Search
Varnish Controller
Introduction Changelog Known Issues Upgrading Deprecation Version 5 Version 4 Version 3 Version 2 Version 1 Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Tag VCL Domain Deployment VCLGroup Deployment Types API Logs Private/Shared Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples User Interface API API Examples Invalidations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC FAQ Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels HTTP Routing Routing Decisions Organizations Private Agents Debugging Multiple Regions Staged Deployment

Version 5

Version 5.3.1 (2023-09-18)

Brainz

  • Resolved a bug in migration logic
  • Improved SQL query for inserting Varnish Statistics

Version 5.3.0 (2023-09-12)

General

  • Components built with Go 1.21.

Brainz

  • Improvements to file rollback functionality
  • Improved performance for database queries
  • Reject account locking of users own account

Agent

  • The agent now propagates the compile timeout to Varnish admin CLI.

Router

  • The traffic router default systemd file now has a LimitNOFILE set to 200000. This is to support a large number of connections towards the router.
  • Router logs for utilization of endpoints now includes the current utilization and the configured limit.

API-GW

  • Discard endpoint now responds 400 (Bad Request) on failure, instead of 200 (OK).
  • Prometheus statistics via the controller now includes router and domain.

VCLI

  • A new description endpoint added, to show counter descriptions (vcli with verbose (-v) now includes descriptions for statistics).
  • vcli now support --clear-health-headers for RoutingRules, to clear existing health-headers.

UI

  • Introduced descriptions for counters used in the dashboard.

  • Introduced account log.

  • Improved activity log. We now show all activity log for a specific resource, not only what that user has done.

  • Improved a11y.

  • Improved index table with VCLGroups now showing deployment status.

  • Improved error handling on dashboard widget involving tags.

  • Improved validation on ipv4 and ipv6.

  • Improved how we handle latency on creating/saving/deleting in buttons and redirects.

  • Improved draft/deployed switch in a VCLGroup.

  • Improved how we handle nested includes.

  • Improved the modal when a deploy is triggered with other VCLGroups connected.

  • Fixed “Related VCLGroups” file showing to include every file that is connected.

  • Fixed a bug where tags was removed when editing an existing widget in the dashboard.

  • Fixed a bug in the editor when switching between draft and deployed would lock the editor.

  • Fixed a bug where you couldn’t compile a file on two different accounts in the same browser.

Version 5.2.3 (2023-06-28)

Agent

  • Moving average has been added to avoid spiking values when the agent reports bandwidth utilization for varnish instances.
  • Fixed a bug where the agent did not report in the values for: temperature, busy and status to the controller for root deployed VCLGroups.

** UI **

  • Fixed a bug where “Related VCLGroups” wouldn’t show all the connected VCLGroups.

Version 5.2.2 (2023-06-20)

UI

  • Fixed a bug where certain includes wouldn’t be included in a VCLGroup.
  • Fixed a bug where it wasn’t possible to reset the tag in Geolocation route.

Version 5.2.1 (2023-06-13)

General

  • All binaries built with Go 1.20.5

Brainz

  • Bug fix where organization user with only read access to agents/routers could assign/remove tags. Now write access to agent/routers is required to assign/remove tags.
  • Improved performance when using API filters.

Agent

  • Updated default VCL templates:
    • Default Root VCL file (shared deployments) now responds 404 Not Found for requests towards a domain that is not deployed on the Varnish server.
    • Default temporary VCL that is used when nothing is deployed, now responds 404 Not Found to all requests.
    • These VCL templates can be customized, see Agent - Default VCL and Agent - Default Root VCL
  • Invalidations now uses dualstack and supports both IPv4 and IPv6.

Router

  • Router health probes now uses dualstack and supports both IPv4 and IPv6.

API-GW

  • Bug fix for deleting a domain that is in use, the API previously returned status code 503 Internal Server Error, now it will return 403 Bad Request.

UI

  • FIX: table bug when there was multiple pages and deleting a resource would redirect to first page.
  • FIX: Column filter button could disappear if user would hide the last visible column.
  • FIX: a bug when filtering on Varnish State Unknown wouldn’t work.
  • ADD: Missing toast when adding a Routing Rule.

Version 5.2.0 (2023-05-25)

General

  • All binaries built with Go 1.20.4
  • System debug has been reworked to contain more information about the applied configuration for each component.

Brainz

  • Various performance improvements to database calls.
  • Static tags for private agents/routers are now added to the owner organization.
    • Note: This fix will produce duplicate tags with same name but new IDs, existing tags will still be used for existing deployments.
  • Make sure it’s not possible to delete a tag used in a routing decision rule.
  • Fixed a bug that returned 200 OK when updating an organization with a new name or locked state as a regular user (it was not updated as it’s not allowed). Now 403 Forbidden is returned.
  • Possibility to configure how often invalidation retries should be done.
  • Fixed a bug where Staging ID could linger on the VCLGroup when it has been deleted.
  • Added possibility to delete a staged VCLGroup through regular VCLGroup delete command.
  • Added possibility for organization users to stage a VCLGroup.

Router

  • Improved CIDR routing decision that resolves an issue where two CIDR matches resulted in unpredicted match.

VCLI

  • VCLI now lists Last Deployed timestamp for deployed VCLGroups.

Agent

  • Custom kvstore counters are now added correctly to the Varnish Controller statistics.
  • Compile errors has been extended to also include stderr.

API-GW

UI

  • Optimize requests and reduce unnecessary ones.
  • Overall improvements to the dashboard and custom equations.
  • Fixed a bug where, in a very specific case, a included file could be overwritten.
  • Fixed a bug where a dropdown doesn’t respect the visible area.
  • Improved how we show healthstatus and other data for Routers.
  • Improved confirm modal when deploying a VCLGroup with more usefull information.
  • Improved and optimized deployed servers in table for VCLGroup.
  • Added new column Compile State in VCLGroup table to show last compile status.
  • Added a new column with Last Deployed time in VCLGroup table.
  • Improved how we handle missing permissions and the redirects.
  • Fixed a bug when user was logging out or changed user where it didn’t clear the user data as intended.
  • Fix so the user can redploy a VCLGroup even if the VCLGroup is stuck in a compiling or deploying state.
  • Fixed a bug when compiling a VCL file under certain conditions couldn’t recognize the includes.
  • Fixed a styling bug with error messages in router-health.

Version 5.1.4 (2023-05-04)

Router

  • Fixes a bug in the router that made it crash during health checks towards external routes (Releases prior to 5.1.2 are not affected).

Version 5.1.3 (2023-04-21)

General

  • All components built with Go 1.20.3.

Brainz

  • Fixed a bug where removing a RoutingRules from a VCLGroup would remove the RoutingRules from all VCLGroups that used the same RoutingRules.

Router

  • Added support for mixed-casing DNS responses in the Router to support Google’s mixed-casing domain lookups.

UI Server

  • Fixed an error that appeared when content retrieval to a non existing path was requested.

Version 5.1.2 (2023-03-22)

General

  • All components built with Go 1.20.2.

Brainz

  • Improved database indexes for faster queries.
  • Error log level when MMDB CSV file is not configured has been lowered to Info.

Router

  • Fixed a bug in the Request Router where random was redirected to an unhealthy endpoint.
  • Headers set for health probes in the Routing Rules are now sent in the same casing as configured.
  • Include gRPC Health and Routing Health information in router debug and system debug information.
  • Endpoint added to health probe logging information.

VCLI

  • vcli file now has -label support.

UI

  • Fixed an error in Invalidations where you couldn’t add new headers to existing invalidation.
  • Fixed a bug when having multiple includes with same name when creating/editing VCLGroups.
  • Fixed a bug involving renaming files in editor.

Version 5.1.1 (2023-02-27)

UI

  • UI: Fixed a bug where Tokens wouldn’t show in the menu for org-users.

Version 5.1.0 (2023-02-23)

General

  • All components built with Go 1.20.1
  • getent used as fallback to get uid/gid for components running as a user/group (to support IDM).

Brainz

  • Fixes an issue with varnish_stat_id_seq max ID error in the database.
  • Bug fixes for monitoring of agents during invalidation.
  • Improvements to deployment of VCLGroups.
  • UTC used for the database to avoid time zone issues.
  • Validation added for two or more VCLGroups with same domain cannot use different RoutingRules.
  • Validation added to verify that healthcheck window-size and threshold must be larger than 0.

Router

  • Router now reports correct NS records for private routers.
  • Request logging (to stdout) in the router now logs failed requests as well.
  • DebugHeader for RoutingRules, to only show debug information if a configured header is present.
  • X-Routed-For header for routed requests in a shared Varnish instance.
  • Support for regexp routing decision.
  • Support for reject decision routes in the router.
  • Flatbuffer schema for gRPC plugin updated (still backward compatible):
    • Tags for endpoints (all tags visible for that VCLGroup on the endpoint(agent)).
    • Custom endpoint includes CNAME, status_code, body and headers.
    • Endpoints include CNAME.
    • EndpointRequest includes a reject boolean that tells if the request was for a reject or not.
  • External routes location template support (for custom location format).
  • Support for CNAME for external routes.
  • Support for custom headers in router health checks.
  • NS records now presents the correct TTL.

Agent

API-GW

  • Fixes a bug where login via API required content-type application/json.

VCLI

  • Configuration file for the VCLI now have a stricter permission policy.
  • Various updates to VCLI help outputs.

UI Server

  • Add support for Brotli and Gzip asset files to be returned.
  • Add caching to asset files.
  • Add support for insecure TLS certs towards the API-GW.
  • Return the http timeout as a cookie for the controller UI to use as the compile timeout.

UI

  • Updated Vue to 2.7.
  • In preparing for Vue 3 upgrade there is now a new chart library (BillboardJS) implemented.
  • There is now a way to send varnishadm command to varnish servers from the UI.
  • UI is now using Gzip or Brotli for compression.
  • UI can now handle larger objects in CIDR/ASN/Geolocation.
  • Fixed bug in editor related to comments and includes.
  • Fixed an issue with CSRF token in UI.
  • Fixed an issue where large VCLs could get a timeout during the compilation stage.
  • Updated table component features and adding a search feature.
  • Removed the ability to remove static tags from an agent.
  • Made improvements to a11y.

Version 5.0.2 (2022-11-08)

General

  • NATS updated to latest version, v2.9.6.
  • All components built with Go 1.19.3
  • Improved logging for NATS connection/disconnection for api-gw/brainz/agent/router.

Router

  • The router now strips port from requested domain, to allow the router to run on none default ports.

Agent

  • Improved logging for Varnish-admin interface, logging of connection/disconnection towards Varnish.

API-GW

  • Fixed a a bug where the /stats/cpu, /stats/mem and /stats/net returned a 500 error.

VCLI

  • Improved error logging for the VCLI.

Version 5.0.1 (2022-10-25)

General

  • Dependencies has been upgraded to newer versions.

Brainz

  • Fixes a bug where brainz could panic during a StatusUpdate from the router.
  • Fixes a bug where invalidations got stuck when a VCLGroup was removed that had running invalidations.
  • Fixes a bug where invalidations could get stuck in Retrying state.
  • Fixes a bug where invalidations in Retrying state could not be deleted.

UI

  • Fixes a bug where domains always was shown as required when creating/editing a VCLGroup.

Version 5.0.0 (2022-10-18)

General

  • All components have NATS names with the format <type>-<name if exists(router/agent)>-<hostname>-<pid>.
  • System debug now collects information from the database in terms of configuration to ease debugging.
  • Dependencies has been updated to latest versions.
  • All components built with Go 1.19.2.
  • Nats-server updated to 2.8.4.
  • Debug call for agents/routers are now only available for system admin or owner of a router/agent (private).
  • All timestamps in the database will be in UTC timezone.
  • All components has been statically built (in previous versions they where dynamically linked)

Brainz

  • VCLGroup now has a state called DeployState that can take 3 states and the previous Deploy has been removed.
    • (1) Deployed
    • (2) Deploying
    • (3) Undeployed
  • New UUID format for Trace IDs
  • Fix for a bug where updating multiple domains on a VCLGroup could make brainz panic.
  • Improved metrics (CPU/Memory/Network) fetching for agents.
  • Improved deployment of VCLGroups

Agent

  • Support for private-token for starting as a private agent.
  • Support for custom keys for vmod accounting.
  • Support for multiple IPv4/IPv6 configuration via comma separated strings.
  • Use VTC to test compile VCLs to find issues earlier than before.
  • HeaderPlus VMOD is used in the shared root VCL to handle router redirect requests so that receiving VCL (via label) get the correct Host and URL for the redirected client requests.
  • Agent now uses its base-dir for temporary directory when testing and compiling VCL files.
  • Invalidation now supports TLS towards Varnish.
  • New varnish-invalidation-tls-verify flag for verification of TLS cert in validation.
  • The flag varnish-invalidation-tls now specifies if varnish is running with TLS or not.

Router

  • Support for private-token for starting as a private router.
  • Support for ASN/CIDR/Gelocation routing to tags.
  • Support for DNS routing with multiple A/AAAA records in responses.
  • Randomize selection of endpoints for external routes that has the same weight.

API-GW

  • The /api/v1/vcls endpoints have been removed and replaced with the existing /api/v1/files endpoints.
  • The /api/v1/agents/1/vclgroups endpoint has been removed, use /api/v1/vclgroups?agents.id=1&vg_states.deployed=true instead.
  • The /api/v1/tags/1/agents endpoint has been removed, use /api/v1/agents?tags.id=1 instead.
  • The /api/v1/vclgroups/1/agents endpoint has been removed, use /api/v1/agents?vcl_groups.id=1&vg_states.deployed=true instead.
  • The operator=and has been removed from the filters, instead of ?tags.id=1,2&operator=and use ?tags.id[all]=1,2.
  • UptimeSeconds has been added to Router and Agents data structures. Showing seconds since they were last started.
  • Added support for an oAuth token request to retrieve access tokens for Prometheus & Grafana, more info here.
  • /api/v1/asnroutes Supports ASN routing rule configuration.
  • /api/v1/cidrroutes Supports CIDR routing rule configuration.
  • /api/v1/geolocationroutes Supports Geolocation routing rule configuration.
  • /api/v1/geolocationroutes/location/suggestions/ Finds locations based on fuzzying.
  • /api/v1/geolocationroutes/location/lookup/ Finds a specific location based on geoname ID.
  • Added support for filtering on agents, routers and vclgroups at the statistics endpoints
  • Swagger docs improvements.

CLI

  • Added whoami command to see which user is logged in.
  • The vcls commands are removed, use files instead.
  • New command for states of VCLGroups, vcli vg state (shows errors of deployments).
  • New command vcli license inspect to get full API JSON output of the license.
  • Flags --csv and --json removed from all inspect commands, as it’s always JSON (raw API output).
  • Improved table as JSON formatting (when using --json).
  • vcli inspect <command> now always outputs an array, even for results with one object.
  • vcli account update now outputs updated elements only.
  • vcli ers update now supports -f filter flag.
  • vcli ipd update now outputs updated elements only.
  • vcli org update now outputs updated elements only.
  • vcli perm update now outputs updated elements only.
  • vcli pgrpc update now supports -f filter flag.
  • vcli rps update now supports -f filter flag.
  • vcli vg update now outputs updated elements and will no longer fail when updating names.
  • Commands perm, account, idp and org now lists all entries after delete.
  • Delete no longer fails if there are no elements left to list.
  • Confirmation added for org update, tag update and perm add to avoid mistakes.
  • vcli org update now supports -y to avoid interactive confirmation.
  • Flag -name added for update of routingplugins and grpc.
  • Removed -idp flag from org add as the org needs to be created before adding an IDP to an org.
  • Removed -v from session (was showing same output).
  • perm now skips created/updated without -v flag.
  • externalroutes skips created/updated without the -v flag.
  • idps skips created/updated without -v flag.
  • org now have -v (shows created/updated).
  • asnroutes Supports ASN routing rule configuration.
  • cidrroutes Supports CIDR routing rule configuration.
  • geolocationroutes Supports Geolocation routing rule configuration.
  • Fixed a bug where you could not update files / VCLs with a filter -fid=1.
  • Improved error handling when requesting json output, all errors are now shown in JSON format.
  • Fixed a bug where the CLI showed a draft state when there was no draft state due to a different order of included VCLs.

UI

  • Added a new feature (CDN map) to show agents and routers on a worldmap with some useful information.
  • Added darkmode.
  • Added pages for routing decisions.
  • Added pages for private and shared tokens.
  • Overhauled the workflow and UI design of the whole app.
  • Added more information when VCL compilation fails in a VCLGroup.
  • Fixed a bug in dashboard with custom equation.
  • Various improvements and bug fixes in the dashboard.
Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
News
Varnish Enterprise 6.0.11r6
Varnish Controller 5.3.1
Varnish Controller 5.3.0
Base64 decoding vulnerability in vmod-digest
Varnish Enterprise 6.0.11r5
News archive