Since the software is not getting better, Varnish it:

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

- Careful Chrome users, this search box might be "Not secure"

Just a spot to remember Varnish tidbits.

See what is happening for requests (right now) via varnish:
varnishtop -i rxurl

or for everything in ncsa / apache log format:


If you want counts of who from where (assuming proxy setup):

varnishtop -i TxHeader -I '^X-Forwarded-For:'

Or if you want response time histogram:

Reload the vcl (and not the cache):
service varnish reload

Remember to put the shared memory file on tmpfs:
echo "tmpfs /var/lib/varnish tmpfs nosuid,noatime,nodiratime,size=150M 0 0" >> /etc/fstab'

Default is 80 MB, don't think there is overhead, but keeping it at 150MB should be good for now if we can afford it.

varnishadmin for tuning on the fly. Save to the vcl to make it stick.

To verify Varnish is good to go, make sure to monitor uptime.
Varnish will syslog when the child dies, but the uptime parameter via a local check for Nagios (or your monitoring too of choice) is a better bet.
Since uptime is an up counter, you will need to think about the thresholds for critical and warning.

Logging the x-forwarded-for header
Will Jackson has a great article here:
And as always, in case that link or site goes away, here are the tidbits:
Add the x-forwarded-for block to the varnish config vcl:
    if (req.http.x-forwarded-for) {
        set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
    } else {
        set req.http.X-Forwarded-For = client.ip;

Create a new custom log type:

echo 'LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" varnishcombined' > /etc/apache2/conf.d/varnish-log

Change the CustomLog line in the sites you want to see the forwarded ip header from varnish to be the new varnishcombined log format.

Get the current running varnish config:
varnishadm vcl.list
(list of configs).... blah
varnishadm "blah"