Varnish : Advanced and high-performance HTTP caching

Varnish 4.0

Advanced and high-performance HTTP caching

1

La 1ère école 100 % dédiée à l'open source

Open Source School est fondée à l'initiative de Smile, leader de l'intégration et de l'infogérance open source, et de l'EPSI,établissement privé pionnier de l’enseignement supérieur en informatique.

Dans le cadre du Programme d’Investissements d’Avenir (PIA), le gouvernement français a décidé de soutenir la création de cette école en lui attribuant une première aide de 1,4M€ et confirme sa volonté de soutenir la filière du Logiciel Libre actuellement en plein développement.

Avec une croissance annuelle de plus de 10%, et 4 000 postes vacants chaque année dans le secteur du Logiciel Libre, OSS entend répondre à la pénurie de compétences du secteur en mobilisant l’ensemble de l’écosystème et en proposant la plus vaste offre en matière de formation aux technologies open source tant en formation initiale qu'en formation continue.

2

Les formations du plein emploi !

Formation Continue

Open Source School "Executive Education" est un organisme de formation agréé qui propose un catalogue de plus de 200 formations professionnelles et différents dispositifs de reconversion permettant le retour à l’emploi (POE) ou une meilleure employabilité pour de nombreux professionnels de l’informatique.

Pour vos demandes : [email protected]

Formation Initiale

100% logiciels libres et 100% alternance, le cursus Open Source School s’appuie sur le référentiel des blocs de compétences de l’EPSI.Il est sanctionné par un titre de niveau I RNCP, Bac+5. Le programme est proposé dans 6 campus à Bordeaux, Lille, Lyon, Montpellier, Nantes, Paris.

mailto:[email protected]

3

Nos domaines de formations

Reverse proxies Varnish overview VCL CLI tools

Plan

1 Reverse proxies

2 Varnish overview

3 VCL

4 CLI tools

www.opensourceschool.fr – Licence Creative Commons (CC BY-SA 3.0 FR) – 2/36


Reverse proxies



What is a reverse proxy?





Proxies: forward, reverse

Cache headers can increase performance when used by browser

mainly on the loading time (from the second page)

But the cache is multiplied on the users browser

Small impact on the server loadSolution : reverse proxyHTTP server and HTTP client at the same timeNo effect if no cache headers

Difference Proxy / Reverse proxy

Proxy : on the user sideReverse proxy : on the server side




Architecture

A reverse proxy is used to lower the load on the web server, not todecrease bandwidth




HTTP protocol

(RFC7234)

The Cache-Control header is used to control caching

max-age: How long to keep the object in the caches-max-age: How long to keep the object in a shared cache(reverse proxy)must-revalidate: After the max age has been reached,revalidate the objectno-cache: Do not reuse the cache without validation(If-Modified-Since or If-None-Match)no-store: Do not store the object into the cachestale-while-revalidate : serve old versions of the objetsfor this amount of time while it’s being refreshed

Expires: not necessary, choose between TTL and date




Benefits of using a reverse proxy

Performance !

Cache shared by all clients: far more efficient, decrease theload on the serverDecrease the processing latency

Multiple architecture possible

Load balancing with reverse proxy

Apache + mod php specificity

PHP embedded in all Apache processesCan consume a lot of resourcesStatic files in the reverse proxy cache = important gain




Drawbacks

The cache is shared by all users:

In case of page custom per user (ex: account page)

Cache will break the applicationRule of caching: never cache something that is only seen byone user

Hybrid page: mix between user-specific content and commoncontent

Separate per-user and public blocksAJAX loading for user-specific partCut the page in fragments and use ESI




Drawbacks

Complexity :

Additional level of cache (application, browser)

Hybrid configurations (Varnish)

Config split between application and caching serverNeed good understanding of both HTTP protocol and Varnishconfiguration language



Varnish overview



What is Varnish?

What is Varnish?



What is Varnish?

What is Varnish

High performance HTTP Cache

First release in 2006

Lead dev : Poul-Henning Kamp(opinionated FreeBSD kernel developer)

BSD license



What is Varnish?

Varnish : performance

“Just” a reverse proxy

No SSL 1

But load balancing is supported

Very deep work on the performance side

Optimization on the system calls when processing a requestAbsence of performance-damaging features

Grace time

when a resource is expired on the cache server, Varnish cansend the expired resource while getting the new resource onthe web serveravoid impact on the user when a new page is generated

Several thousands request per second without problem

1use HAproxy/nginxwww.opensourceschool.fr – Licence Creative Commons (CC BY-SA 3.0 FR) – 14/36


What is Varnish?

Configuration

Two files :

Daemon settings (ports, config file, memory limits)

/etc/defaults/varnish

/etc/sysconfig/varnish

Configuration

/etc/varnish/default.vcl

copy it and change the daemon config to myproject.vcl

Can be reloaded on the flyImplement subroutines to change the Varnish behaviour



What is Varnish?

Version History

Do not use :

2006 : Varnish 1.0

2008 : Varnish 2.0

Current versions :

2011 : Varnish 3.0VMODs, Transparent gzip compression. Lots of VCL changessince 2.1

2014 : Varnish 4.0Backend/frontend separation. Lots of VCL changes since 3.0

Different major versions of Varnish usually have completelyincompatible configurations. Varnish 2 is still used on someprojects !



VCL



VCL configuration

VCL configuration



VCL configuration

VCL Configuration

VCL is a simplified programming language

Looks like a blend of perl and C

C code can be included, don’t do it

Two parts

Backend declaration : address, ports, timeout, load balancingSubroutines

Called at a specific point in Varnish processingVery flexibleCan return a label (change workflow)Can alter objects (request, response. . . )



VCL configuration

Main subroutinesWe usually focus on three subroutines:

vcl recv: beginning of request processing, can decide to lookup the object in the cache or skip the cache entirely, makealterations to the request, or do access controlvcl backend response: after getting the response for thebackend, can decide to store the object in the cache orremember not to look up the cache for this object, can changeTTLs or alter the object we are about to store in the cachevcl deliver: just before sending the response to the client,whether or not the cache was used, for any last-minutemodifications, including diagnostics or cleanup

Sometimes, we use vcl hash to manipulate the cache key(examples later). But it’s usually better to use a Vary header.There are a few other seldom used subroutines : vcl hit,vcl pass, etc



VCL configuration

Varnish workflow example

In this example, we areasking for a cacheableobject



VCL configuration


In this example, theservers tells us about anon-cacheable object



VCL configuration


In this example, we skipthe cache altogether forcertain URLs



VCL configuration

Configuration approach

Approach 1 : recommended

The application decides how long each page has to be cachedHTTP headersStandards-compliant, minimal changes to the Varnish config

Approach 2 : Magento

Application assumes every page can NOT be cachedForce Varnish to cache some of themForce Varnish to skip the cache for othersYou need to know the URL plan of your application



VCL crash course

VCL crash course



VCL crash course

Returning

Returning is how you you change the workflow. If you do notreturn, the default subroutine will be executed after your own.

everywhere

error code [msg]

vcl recv

pass : disable the cache for this request, but not other type ofprocessing. When using Keepalive, further requests will gothrough vcl recv againpipe : disable varnish for the whole connection, including anyfurther requestshash : look inside the cache for this objectpurge : purge the current URL from the cache 2

2usually when using a custom HTTP method such as PURGEwww.opensourceschool.fr – Licence Creative Commons (CC BY-SA 3.0 FR) – 26/36


VCL crash course

Returning

vcl backend response

deliver : continue processing, object will be inserted in thecacheabandon : give up on the backend fetch and yield a 503restart : retry the backend fetch

vcl deliver

deliver : send the request to the clientrestart



VCL crash course

Synthetic pages

Varnish is able to serve HTTP pages without fetching them from abackend.The synth(code, message) value can be returned by almost anyfunctionUpon returning a synth value, the vcl synth subroutine is called.The subroutine may use the synthetic() function to inline aHTML page, or redirect to a themed error page on anotherplatform (to avoid redirection loops).



VCL crash course

Variables

There are many variables, here are the most useful :

req : the request

req.url

req.http.something : HTTP headers

resp : the response that will be sent to the client

resp.status

resp.http.something



VCL crash course

Variables

There are many variables, here are the most useful :

beresp : backend response

beresp.status : HTTP status codeberesp.ttl : TTL infered from Cache-Control headersberesp.uncacheable : Set this to trigger a pass next timethe object is requested

obj : the object from the cache

obj.ttl

obj.http.something

obj.hits : how many time the object has been used



VCL crash course

Variable scope

Not all variables are available or useful everywhere :

req is mostly accessed in vcl recv

beresp is mostly used in vcl backend response

obj and resp are mostly used in vcl deliver



VCL crash course

Setting variables

Changing an existing variable is simple

set beresp.ttl = 600s;

The best way to create a custom variable is to set a HTTP headerin the request :

set req.http.myvar = "something";

You can remove a header like this

unset resp.http.Server;



VCL crash course

Tests

You can use regexps or C-like operators

if (req.url ~ "/admin")

if (req.http.User-Agent ~ "MSIE" )

if (beresp.ttl <= 0s)



VCL crash course

That’s all

look at man vcl and the Smile Wiki for the rest



CLI tools



varnishlog

varnishlog is the swiss army knife of Varnish debugging

varnishlog dumps all varnish activity in real time, use it tofollow each step of a request

-c : client side-b : backend side-O : do not group (keep client/backend sequence in order)

Interesting things to watch for

SessionOpen/SessionClose : beginning/end of requestRx : receiving from Varnish POV, can either be from the client(c) or from the backend (b)Tx : transmitting from Varnish POV, can either be to theclient or to the backendVCL call/VCL return : subroutine calls and their results


Technology

Varnish : Advanced and high-performance HTTP caching