Hacker News new | past | comments | ask | show | jobs | submit login
Varnish 4.0 Released (varnish-cache.org)
136 points by nwjsmith on April 10, 2014 | hide | past | favorite | 41 comments



A bit off topic, but Varnish seems to have a valid point about using Varnish and SSL.

https://www.varnish-cache.org/docs/trunk/phk/ssl.html

"There is no other way we can guarantee that secret krypto-bits do not leak anywhere they should not, than by fencing in the code that deals with them in a child process, so the bulk of varnish never gets anywhere near the certificates, not even during a core-dump."

I came across this when looking for https support few weeks ago.


Indeed.

Via one of PHK's latest tweets:

https://twitter.com/bsdphk/status/453623583256760321

You can see (video) another of his comments regarding OpenSSL from his KeyNote at FOSDEM: http://ftp.belnet.be/FOSDEM/2014/Janson/Sunday/NSA_operation...


Don't forget the Varnish 4.0 Release Party on April 29th - http://v4party.varnish-cache.org #v4rp


Can anyone who actually understands what the upgrade document states do a how to or a straight modification of a popular vcl, so people who don't have as much experience and pretty much just use these default vcl files?

Here's one that I and a few of my friends use routinely:

https://github.com/ewanleith/Wordpress-Server-Configuration-...

Like where do I start if I want to use this thing with 4.0?

vcl_fetch needs to be renamed, will this work if I just rename it and add vcl version to the top?


You need to read the documentation on this and understand it:

https://www.varnish-cache.org/docs/4.0/whats-new/index.html

Otherwise you should just be using a popular file from around the web. Take a look at the Varnish Utilities Directory:

https://www.varnish-cache.org/utilities

There you can find two of the best resources for ready to go VCL (for now Varnish 3 only):

https://github.com/slashsBin/nuCache

https://github.com/mattiasgeniar/varnish-3.0-configuration-t...

I am sure that if you ask nicely, the project members of these efforts might just give you a hand and upgrade to VCL 4.0 syntax a usable Wordpress template. Be willing to test and contribute back with whatever you can though.


Or if I currently don't have the time to do this, I have to either stop using varnish completely or not upgrade.

I get the whole needing to drop backwards compatibility thing, but without an idiot-proof way of upgrading, you're sentencing users like me, who use Varnish as a sprinkle of magic on the server.

Some examples of before/after of actual vcl files are a must in my opinion.


I'm late to this party, but the answer for you is to just not upgrade to Varnish 4.0 yet. Keep using 3.0.5, which is still available and still stable.

The "standard" VCL files for popular apps like Wordpress and Drupal will be updated eventually for Varnish 4.0 by the people who maintain them--which are typically not Varnish staff/volunteers, but people who work with those applications specifically.

When services like Varnish go through major upgrades like this, it is normal for there to be a lag between the main release, and the general availability of updated "recipes" or plugins.


We are aware that there will be some head-scratching, that's why this is a 4.0 release rather than 3.1 or 3.5.

The two big changes which will affect the VCL you link are:

Purge is now treated as a special kind of transaction, which should make life easier for everybody using it.

And the client/backend split.

vcl_fetch{} in general becomes vcl_backend_response{} whereas the stuff usually done in both vcl_pass{} and vcl_miss{} becomes vcl_backend_fetch{}

Hope this helps.

PS: And yes, I wrote Varnish, and I'm very interested in any bugs, problems, or just plain stupidities you may find.


First of all, kudos, Varnish is an amazing piece of kit and hat's off to you sir.

However, I've been where you are and know how you feel, what you've said makes perfect logical sense to you, in your mind these are clear instructions on what should be done, but they still mean very little to someone who's completely new to this (even though they've been using Varnish for a good while now).

I'm a WordPress dev (I know, but it pays the bills), but I have been put between a rock and a hard place, so now I'm also responsible for setting up DO droplets for standalone websites. The reason I use Varnish is simplicity: apt-get install, wget on a WordPress vcl file, change a port and we're saving ram and can serve to 6x-10x concurrent users than before on straight nginx.

Thing is, I'm not alone in this use case, I know several people, who adore the magic and ease of use of Varnish. None of us know the insides, but we're can copy-paste and change a few things.

We respect and understand the need for dropping backwards compatibility, but all believe that the upgrade docs desperately need some examples.

I know it's the language of the devil, but the docs and the examples are definitely very usable to complete newbies: http://php.net/manual/en/function.date.php

Your docs are great for someone who has the time to read them all and learn all about Varnish, like a book, but (with no disrespect) borderline useless to someone who's got deadlines and a ton of work and simply has no time to learn this system that he's been relying on for a while.


Thanks for your honesty! We are really interested in understanding how-to create better documentation for users like you. Bear with us :-)

Maybe an updated version of the book (and its examples) [1] would help? Or do you have some other concrete examples

[1] https://www.varnish-software.com/static/book/


So I've scanned (not read, ain't nobody got time for that) everything inside of the link you gave and while very interesting and comprehensive, if I was a sysadmin on a salary, I'd sink a few days into this and become really good at it, but I'm booked up, so I just need this up and running, so again, it's useless.

It comes down to your resources: do you have the man power to create several default vcl files that people can "just use": like a vcl for a RoR app, vcl for a WordPress site, vcl for a Symfony app etc (depending on actual usage/popularity)...

I started using varnish because of this tutorial: http://ewan.im/900/10-million-hits-a-day-with-wordpress-usin...

I know it's a catchy and grabby title and sort of BS if you think about it, but it just works.

It took me an hour to get a DO dropplet running and blitz.io reported numbers that made me happy ($10 DO dropplet, large WP site, 27k+ requests per minute), that's enough for us.

I've got a few other ideas, but I think that if your company does something similar, you'll be able to get a much wider appeal and engage with users a lot more, which is great PR and marketing for your paid service.


I don't know much about caching.

Does this work when serving dynamic content? I mean in a situation where your user absolutely need to see an up-to-date version of your data.


Typically you serve up that content separately from the static content. We use it where it doesn't cache for logged in users but is on a rolling cache otherwise. Page updates invalidate the cache immediately as well.

On a dynamic site with user content, you're going to be using some sort of object caching depending on your framework and language of choice, Varnish is great for news sites and things of that nature though.


You can also cache some content on a page, even for logged-in users, and add in the dynamic parts using ESI. For example an ecommerce site could have a category page cached, and have one section at the top that says "Hello, John Doe" generated dynamically and added in using ESI.

https://www.varnish-cache.org/trac/wiki/ESIfeatures


Or pull the dynamic parts in via ajax - I find that works quite well.


I'm not disagreeing.. but lots of people either dislike relying on JS, or would prefer to have the initial page load be a complete page.

If your AJAX is pulling down HTML fragments rather than JSON, then Varnish's ESI gives you the best of both worlds, allowing varnish the gather and assemble the initial page from the same endpoints your JS would hit.


Varnish is extremely configurable regarding that. Not only can you cache certain paths and leave others dynamic, but you can actually cache pages while leaving certain HTML elements on the page dynamic. E.g., let's say you have a mostly static page, but with the username on top ("you are logged in as brunoqc"). You can tell Varnish to cache the page and leave the HTML element containing the username dynamic.


No. This makes dynamic content static, by definition. However, you can exempt certain content from cache, exempt certain people from cache, exempt certain pieces of certain content from cache, or any combination. You can also invalidate cache when content changes (if you're able to do this absolutely, this is effectively dynamic), or set low TTLs to not have new content roll in on a certain time basis.


"Full support for streaming objects through from the backend on a cache miss. Bytes will be sent to 1..n requesting clients as they come in from the backend server." is an awesome feature in and of itself. thank you varnish team, this looks like a great release.


Watching that what-is-varnish video, I was surprised that this seems to be a Norwegian company. The narrator had an American (New England?) accent, not a naive/jovial Norwegian accent.


That is correct. We wrote the script and had a native English speaker reading it for us ;-)

Even if we have some colleagues who are from New England, we are a pretty multi-cultural Norwegian headquartered company as you can see in our site: https://www.varnish-software.com/about-us

Try the "What's coming in Varnish 4.0?" Hangout on Air video for a change: https://www.youtube.com/watch?feature=player_detailpage&v=St...

You will then heard our amazing mix of accents :-)


> Much of the VCL syntax has changed in Varnish 4.

Bullet, meet foot.


It's not a point release, such compatibility-breaking changes should be expected.


The semantics are completely different which has to be reflected in the VCL. I think keeping compatibility at the cost of sanity is pretty dangerous and disregarding compatibility has been one of the success factors for the Linux kernel.


> disregarding compatibility has been one of the success factors for the Linux kernel

It's actually the other way around. Linus Torvalds dixit[1]:

"One of the core kernel rules has always been that we never ever break any external interfaces. That rule has been there since day one, although it's gotten much more explicit only in the last few years. The fact that we break internal interfaces that are not visible to userland is totally irrelevant, and a total red herring."

[1]. https://plus.google.com/115250422803614415116/posts/hMT5kW8L... - second comment


Valid point and I clearly was under the misconception that Linux didn't care that much about the external interfaces.

However, VCL is more akin the the kernel modules, relying on the internal APIs which are much less stable. When the semantics on how Varnish operates (with 4.0, the backend threads are completely new) and so the VCL language _needs_ to change in order to reflect this.

The external API, made available through HTTP hasn't changed much.


Backwards compatibility is vastly overrated, especially when the changes are as modest as the ones that I can see for Varnish 4. Sweep away the cruft. Make things better.


How many development hours have been wasted because of Python 3, Perl 6, Lua 5.2, any new Django version, Ruby 1.9, Rails 4, jQuery 1.9, Bootstrap 3, etc. ?

Backwards compatibility is as simple as not wasting everybody's time. It should be high on the priority list, right under security and above performance. I like Linus' stance on the issue and I'm sure every developer dealing with syscalls appreciates it as well.


How much development time has been saved and codebase quality increased by making backwards-incompatible changes that improve things drastically? It's a balance, of course – I'm not suggesting old interfaces should be thrown under a bus at the earliest opportunity. But the super-conservative opposite does nothing for progress and ends up with excess technical debt. Varnish 4.0 is a major version release. 3.x still works and will be used by a lot of people for a long time. I really don't see the issue, certainly in this case.


Most of the changes seem to comes from a reorganization of the code, I think they were necessary.


For most users it is a 5-10 minute job, no sweat.


The biggest impact of these sorts of changes are future users who are trying to get their first configuration going, following various web tutorials. Many of those tutorials are now misleading, but via the nature of accumulated web content it won't be changed any time soon.

Varnish is a nice project, but the lack of SSL significantly restricts its usefulness, especially in the "SSL everywhere" era. I've simply resorted to using nginx' proxy pass as the cache/load balancer.


The Varnish authors have specifically stated they didn't want to introduce SSL into their process because of the added attack surface that adds. [0]

If you want SSL for Varnish, use something like Pound [1], stunnel [2], or HAProxy [3] to do the SSL termination and pass it off to Varnish...

I'm partial to Pound because it is lightweight and doesn't try to do any caching, it simply terminates the SSL and passes the request on.

[0] https://www.varnish-cache.org/docs/trunk/phk/ssl.html

[1] http://www.apsis.ch/pound

[2] https://www.stunnel.org/index.html

[3] http://haproxy.1wt.eu


Re: HAProxy

from http://haproxy.1wt.eu : Update [2012/09/11] : native SSL support was implemented in 1.5-dev12. The points above about CPU usage are still valid though.

Wow, I've been out of the loop for a while then. Last time I used HAProxy I was using stud (https://github.com/bumptech/stud) to terminate.


Well, SSL is there, but it is still under development and has yet to hit a stable HAProxy release.


Stunnel has been around doing this job for quite some time as well


It's not either or.

We see lots of our users and customers adopt nginx for SSL termination and as their webserver, but still use Varnish for HTTP caching and/or routing.

The power and flexibility that VCL offers is pretty much unmatched. Specially with the ability to extend the language through Varnish Modules (VMODs). You can see the VMOD directory on our site: https://www.varnish-cache.org/vmods.

Even better, in Varnish 4.0 all Directors are VMODS and they can be nested, basically allowing for dynamic backends and all kind of Layer 7 load balancing you can dream of.


A lot of the technical tutorials (that also get posted here) are frankly, absolutely terrible.

Tutorials that do not state the required levels of expertise?

Tutorials without version numbers of the components that are described in it?

Tutorials for absolute beginners that feature commands like

  echo 'something' | sudo ...
without explaining them?

Tutorials about using debian-installer without explaining whether locale=en_US will set the system locale during installation to en_US.UTF8 or simply en_US?

In the same vein, tutorials about the installation of Postgres that do not mention that your system locale will impact the encoding / locale of your databases?

Check, check, check, check and check.

Something like RapGenius for technical tutorials might be useful here.



Ok, 5-10 min reading it.

5 min writing vcl3to4.pl and 5 min testing it.

5-10 min playing with the new varnishstat.

In total a 30 min job.

;-)


See, it did not take that long:

https://github.com/fgsch/varnish3to4




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: