Re: cache purging questions
Matthew Hoopes writes: > I've tried a whole gang of regular expressions involving backslashes > and .* everywhere, but I get either "Syntax Error: Illegal backslash > sequence" or it just doesn't clear the cache of the objects i'm trying > to clear. > > Is it even possible to clear the cache based on hostname? yes, see below. > If someone could show me an example of how to clear the cache of every > object from a domain (if possible) i'd be very grateful. When I do "varnishadm -T localhost:6082 help", the "url.purge" mentioned in varnishd(1) is not visible, but rather a group of commands starting with "purge" After a minute of testing: varnishadm -T localhost:6082 \ 'purge req.http.host == "www.example.org" && req.url ~ /foo|bar/' ...neat. varnishadm -T localhost:6082 'purge.list' ...even more neat :) This is on varnishd 2.0.4, by the way. -- Stig Sandbeck Mathisen ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Weird backend selection policy
On Wed, Mar 25, 2009 at 07:14:45PM +0300, Sergei Kononov wrote:
> Update:
>
> Well, I spent almost whole day to figure out why this problem happend. As I
> mentioned earlier the most strange thing is missing log entries for 404 in
> varnishlog (but they are seen in tcpdump). I tried few modifications to
> vcl_recv and noticed that if remove "pipe" from:
> if ( req.url ~ "^/api/.*" ) {
> set req.backend = b2;
> set req.url = regsub(req.url, "^/api/", "/")
> set req.http.X-Cacheable = "false";
> pipe; # ---> remove it
> }
>
> Everything start to working fine. It's really strange behavior and
> almost unpredictable. I suppose there is some bug in parsing of VCL or
> something related to vcl anyway.
The "pipe" makes all subsequent requests on the same TCP connection go to the
same backend unaltered. When you use "pipe", it's just a stream of bytes
between the client and the backend. Add:
sub vcl_pipe {
set req.http.connection = "close";
}
A comment have been added to sub vcl_pipe in the default VCL in trunk regarding
this issue, see around line 64 in:
http://varnish.projects.linpro.no/browser/trunk/varnish-cache/bin/varnishd/default.vcl
--
Stig Sandbeck Mathisen
Senior systemadministrator, leder faggruppe nettverk
Redpill Linpro AS - Changing the Game
signature.asc
Description: Digital signature
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Removing Headers
On Tue, Nov 18, 2008 at 01:54:58PM +0530, Paras Fadte wrote: > Hi, > > Can response headers like "X-Varnish" and "Via" be removed ? Yes The subroutine you are looking for is "vcl_deliver", the headers are available as resp.http., they can be removed with the "remove" keyword. See the vcl(7) man page. -- Stig Sandbeck Mathisen <[EMAIL PROTECTED]> Redpill Linpro AS - Changing the Game signature.asc Description: Digital signature ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: zope-plone.vcl
On Thu, 1 May 2008 23:22:17 +0200, Wichert Akkerman <[EMAIL PROTECTED]> said: > I have some improvements pending for that one as well: a few > cleanups and switching to url_purge. Would it make sense, in vcl_recv, to put the PURGE check inside the "not GET and not HEAD" block as well? Not sure what it means performance wise, but it removes one conditional for a normal GET request. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: zope-plone.vcl
On Fri, 2 May 2008 02:41:11 -0700, Ricardo Newbery <[EMAIL PROTECTED]> said: > The problem with the example zope-plone.vcl is that it excludes ALL > cookie-authenticated responses -- even those inline images, css, and > javascript files that otherwise would be cacheable in downstream > caches -- making authenticated browsing unnecessarily taxing on the > backend. That's certainly true, yes. The zope-plone.vcl example is not in any way efficient for authenticated sessions. As I recall, it was originally used for sites which did not publish through Varnish at all, or used authenticated sessions. I'll look at the points in this thread, test a bit, and update the example. The plone.recipe.varnish template looks especially nice. Are there any good reasons not to run Plone with the CacheFu (or CacheSetup) product installed? Would a non-CacheFu example be of any use? -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: unprocessed requests
On Thu, 24 Apr 2008 06:52:29 +0200, Stig Sandbeck Mathisen <[EMAIL PROTECTED]>
said:
> If one request goes is directed to "pipe", and the connection is
> kept open, other requests will go through the same connection
> without being inspected touched by varnish. This is especially
> visible after a login in zope (or plone), which is done via the POST
> method.
On further inspection of source and tickets, using "pipe" and
'req.http.connection = "close";' should be done for 1.1.2. For 1.2,
which includes the "2115" changeset, you should be able to use "pass"
instead of "pipe" for POST, enabling connection reuse.
My relevant vcl for 1.2 :
sub vcl_recv {
# Normalize Host: header to limit cache usage
if (req.http.host ~ "^(www.)?fnord.no") {
set req.http.host = "fnord.no";
set req.backend = zope_195;
set req.url =
"/VirtualHostBase/http/fnord.no:80/Sites/fnord.no/VirtualHostRoot" req.url;
} elsif () {
# [...]
} else {
error 404 "Unknown virtual host"
}
if (req.request == "POST") {
pass;
}
if (req.request != "GET" && req.request != "HEAD") {
# [...]
}
# [...]
}
A few short tests on one of my own sites shows it to not break
immediately, at least. :)
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: unprocessed requests
On Wed, 23 Apr 2008 17:32:25 +0200, Wichert Akkerman <[EMAIL PROTECTED]> said:
> We are seeing some very weird behaviour with requests that seem to
> be getting send to the backend server and returned to the browser
> without any VCL processing happening. I've submitted a ticket with
> all the information we have at
> http://varnish.projects.linpro.no/ticket/232 .
Try changing:
,
| if (req.request != "GET" && req.request != "HEAD") {
| pipe;
| }
`
to
,
| if (req.request != "GET" && req.request != "HEAD") {
| set req.http.connection = "close";
| pipe;
| }
`
Do this for all "pipe;"'s in your vcl.
If one request goes is directed to "pipe", and the connection is kept
open, other requests will go through the same connection without being
inspected touched by varnish. This is especially visible after a
login in zope (or plone), which is done via the POST method.
The "zope-plone" example VCL does not reflect this, unfortunately.
> I'm a bit at a loss how to debug this further. Is there something we
> can take a look at? Unfortunately I do not have root access to the
> relevant machines, so I can not get a network dump.
As a non-privileged user, you may still have access to run
"varnishlog", to see details of your client and backend traffic, as
well as what happens with your request through VCL.
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Munin-Plugin
On Wed, 23 Apr 2008 12:14:14 +0200, Florian Engelhardt <[EMAIL PROTECTED]> said: > Any idea of what is going wrong? If you're using COUNTER in your munin plugin, you'll get large spikes when the counter you're tracking resets. If this is the case, you should use DERIVE instead for the peaking graph. If the varnish worker process restarts, it will start out empty (shown as the hit/miss graph dropping to 0% hit, and rising, then flattening out at the previous level after a while), and the counters will reset (shown as the large spike when COUNTER is used by rrdtool update). See http://munin.projects.linpro.no/wiki/HowToWritePlugins#DERIVEDvs.COUNTER -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Unprivileged user?
On Wed, 16 Apr 2008 06:56:37 +, "Poul-Henning Kamp" <[EMAIL PROTECTED]> said: > In message <[EMAIL PROTECTED]>, Stig Sandbeck Mathisen writes: >> * Read access to where you store your VCL files > No, the vcl files are read by the master process which does not drop > priviledge. >> * Execute a C compiler > Same. >> * Write access to its cache directory, to store the compiled >> configuration > Same. In other words, I mixed up the parent and child process regarding configuration file handling and compiling. :/ -- Stig Sandbeck Mathisen, Linpro Any sufficiently advanced incompetence is indistinguishable from malice. ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Unprivileged user?
On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <[EMAIL PROTECTED]> said: > In Varnish, does the less-privileged user need access to anything? After it has dropped root privileges, it needs at least: * Open new network connections (no problem unless you use MAC or a uid-matching firewall) * Read access to where you store your VCL files * Execute a C compiler * Write access to its cache directory, to store the compiled configuration * Write core dumps ...possibly more. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: No subject
On Wed, 09 Apr 2008 09:09:36 +, "Poul-Henning Kamp" <[EMAIL PROTECTED]> said: > Hmm, not presently I'm afraid. If possible, you could add this header on the backends. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: cache empties itself?
On Fri, 4 Apr 2008 09:01:57 +0200, Sascha Ottolski <[EMAIL PROTECTED]> said: > I definetely did nothing like this, I've observed restarts "out of > the blue". I'm no giving the trunk a try, hopefully there's an > improvement to that matter. If the varnish caching process dies for some reason, the parent varnish process will start a new one to keep the service running. This new one will not re-use the cache of the previous. With all that said, the varnish caching process should not die in this way, that is undesirable behaviour. If you'd like to help debugging this issue, take a look at http://varnish.projects.linpro.no/wiki/DebuggingVarnish Note that if you run a released version, your issue may have beeen fixed already in a later release, the related branch, or in trunk, > what I did once in a while is to vcl.load, vcl.use. will this force > a restart of the child, thus flushing the cache? No. The reason Varnish has vcl.load and vcl.use is to make sure you don't have to restart anything, thus losing your cached data. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: production ready devel snapshot?
On Mon, 31 Mar 2008 22:36:05 -0700, "Michael S. Fischer" <[EMAIL PROTECTED]> said: > If it's so stable, why not cut a release? The nice thing about > releases is that they're easy to revert to when analyzing bug > reports. I think I'd like to see a 1.2 release done before a trunk snapshot release. The amount of work done to actually do a proper release is often underestimated... As for trunk, you should be able to checkout a specific revision. You only need to know which revisions are known not to work if they contain undocumented and undesirable random features. Then you could refer to "revision^Wrelease 2617 of varnish trunk". :) -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: production ready devel snapshot?
On Mon, 31 Mar 2008 20:10:06 +0200, Sascha Ottolski <[EMAIL PROTECTED]> said: > is there anything like a snapshot release that is worth giving it a > try, especially if my configuration will hopefully stay simple for a > while? You could try using trunk. It seems fairly stable. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish vs. X-JSON header
On Fri, 28 Mar 2008 08:15:59 +0100, Florian Engelhardt <[EMAIL PROTECTED]> said: Received from backend. >15 RxHeader b X-JSON: foobar Varnish object contains the header. >14 ObjHeaderc X-JSON: foobar Sent to client. >14 TxHeader c X-JSON: foobar Lost on the way :P > Hehe, problem solved. It looks like our admin configured our > firewall a little bit to restrictive. The header is in the > response, but it gets filtered out firewall. Good thing you have logs to see what happened. What kind of firewall is it, and what is it trying to do with your HTTP requests? Remove all headers it does not recognize? I remember the Cisco PIX doing something like that with SMTP, it rewrote all non-SMTP commands, including ESMTP, to " ", and rewrote them back to the original command when the server responded with ": Command not implemented". It was kind of surprising the first time... > One thing left: The "Transfer-Encoding" is still missing in the > response. "Transfer-Encoding: chunked" is set by the backend, but when the object is sent from Varnish to the client, it's not present. I'm not sure if it is still relevant for the varnish->client connection. Does the absense of the header create problems? -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Authenticate or Authorization?
On Fri, 28 Mar 2008 08:50:41 +0800, Cherife Li <[EMAIL PROTECTED]> said: > I'm also wondering that whether this http.Authenticate means > Proxy-Authenticate , Proxy-Authorization, and WWW-Authenticate > headers defined in RFC 2616. req.http.Authenticate would refer to a single request http header called "Authenticate:". It is not a substring match. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Authenticate or Authorization?
On Thu, 27 Mar 2008 15:47:00 -0700, Ricardo Newbery <[EMAIL PROTECTED]> said: > What issues an Authenticate header? Was this supposed to be > Authorization? Maybe, not sure. However, in order to check for HTTP authenticated connections, the headers look something like: GET / HTTP/1.1 Host: http://login.example.com Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= ...so you'll probably need to change that to match for "Authorization" instead, to not cache these documents. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish vs. X-JSON header
On Thu, 27 Mar 2008 15:55:09 +0100, Florian Engelhardt <[EMAIL PROTECTED]> said: > Why is this X-JSON header missing when requested via varnish? It would help if you include output from varnishlog which shows both the client and the backend communication from one request. That'll provide sufficient detail of all request and response headers transferred between the backend, varnish, and the client during that transaction. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: vcl-mode for emacs
Dag-Erling Smørgrav <[EMAIL PROTECTED]> writes: > My only complaint so far is that it considers vcl_* keywords when in > fact they are identifiers (you can define your own subs as well, not > just override the predefined ones) I'll need to match on something like "sub ([[:alpha:]])", and use the capture group to highlight, then. I don't think "identifier" is available as a font-lock-mode colouring, but "function" is. That may be better than "keyword". -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: http purge help
Stig Sandbeck Mathisen <[EMAIL PROTECTED]> writes: > * http://www.example.com/KjempeStortPinnsvin > > PURGE / HTTP/1.1 > Host: www.example.com I'm not at my best after just one cup of coffee, sory. This should be: PURGE /KjempeStortPinnsvin HTTP/1.1 ...of course. Same with the two others. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: http purge help
Charlie Farinella <[EMAIL PROTECTED]> writes: > Perhaps we just misunderstand what should be happening. What > exactly will the command 'PURGE /' remove from the cache? We are > trying to empty it. It will purge the document hashed with the host name in the Host: header. If you send a PURGE, you need to send one request per host name for every hostname that can be used to access that page. If you have several hostnames, you will need to purge for instance: * http://www.example.com/KjempeStortPinnsvin PURGE / HTTP/1.1 Host: www.example.com * http://home.example.com/KjempeStortPinnsvin PURGE / HTTP/1.1 Host: home.example.com * http://example.com/KjempeStortPinnsvin PURGE / HTTP/1.1 Host: home.example.com If you add more items to your hash used to store and lookup items in Varnish, this can soon get out of hand. :D Running "varnishlog" will give you lots and lots of details. See http://varnish.projects.linpro.no/wiki/FAQ#HowcanIdebugtherequestsofasingleclient for how to limit the output to just your client. > We need to have web developers have the ability to clear the Varnish > cache. Currently we are doing it for them by telneting to the > Varnish management interface and running 'url.purge *'. We'd like > to protect them (and us) from that if possible. That's a good thought. :D -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Forward client IP address
Fredrik Nygren <[EMAIL PROTECTED]> writes: > I'm running Varnish 1.1.2 with Apache at the backend. When I follow > Apaches access logs all incoming clients have the same IP-number, > the IP-number of my Varnish server of course. How do I forward the > IP- number of an incoming request from Varnish to Apaches access > logs? Is it possible? I've added a recipe for this to the FAQ, see http://varnish.projects.linpro.no/wiki/FAQ#HowcanIlogtheclientIPaddressonthebackend (nice long url) -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: http purge help
Charlie Farinella <[EMAIL PROTECTED]> writes:
> We have our vcl.conf configured like this:
You need something in your vcl_recv as well, to match against the
purge acl, and force it to "lookup" on an acl match. It would go
nicely inside the "pipe if not GET or HEAD request" from the default
vcl like this:
sub vcl_recv {
# [...]
if (req.request != "GET" && req.request != "HEAD") {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}
set req.http.connection = "close";
pipe;
}
# [...]
}
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
vcl-mode for emacs
I've created a "vcl-mode" for emacs. It does indenting and syntax
highlighting.
If anyone else out there is still using emacs, I'd be very happy if
you could try it out, and see if anyting is surprising, strange or
missing. It should work with both emacs and xemacs, but I have not
tested the latter.
It's available at:
http://varnish.projects.linpro.no/browser/trunk/varnish-tools/emacs/vcl-mode.el
Installation
* Put the file "vcl-mode.el" somewhere in your load-path
("C-h v load-path RET" shows the contents of the load-path variable)
* Add the following line to your emacs init file, often "~/.emacs"
(require 'vcl-mode)
* Evaluate the "require" line with "C-x C-e" at the end of that line,
or start a new emacs.
* Open a file ending in ".vcl". You should have syntaax highlighting
and indentation with tab.
Configuration
-
The mode can be customized with "M-x customize-group RET vcl RET"
* "Vcl Indent Level" indicates the number of spaces used to indent to
the next level. Default 8
* "Vcl Indent Tabs Mode" indicates wether spaces can be replaced by
TAB characters when indenting. Default is "nil", which means no
tabs.
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Help debugging cacheability / ttl information?
"Denis Brækhus" <[EMAIL PROTECTED]> writes: > Well, 1.1.2 is being considered now, but up until 1.1.2 my > impression has been 1.0.4 was the best build with regards to > stability. We have had varnish nodes running for 6-8 months now > without interruption or any problems whatsoever. Until 1.1.2, 1.0.4 was the "stable" stable release. We're now running 1.1.2 in production at Linpro on many server clusters. > List traffic sort of indicated there were always some snags with the > 1.1.x builds, but 1.1.2 seems to be working fine for people I > gather?! That is my impression, yes. However, you may need: set req.http.connection = "close"; in front of "pipe", instead of the defaults. Especially if you do any kind of URL rewriting. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish answering multiple incoming ports
Fredrik Nygren <[EMAIL PROTECTED]> writes: > Better suggestions? Why split the traffic at all, if only to collect it in the same varnish instance? -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Not caching immediately?
"Aaron Pfeifer" <[EMAIL PROTECTED]> writes:
> (1) Upgrade to trunk (I was using 1.1.2)
May not be the best choice for all, I think
> (2) Add "set req.http.connection = "close";" immediately before the
> pipe for a POST
Would this be an appropriate config snippet?
vcl_pipe {
set req.http.connection = "close";
}
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Migration from Squid
"Max Clark" <[EMAIL PROTECTED]> writes:
> Reading through the wiki there are three things that I have not
> figured out how to do / or if it's even possible which I've detailed
> below.
>
> 1. Cache Peer
> - There are two use cases for the cache peer for our sites. The
> first is the proxy only cache peer where the system will check
> another proxy for an object and retrieve that object from cache
> vs. requesting it from the origin server. This has proven to be
> extremely effective at reducing the overall disk footprint of our
> caches while maintaining a low hit rate on the origin server.
>
> The second of course is querying the cache on another proxy,
> fetching and then caching on the local box.
Sibling cache_peers is not a feature in Varnish. These are features
used to increase squid's performance by clustering, and implementing
different methods of retrieving cached data from another cache.
The functionality of parent cache_peers overlap roughly with the
backend declarations of varnish.
You will most likely will see bottlenecs in other places with varnish
than with squid. You can, of course, put varnish in front of varnish,
or load balance between varnish instances if the impact of losing your
cache is too big, and you need to safeguard against this.
The cache_peer functionality of squid is a very nice feature if you
are using squid, but you may design your caching in another way with
varnish.
> 2. Redirect / Rewrite
> - Obviously running a redirector / rewrite application via a perl
> script isn't ideal for performance but has been proven to be an
> amazing resource when migrating CMS platforms or to work around
> "features" of a specific application platform.
As long as you don't execute perl script for every request, you should
in theory have quite good performance with this method of rewriting.
With the released (up to 1.1.2) versions of varnish, it seems you have
to use an external url rewriter. While I have used apache, lighttpd
and nginx for this, there may be other, and better, alternatives
available.
> 3. Header Replace
> - By default Squid enforces cache policy based on headers served
> from the origin system. In some cases we need to then change those
> headers when returning data to the client browser. An example would be
> to modify the cache-control and expires headers to instruct the
> browser not to cache. For a given site we could be setting this as a
> global value, for specific URL patterns / directories, or for file
> extensions.
>
> Does Varnish support this currently? If not is it on the roadmap?
Yes, these examples from the vcl man page shows how to manipulate
headers:
,[ vcl(7) ]
|
| sub vcl_recv {
| # Normalize the Host: header
| if (req.http.host ~ "^(www.)?example.com$") {
| set req.http.host = "www.example.com";
| }
| }
| [...]
| sub vcl_fetch {
| # Don’t cache cookies
| remove obj.http.Set-Cookie;
| }
|
`
You can manipulate headers received from the client (req.http.*), as
well as the request headers sent to the backend (bereq.http.*), object
headers retrieved from cache or backend (obj.http.*) and response
headers (resp.http.*) sent to the client in the same way.
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: hiding varnish headers from requests
MontyRee <[EMAIL PROTECTED]> writes: > Hello, list. > > I have set like below at varnishd 1.1.2 and works well. But like > below just connect to port 80 and quit, we can see all headers. > > Any idea? Your "quit" request, which is not a valid HTTP request, causes Varnish to respond with an error message. This error message contains the response "HTTP/1.0 400 Bad Request", as well as a set of headers describing the format of the error message, and information that can be used to find the cause of the error. Your example shows that you are using telnet to connect to Varnish. The proper way to exit this client is not to type "quit", but rather with the escape character '^]', followed by the command "close", which may also be abbreviated to "c". For more information, see your system's telnet(1) man page. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: varnish as a reverse proxy
"kevin fernandes" <[EMAIL PROTECTED]> writes:
> Hello Per,
>
> Thanks for your reply, i have tried the configuration given on the
> link. However i receive the following error when i start varnish
>
> Expected 'acl', 'sub' or 'backend', found 'backend_round_robin' at
> (/etc/varnish/test.vcl Line 1 Pos 1)
> backend_round_robin rr {
>
> Can you please clarify why the error comes. I tried different ways
> to set it. But no luck. Also attaching the vcl FYR.
Which version of Varnish are you using?
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: The revenge of the return of 1.1.2
Dag-Erling Smørgrav <[EMAIL PROTECTED]> writes: > [...] once Stig merges his changes to the Debian package metadata, That's now done as well. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish and HTTPS
Erik <[EMAIL PROTECTED]> writes: > Thanks for the info but I did just wondered if varnish pass it to > the backend or if it drops the request. I did some tests and it > seems like it passes the request to the backend. > > BTW, what program may I use to have https2http? Isn't https > encrypted? This is already answered in http://varnish.projects.linpro.no/wiki/FAQ -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish and HTTPS
Erik <[EMAIL PROTECTED]> writes: > I know that Varnish doesn't handle https. But what if the request is > in https? Would varnish pass it to the backend or just drop it? It would not be a normal HTTP request, so Varnish would not try to handle it. You could place a https to http gateway between your users and varnish, so varnish can accelerate the http traffic. The pipeline would look like this: Duh Internet - https2http gw - varnish - http server -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: save cache on exit?
Corin Langosch <[EMAIL PROTECTED]> writes: > How can I tell varnish to save the cached data to disk at shutdown? That is not possible. However, you can reconfigure Varnish at runtime, so there should be little reason to shutdown a varnish process once it is in production. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Zope/Plone and Varnish
"Joao Correia" <[EMAIL PROTECTED]> writes: > Im trying vernish out. I compiled it from source, everything nice. > I then used CacheFu to generate the vcl file. Could you post the complete generated vcl file from CacheFu, please? > Im running Varnish in port 80. Do you do rewriting somewhere, or do you map hostname to path in your virtualhostmonster config? > It has some strange behauviour I cannot explain, if enable cache on > authenticated sessions the page screws up badly, seams css doesnt > load and I cant understand why. > > Also sending content using the form (Exfile, or image) doesnt work. Looking at the logs will tell you what varnish does with each request: ## Recieved client requests to varnish varnishlog -r /var/log/varnish/varnish.log -o -c RxURL /IEFixes.css ## Varnish requests sent to backend varnishlog -r /var/log/varnish/varnish.log -o -b TxURL /IEFixes.css -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Browser refresh and varnish
"KKK RRR" <[EMAIL PROTECTED]> writes: > why every time i can't refresh my browser with files from varnish cache ? > > for exapmle: > if i go to www.x.com/abcd.jpg then is ok - varnish shows HIT > but if i refresh it don't work You don't run varnish on that domain, and the document does not exist. ssm ~$ GET -Used http://www.x.com/abcd.jpg GET http://www.x.com/abcd.jpg User-Agent: lwp-request/2.07 404 Not Found Connection: close Date: Thu, 02 Aug 2007 10:23:26 GMT Server: Apache/2.0.52 (Red Hat) Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 Client-Date: Thu, 02 Aug 2007 10:23:26 GMT Client-Peer: 209.85.51.151:80 Client-Response-Num: 1 Title: 404 Not Found Alternatively, you specified a domain of someone else's web site. Please don't. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: refresh varnish cache
[EMAIL PROTECTED] writes: > why every time if i try to refresh files from varnish cache it don't > work. > > I can HIT any file from varnish cache but not refresh ...why ?? What, exactly, do you mean by: * HIT any file from varnish cache * refresh files from varnish cache * "it don't work" What are you trying to do? How are you trying to do it? What do you expect to see? What happens instead? How have you tried to fix the problem? What does the Varnish log tell you? What does the web server log tell you? Take a look at http://www.catb.org/~esr/faqs/smart-questions.html, it might be helpful. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Configuration help
"Steven Ciaburri" <[EMAIL PROTECTED]> writes: > I need a little help building a configuration file that will cache a > site with a simple cookie enabled. See the zope-plone.vcl config which is included, and also available at http://varnish.projects.linpro.no/svn/trunk/varnish-cache/etc/zope-plone.vcl -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish don't want cache
[EMAIL PROTECTED] writes: > I don't know why but varnish dont want cache anything , i allways > get HttpStatus: recive nothink and RxResponse: not found :/ A bit more information would be really helpful. > wtf ? :) vcl! -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Varnish - configuration
Kamil Radziszewski <[EMAIL PROTECTED]> writes: > Allrigth but i don't know how to set the path where the files should be > cachedi don't know if the default configuration is correct for me ... That's in the man page of "varnishd". -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Q: multiple backends
"Poul-Henning Kamp" <[EMAIL PROTECTED]> writes: > Yes, this is indeed on our plans, I keep trying to get somebody to > tell me how it should work, but with very little luck :-) > > Just saying "fault-tolerance" or "load-balancing" isn't saying much > you see, we need to formulate strategies and algorithms... Common load-balancing strategies are: * Round robin. (easy to implement) * Weighted, i.e. this host can handle twice as much as that host. (twice as much what? Bytes? Requests?) Some black boxes can do a TCP connect or a HTTP GET to the backend to fetch a number representing load from the web server, used to weigh backends. * Weighted based on measured response time from backend. (Send requests to the fastest responding node, one should perhaps base this on 2xx responses only) * Hash on client IP, Host: header, substring of session cookie, url, or phase of the moon to select backend. Some application servers generate session cookies where the first n bytes represent the ID of a backend server. What to do with requests that are waiting for a failing backend? * Return a 5xx message * Try again on another backend? (Could have undesirable results, and not be possible for all request types. For instance, it's hard to replay a piped request) How often should one retry a failed backend? > Never attribute to malice what can adequately be explained by incompetence. Any sufficiently advanced incompetence is indistinguishable from malice. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: varnish and Nginx
Dingo <[EMAIL PROTECTED]> writes: > So its feasible to run Nginx as the server/load balancer and varnish > as the front end cache giving potentially a decent high speed/high > capacity design. Yes, those two will complement eachother. -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: More logging questions - hostname again
Dag-Erling Smørgrav <[EMAIL PROTECTED]> writes: > I intend to eventually modify varnishncsa to understand Apache > CustomLog format strings Now, that's really high on the nice-to-have list. :D -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: log files
Gaute Amundsen <[EMAIL PROTECTED]> writes: > Did you ever get around to writing that init script? If not, how > would you recommend going about it? > > Adding it to /etc/init.d/varnish, or perhaps a separate initscript? > > This would be the bare necessities I guess? > > /usr/bin/nohup \ > /usr/bin/varnishncsa -c -a -w /var/log/httpd/varnish_combined-access_log & One separate init script (for Debian) is available at http://varnish.projects.linpro.no/browser/trunk/varnish-cache/debian/varnish.varnishlog.init -- Stig Sandbeck Mathisen, Linpro ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: Moving a redirect from backend to varnish
Kenneth Rørvik <[EMAIL PROTECTED]> writes:
> Kenneth Rørvik wrote:
>
>> Now, provided I get the right test in place - the next question is
>> how to handle the redirect itself. You could either send the request
>> on to
>
> Looks like the test is OK now. Next problem: piping to the server now
> makes it impossible for the server to distinguish clients (since they
> all come from varnish), so the next Q is:
>
> How can I have varnish itself send a http 301 or 307 to the client
> with the correct URL? Cannot find this documented, or on google for
> that matter.
Varnish adds (or modifies an existing?) X-Forwarded-For header,
containing a path of IP addresses of the client and additional
proxies.
You should be able to use the server-variable %{HTTP_FORWARDED}, or
perhaps %{HTTP_X_FORWARDED_FROM}, for matching the client address with
RewriteCond.
Note that it is possible for the user to add information to this
header when sending a request.
--
Stig Sandbeck Mathisen, Linpro
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
