Caching with Varnish

1. var∙nish:   A deceptively attractive external appearance; an outward show.  var∙nished, var∙nish∙ing:   To give a smooth and glossy ﬁnish to. 

2. We will talk about...    What is a Reverse Proxy Cache?    Architecture of Varnish    Installation & Basic Conﬁguration    VCL by example    Tools    Varnish & Rails    Misc tips & tricks 

3. ehcaC yxorP esreveR  A P P  R A P P P  C  A P P 

4. What?                                   =     Reverse‐Proxy   ... à la HAProxy, Pound, mod_proxy_balancer etc.    + Cache   ... only proxy to backend if necessary  a.k.a.: „HTTP Accelerator“ (= BS Bingo)  Other „HTTP Accelerators“:  Web Cache 10g BIG‐IP 

5. Users    search.twitter.com    hulu.com    wikia.com    pcwelt.de    creativecommons.org    ... 

6. Architecture: Cache Store  Squid  Varnish  Mem‐Store  Disk‐Store  VMM (OS)  VMM (OS)  RAM  HDD  RAM  HDD  •  one ﬁle per object (pre 2.7)  •  one big ﬁle mapped to VM   •  book keeping (disk vs. memory)  •  VMM often „smarter“  http://varnish.projects.linpro.no/wiki/ArchitectNotes 

7. Architecture: VCL    Varnish Configuration Language    DSL, compiled to C code (srsly!)    allows inline C code  C{ syslog(LOG_INFO, “Just served the 1000000th page. Hooray!"); }C   hooks into a requests lifecycle    Backends, ACLs, LB‐strategies defined here    can be hot‐loaded into a running varnishd    hot‐switching between multiple versions/profiles 

8. Architecture: Logging    Not your daddy‘s log ﬁle    Logs straight to shared memory    Enables all kinds of fancy tools:    varnishtop    varnishstat    varnishhist (= geek pr0n)    Use varnishlog/varnishncsa to generate old school logs 

9. Installation    Debian/Ubuntu:  apt-get –t unstable install varnish   OS X via MacPorts:  sudo port install varnish    From source: ./configure && make && make install Interesting ﬁles:    /etc/default/varnish   /etc/varnish/*.vcl

10. Conﬁguration    Zero conﬁguration in a perfect world  (= all origin servers perfect HTTP citizens, setting correct       cache control headers, conservative use of cookies)    Varnish won't cache anything "private" or carrying a  cookie by default    The real world sucks:    Tracking cookies (Google Analytics)    Session cookies although no data in session    "Cache‐control: private" by default (Rails) *    ...  (* which is a sensible default, btw.) 

11. VCL: Backends & Probes  backend default { .host = "10.0.0.12"; .port = "80"; } backend slow_j2ee_app { .host = "10.0.0.13"; .port = "8080"; .connect_timeout = 1s; .first_byte_timeout = 10s; .between_bytes_timeout = 5s; .probe = { .url = "/check.jsp"; .timeout = 1s; } }

12. VCL: Directors  for simple load‐balancing requirements  director d1 random { .retries = 3; { .backend = "default"; .weight = 10; } { .backend = "other_host"; .weight = 5; } } director d2 round-robin { ... }

13. VCL: ACLs  customize behaviour for diﬀerent clients  acl admins { "localhost"; "10.0.0.0"/24; ! "10.0.0.3"; # intern's laptop } ... if (client.ip ~ admins) { set req.http.x-magic-auth = "1"; } else { unset req.http.x-magic-auth; }

14. VCL: Hooks  Most important:    vcl_recv  Request comes in, decide what to do    vcl_fetch  Fetched obj from backend, allows tweaking    vcl_deliver  Object is about to be delivered to client    vcl_hash  Calculate hash key for lookup, defaults to full URL  Other hooks:   vcl_miss, vcl_hit, vcl_error, vcl_discard,   vcl_timeout, vcl_pipe, vcl_pass  http://varnish.projects.linpro.no/wiki/VCL 

15. VCL: Functions & Variables     regsub(), regsuball(), purge_hash(), purge_url()    own subroutines (not functions) with  sub foo { ... }    include "other.vcl"; to split ﬁles into parts     req.* Request     resp.* Response     bereq.* Backend Request     obj.* requested Object     client.*, server.*    set / unset for variables, remove additionally for headers  http://varnish.projects.linpro.no/wiki/VCL 

16. Example: Choose backend  sub vcl_recv { if (req.host ~ "slowapp.com$") { set req.backend = slow_j2ee_app; } else { set req.backend = other_backend; } }

17. Example: Serve static assets  sub vcl_recv { if (req.url ~ "^/(images|javascripts|styles)/") { remove req.http.cookie; } } sub vcl_fetch { if (req.url ~ "^/(images|javascripts|styles)/") { remove obj.http.set-cookie; } }

18. Example: Remove certain cookies  sub vcl_recv { set req.http.cookie = regsuball( req.http.cookie, "__utm.=[^;]+(; )?", "" ); set req.http.cookie = regsub(req.http.cookie, "; $", ""); if (req.http.cookie ~ "^ *$") { remove req.http.cookie; } }

19. Example: "Stale while revalidate"  Serve slightly stale content while a fresh version is fetched  => better user experience + no thread pileup  sub vcl_recv { set req.grace = 2m; } sub vcl_fetch { set obj.grace = 2m; } http://www.rfc‐editor.org/internet‐drafts/draft‐nottingham‐http‐stale‐controls‐00.txt 

20. Example: Backend is down  Serve cachable (outdated) content even when the backend is on ﬁre  sub_recv { if (req.backend.healthy) { set req.grace = 30s; } else { set req.grace = 1h; } } sub_fetch { set obj.grace = 1h; }

21. Tools: varnishtop  Most popular Browser / Agent:   varnishtop -i RxHeader -I ^User-Agent 2667.43 RxHeader User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9 459.54 RxHeader User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9 372.66 RxHeader User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9 369.90 RxHeader User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 353.06 RxHeader User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www 341.84 RxHeader User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 323.87 RxHeader User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 317.88 RxHeader User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9 250.55 RxHeader User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 231.82 RxHeader User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 173.69 RxHeader User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Most popular URLs:   varnishtop –i RxUrl Traﬃc sources:   varnishtop –i RxHeader –I ^Referer

22. Tools: varnishhist  | | | | Hits  | | | | | | | | | | | | || ||| ||| ||| ||| ||| ||| ||| ||| ||| |||| |||| Misses  |||| ||||| ||||| |||||| ## # #| +-------------+-------------+-------------+-------------+-------------+-------------+-------------+-------------+------------- |1e-6 |1e-5 |1e-4 |1e-3 |1e-2 |1e-1 |1e0 |1e1 |1e2

23. More Tools:    varnishlog:    Generate (customized) logs    varnishncsa:  Generate Apache compatible logs    varnishadm:  Manipulate a running varnishd       varnishadm -T localhost:6082 purge.url "^/images/" varnishadm –T localhost:6082 vcl.load newconf /etc/my.vcl   varnishreplay:  Parses a log generated by varnishlog              and replays the traﬃc! 

24. Varnish & Rails    Proper use of  expires_in instead of page caching    Only use  session if really necessary    Purging of content possible with:    `varnishadm –T #{hostport} purge.url #{url2purge}`   net/telnet   klarlack: http://github.com/schoefmax/klarlack    !secure the connection to varnish's admin interface!   (ssh tunnel, iptables etc.) 

25. Varnish & Rails: Sweepers  # environment.rb config.gem "schoefmax-klarlack", :lib => 'klarlack', :source => 'http://gems.github.com' VARNISH = Varnish::Client.new('1.2.3.4:6082') # app/sweepers/blog_sweeper.rb class BlogSweeper < ActionController::Caching::Sweeper observe Post include ActionController::UrlWriter after_save(post) expire_post(post) end after_destroy(post) expire_post(post) end private def expire_post(post) VARNISH.purge :url, post_path(post) VARNISH.purge :url, latest_posts_path end end

26. Misc: Edge Side Includes (ESI)    Invented by Akamai & Co.    <esi:include src="http://example.com/friend_feed"/>   http://www.w3.org/TR/esi‐lang    fragment_fu‐plugin for Rails (part of mongrel‐esi)  Header, TTL: 15 min  Activity‐ Nav,  Article,  Feed,  TTL:  TTL: 5 min  TTL:  60 min  2 min 

27. Misc: Fine tuning your setup    Use a non‐journaling file system (e.g. ext2) for storage file    Pre‐create storage file (minimizes fragmentation). 4GB:   dd if=/dev/zero of=storage.bin bs=4M count=1024   Tweak varnish's various startup settings – Twitters are:   http://projects.linpro.no/pipermail/varnish‐dev/2009‐February/000968.html 

28. Misc: Monitoring with munin 

29. Thank you.  •  http://www.varnish‐cache.org  •  http://github.com/schoefmax/klarlack  •  http://varnish.projects.linpro.no/wiki/VCL  •  http://varnish.projects.linpro.no/wiki/ArchitectNotes  •  http://www.rfc‐editor.org/internet‐drafts/draft‐nottingham‐http‐stale‐controls‐00.txt  •  http://projects.linpro.no/pipermail/varnish‐dev/2009‐February/000968.html  •  http://www.w3.org/TR/esi‐lang 