Formatting code for Varnish
{{parent page="WebServer"}}
===Varnish===
Get it from http://varnish.projects.linpro.no/
==Install==
Just do a source install. If you distribution keeps things up to date, you may be able to get it via yum / aptitute.
==Config==
For Fedora / Redhat, one can copy the following files:
redhat/varnish.sysconfig -> /etc/sysconfig/varnish
redhat/varnish.initrc -> /etc/init.d/varnish
Create the group & user varnish, then create the cache directory specified in /etc/sysconfig/varnish. Edit the ports specified in that config file, and change the init script to use /usr/local/sbin/varnish. Varnish should start up fine.
==Log==
Varnish logs with separate process. The init script is available from redhat/varnishlog.initrc. Once started, one can use **varnishlog** to examine the log database.
==default.vcl==
Varnish may require some tweaking for dynamic content. In my test, if the URL doesn't change, the content is not refreshed. My jsp file simple reports the current time including the second, and that does not work very well. I had to tell varnish not to cache jsp files -
v2.0 style (plus ip + url filter)
%%
backend default {
.host = "127.0.0.1";
.port = "801";
}
sub vcl_recv {
# do not cache POST
if (req.request == "POST" ) {
return (pass);
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization || req.http.Cookie) {
/* Not cacheable by default */
return (pass);
}
return (lookup);
}
acl localip {
"192.168.13.10";
}
sub vcl_recv {
if (client.ip ~ localip) {
if (req.url ~ "^/admin") {
error 403 "Hmm...";
}
}
}
}
%%
V1.x style
%%
backend default {
set backend.host = "127.0.0.1";
set backend.port = "8080";
}
acl clientnet {
"1.2.3.4";
"2.3.4.5";
}
# This prevents varnish from caching *.jsp and *.jspx
sub vcl_recv {
if (req.request == "GET" && req.url ~ "\.(jsp|jspx)$") {
pass;
}
# filter access to certain url
if (req.url ~ "^/admin") {
if (!client.ip ~ clientnet) {
error 403 "Access restricted.";
}
}
// Do not cache authenticated session
if (req.http.Cookie && req.http.Cookie ~ "authtoken=") {
pipe;
}
lookup;
}
%%
There are three keywords with vcl file:
pipe: check the next rule
pass: do not cache
lookup: cache
===Varnishadm===
Flush all cache
%%
varnishadm -T 127.0.0.1:6082 url.purge "."
%%
===modify host header===
One can modify the host header of incoming request in the vcl_recv section:
%%
sub vcl_recv {
# set host header
set req.http.Host = "www.waterlovinghead.com";
...
}
%%
===Varnish===
Get it from http://varnish.projects.linpro.no/
==Install==
Just do a source install. If you distribution keeps things up to date, you may be able to get it via yum / aptitute.
==Config==
For Fedora / Redhat, one can copy the following files:
redhat/varnish.sysconfig -> /etc/sysconfig/varnish
redhat/varnish.initrc -> /etc/init.d/varnish
Create the group & user varnish, then create the cache directory specified in /etc/sysconfig/varnish. Edit the ports specified in that config file, and change the init script to use /usr/local/sbin/varnish. Varnish should start up fine.
==Log==
Varnish logs with separate process. The init script is available from redhat/varnishlog.initrc. Once started, one can use **varnishlog** to examine the log database.
==default.vcl==
Varnish may require some tweaking for dynamic content. In my test, if the URL doesn't change, the content is not refreshed. My jsp file simple reports the current time including the second, and that does not work very well. I had to tell varnish not to cache jsp files -
v2.0 style (plus ip + url filter)
%%
backend default {
.host = "127.0.0.1";
.port = "801";
}
sub vcl_recv {
# do not cache POST
if (req.request == "POST" ) {
return (pass);
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization || req.http.Cookie) {
/* Not cacheable by default */
return (pass);
}
return (lookup);
}
acl localip {
"192.168.13.10";
}
sub vcl_recv {
if (client.ip ~ localip) {
if (req.url ~ "^/admin") {
error 403 "Hmm...";
}
}
}
}
%%
V1.x style
%%
backend default {
set backend.host = "127.0.0.1";
set backend.port = "8080";
}
acl clientnet {
"1.2.3.4";
"2.3.4.5";
}
# This prevents varnish from caching *.jsp and *.jspx
sub vcl_recv {
if (req.request == "GET" && req.url ~ "\.(jsp|jspx)$") {
pass;
}
# filter access to certain url
if (req.url ~ "^/admin") {
if (!client.ip ~ clientnet) {
error 403 "Access restricted.";
}
}
// Do not cache authenticated session
if (req.http.Cookie && req.http.Cookie ~ "authtoken=") {
pipe;
}
lookup;
}
%%
There are three keywords with vcl file:
pipe: check the next rule
pass: do not cache
lookup: cache
===Varnishadm===
Flush all cache
%%
varnishadm -T 127.0.0.1:6082 url.purge "."
%%
===modify host header===
One can modify the host header of incoming request in the vcl_recv section:
%%
sub vcl_recv {
# set host header
set req.http.Host = "www.waterlovinghead.com";
...
}
%%
