Search
varnish-controller7
Varnish Controller 7 Changelog Version 7 Known Issues Upgrading Previous Versions Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Git Tag Files Domain Certificates Roles VCLGroup ACME API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples CLI Manual User Interface API API examples Invalidations Integrations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Private Agents Debugging Multiple Regions OIDC - Microsoft Entra (Azure AD) Drain Traffic Config/ConfigSet Organizations

Varnish Controller 7

This is the documentation for Varnish Controller version 7. Documentation for previous releases can be found here. Varnish Controller version 7 comes with a lot of new features that required a full overhaul of the existing documentation and to make the documentation more clear.

The biggest changes in version 7 are:

  • Deployments has been removed and replaced with TagSets for VCLGroups.
  • File versioning has been added to the controller.
  • Git support
  • Let’s Encrypt (ACME) Support (automatic TLS certificates management)
  • New database layer to improve performance
  • Long Lived Tokens

Introduction

Varnish Controller’s main function is to manage a cluster of Varnish servers. Some new concepts have been introduced to create a system that’s both generic and highly flexible. Though all communication with the system is conducted using a REST API, an easy-to-use Command Line Interface (CLI) is provided.

Building blocks

Varnish Controller consists of three main parts:

  • The Agent interacts with the Varnish process and is responsible for VCL deployments.

  • The Brainz process handles all system-wide decision-making.

  • The API-GW (API Gateway) serves a REST API to control the system.

These services can be scaled horizontally by adding more processes of the same kind.

  • The fourth component called Router (Varnish Traffic Router) is used to route traffic to the most appropriate Varnish server based on different configurable decisions, using either HTTP302 or DNS.

Communication

A vital part of these processes is interprocess communication. This is performed over NATS; a lightweight, high-performance messaging service. NATS is a free, third-party, open-source software. Communication over NATS can be encrypted - see the installation guide.

Varnish integration

A Varnish instance handled by Varnish Controller shouldn’t be manually modified when it comes to loading VCLs. The agent takes control of the Varnish instance and removes any loaded label/VCL that isn’t related to what’s deployed within Varnish Controller. All VCL changes must be made exclusively from the Varnish Controller API/CLI. Since agents handle the deployments to Varnish servers, this document refers to both servers and agents, interchangeably.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
News
Varnish Controller 7.0.0
Varnish Enterprise vulnerability in MSE4 when handling range requests
HTTP/1 client-side desync vulnerability
Varnish Controller 6.6.8
Container images updated to Debian bookworm
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203