Caching efficiency, VCL

Eirik Øverby ltning at anduin.net
Thu Sep 21 13:03:55 CEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sep 21, 2006, at 12:05, Dag-Erling Smørgrav wrote:

> Eirik Øverby <ltning at anduin.net> writes:
>> - Others on this list have asked for VCL documentation.  I seel the
>> same.
>
> I'm working on it.

Good =)

>> - There's also some lack in the documentation of (runtime)
>> parameters listed in the varnishd man page.
>
> 'param.show -l' in the management interface will give you a complete
> list with fairly detailed descriptions.

Ok, my bad. Thanks.

>> - Can I control access to the management interface through VCL?
>
> No.
>
>> - Due to the fact that webserver and varnish are currently running
>> on the same box, I am using a pf ruleset like the following:
>> no rdr on $int_if proto tcp from $my_ip to $my_ip port 80
>> rdr on $int_if proto tcp from any to $my_ip port 80 -> $my_ip port  
>> 8080
>> Is this going to limit my performance in any significant way? Given
>> that I'm running on hardware comparable to what the devs have been
>> testing on, and the site I'm serving sees only a tiny fraction of the
>> traffic, I wouldn't think so.
>
> Can't you make your web server run on port 8080?

Yes I can, however as Marcus stated elsewhere, Varnish does not add a  
X-Origin-something to the request to the back-end, therefore the back- 
end thinks it is in fact the front-end -- and all links etc. are  
generated with :8080. Sure this could be fixed, but my pf approach  
was the faster way right now.

Plus, the pf approach allows me to have a "failover" - if Varnish is  
not running, it will allow the client to connect directly to the back- 
end (with some modifications). This is not interesting in all cases,  
but in ours it is, and gives us some level of freedom to play around  
with Varnish ;)

>> - The cmdline allows me to specify a minimum ttl for objects -- I'm
>> missing a way to specify max ttl. Is this something I could do in
>> VCL, and in that case, why is there an option for the minimum ttl?
>
> This is a documentation error - the option actually controls the
> *default* ttl if none is provided by the backend server.
>
> You can inspect and modify the TTL in VCL; vcl_fetch would be a good
> place to do that...  something like:
>
> sub vcl_fetch {
>     if (obj.ttl > 120s) {
>         set obj.ttl = 120s;
>     }
> }
>
> (not tested, so caveat emptor)

Brilliant.

/Eirik



- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFEnGYDRlfnc8VQWcRAsuFAJ4jUFeh6Pa7ZdIvHNV5aK0ShSK9QACfcJTS
dEQtvYDpmoNtICcJTOeWCzQ=
=WC0t
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFEnGbDRlfnc8VQWcRAiT9AKCcc9ULWUT5WuUr6jYi8ZOARyOdogCdEiJM
wZUWP7OcaADi0ewWHxRLu64=
=uNKB
-----END PGP SIGNATURE-----

More information about the varnish-misc mailing list