Category: Webserver

Since version 2.1 varnish support, at least partially, the ESI protocol. ESI is very useful to improve the cache hit ratio because it allow the splitting of uncachable dynamic pages into an ‘heavy’ static page and one or several ‘light’ dynamic page bloc.

Enable ESI support

For Varnish 2.x add into the vcl_recv:

esi;

For Varnish 3.x the syntax is:

set beresp.do_esi = true;

Testing ESI

To test ESI support, you need to create two files. The first will be a simple HTML ‘template’ file. We will call it frontpage.html:

<html>
<head>
<title>ESI Test Page</title>
</head>
<body>
<p><esi:include src="/backpage.php"/></p>
</body>
</html>

Next we need a file to generate the ‘dynamic’ content. A very simple PHP script like this we be enough:

<?php
echo "ESI is correctly interpreted";
?>

If ESI support is correctly enabled, calling the first page will result into calling the second file as well, displaying the proper “ESI is correctly interpreted” string.

Purge all content

For Varnish 2.x:

varnishadm -S /etc/varnish/secret -T :6082 'purge.url .*'

For Varnish 3.x:

varnishadm -S /etc/varnish/secret -T :6082 'ban.url .'

Purge objects from a specific URL

For Varnish 2.x:

varnishadm -S /etc/varnish/secret -T :6082 'purge.url /foobar'

For Varnish 3.x:

varnishadm -S /etc/varnish/secret -T :6082 'ban.url == /foobar'

Note that ban accepts regex pattern. By modifying the expression you can create more specific bans. For example, to purge for all CSS files only for a specific domain:

varnishadm -S /etc/varnish/secret -T :6082 'ban req.http.host ~ www.mydomain.com && req.url ~ .css'

Further Reading and sources

• https://varnish-cache.org/docs/2.1/tutorial/purging.html
• https://www.varnish-cache.org/docs/3.0/tutorial/purging.html

Dry-run compiling

The first step to debug your varnish configuration is to simply ‘dry-run’ compiling it:

varnishd -Cf /etc/varnish/myconf.vcl

The output of this command will either be a successfully-compiled VCL or an error message telling you on what line the error occurs. Most of the time that enough to fix syntax error.

Add message into syslog

Since branch 3.X varnish can load and use additional module. One of the most useful is the std module. You can use it to add “trace” message into the syslog:

import std;

vcl_recv {
  ...
  std.syslog(0, "Cookie content: " + req.http.Cookie);
}

Use varnishlog

varnishlog is a command line utility that display all varnishd ‘internal’ activities: request handling, request processing, backend checks/request, hash information, objects caching/retrieving, etc… As you can imagine, the output is extremely verbose and kind of frightening. But you can add parameters, to filter it.

For example, to display only hashes:

varnishlog -c -i Hash

To display only ‘User-Agent’ strings:

varnishlog -c -i RxHeader -I User-Agent

To display only POST requests:

varnishlog -c -m RxRequest:POST

To display only request with a 404 response:

varnishlog -c -m TxStatus:404

To filter requests for a specific URL:

varnishlog -c -m RxURL:"/foo/bar.php"

To filter URLs asked to the backend:

varnishlog -b -i TxURL

To filter for a particular IP:

varnishlog -c -o ReqStart 192.168.1.16

Monitoring activities with varnishtop

Another interesting command line tool is varnishtop. Like varnishlog it reads varnishd shared memory logs but instead of displaying current entries, it presents a continuously updated list of the most commonly occurring entries. Like varnishlog you can add additional parameters to filter it output.

Let’s say you have a website with two version, one intended for ‘desktop’ browser the other for ‘mobile’ device. Both use the same domain name. How can you get two separate caches ?

The wrong answer

Add the value of the User-Agent field into your vcl_hash function. That simple enough, right ? Wrong ! Very wrong. The User-Agent field is a total mess and it has so many possible values that this setting will make Varnish completely useless. Never do that !

The good answer

To ensure two separate cache you must add into the vcl_hash an header with only two possible value: one for all the ‘desktop’ User-Agent, the other for all the ‘mobile’ ones. That means add a custom header which value will depend on a whole bunch of regex, parsing and sanitizing the horrendous User-Agent value.

Fortunately for you, this annoying task has already been done. You can find a VCL for this specific task here. Import it into your main varnish configuration file and then adjust your vcl_hash for non-static content like this:

sub vcl_hash {
  if (req.url !~ "(?i)\.png|gif|jpeg|jpg|ico|gz|tgz|bz2|tbz|mp3|ogg|zip|rar|otf|ttf|eot|woff|svg|pdf)$") {
     hash_data(req.http.X-UA-Device);
  }
}

The HTTP specification (RFC2616 for HTTP/1.1) doesn’t define a maximum header size.
However, in practice, all servers have limits, for header numbers and header field size:

Apache 2.x: 8K
Nginx: 8K
IIS: 8K-16K (depending version)

If a request line exceed the limit a 414 Request-URI Too Large error is returned. If a request header field exceed the limit a 400 Bad Request error is returned. In order to be sure that a request will be proceed by all HTTP server, it’s better to limit the request size to not exceed 8190 Bytes (and yes that include cookie data).

If you can’t do that, the only remaining solution is to increase the limits values. For apache you can play with the LimitRequestFieldSize and LimitRequestLine parameters. For nginx take a look at the large_client_header_buffers parameter.

Keep in mind that increasing theses values to much will seriously degrade performance.