur-ubuntu-linux/
• https://wiki.bruno-tatu.com/doku.php?id=wiki:install-cache-varnish

Architecture :

• https://harish11g.blogspot.com/2012/03/deployment-architectures-varnish-amazon.html
• https://www.infoq.com/fr/presentations/varnishcon-emanuele-rocca-scaling-wikipedia/

varnishlog -g raw
varnishstat -l
varnishstat -1 -n varnish_instancename
sudo varnishlog -n varnish_instancename -q 'ReqHeader ~ "Host: plop.fr"'

purge :

• http://wiki.tuxunix.com/index.php/Purger_le_cache_de_varnish
• https://info.varnish-software.com/blog/failure-to-purge-a-story-about-client.ip-and-proxies

sub vcl_recv {
  # Add a unique header containing the client address
  remove req.http.X-Forwarded-For;
  set    req.http.X-Forwarded-For = client.ip;
  # [...]
}