Search

Containers

Varnish Controller is well-suited for running in containers. The common requirement for Agents, Routers, Brainz and API-GW is that they all need to be able to communicate over NATS. The API-GW needs to be able to expose HTTP(S) port. The Agent needs to reach Varnish secret and administration ports and Varnish needs to read the Agent base directory. If routers are used they need to expose HTTP(S) endpoints to receive traffic.

Docker Images

We provide prebuilt docker images for Varnish Controller. These exists in our quay.io registry. Please see https://docs.varnish-software.com/tutorials/getting-started-with-docker/ to get started.

Docker-Compose Example

Using docker-compose it is possible to run a full Varnish Controller setup with Docker. The following docker-compose is an example and may require modification for your environment. The example uses our official Docker images from quay.io. This requires a valid Varnish Controller license.

The example also shows how to run Varnish with TLS, using existing certificates. This requires a tls.cfg and the certificate files in the Varnish container. Please visit https://docs.varnish-software.com/varnish-enterprise/features/client-ssl/ for more information about TLS.

- /home/user/certificates/:/etc/varnish/certs/
- /home/user/varnish-controller7/tls.cfg:/etc/varnish/tls.cfg

- "VARNISH_EXTRA=-A /etc/varnish/tls.cfg"

To make the example complete, the database is also running in Docker via docker-compose. The data is stored in a mounted Docker volume. However, we recommend to run the database with backups etc. outside of Docker.

The directory named /home/user/varnish-controller7 can be replaced with a directory containing the following files:

  • license.lic - Varnish Controller License file
  • tls.cfg - TLS configuration for Varnish (optional)

Docker volumes used:

  • varnish - mounted to /var/lib/varnish (used by varnish and agent services)
  • vcontroller - mounted to /etc/varnish (used by varnish, agentandrouter` services)
  • dbdata - mounted to /var/lib/postgresql/data (used by db service)

The ports exposed on the host machine are the following:

  • 80 - For HTTP traffic towards Varnish
  • 81 - For HTTP traffic towards the traffic router
  • 443 - For HTTPS traffic towards Varnish
  • 8002 - Varnish Controller API endpoint
  • 8080 - Varnish Controller UI

Use docker-compose up to start the services.

version: '3.6'
services:
  varnish:
     container_name: varnish
     image: "quay.io/varnish-software/varnish-plus:latest"
     hostname: varnish
     restart: always
     volumes:
         - type: "volume"
           source: vcontroller
           target: /etc/varnish
         - type: "volume"
           source: varnish
           target: /var/lib/varnish
         - /home/user/certificates/:/etc/varnish/certs/
         - /home/user/varnish-controller7/tls.cfg:/etc/varnish/tls.cfg
     environment:
       - "VARNISH_ADMIN_LISTEN_ADDRESS=0.0.0.0"
       - "VARNISH_EXTRA=-A /etc/varnish/tls.cfg"
     ports:
       - "80:6081"
       - "443:443"
     networks:
       - external
       - internal

  router:
    container_name: router
    image: 'quay.io/varnish-software/varnish-controller7-router:latest'
    hostname: router
    restart: always
    volumes:
        - type: "volume"
          source: vcontroller
          target: /etc/varnish
    links:
      - nats
    environment:
      - "VARNISH_CONTROLLER_ROUTER_NAME=router1"
      - "VARNISH_CONTROLLER_BASE_DIR=/etc/varnish/router1"
      - "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
      - "VARNISH_CONTROLLER_LOG=info"
      - "VARNISH_CONTROLLER_TAGS=prod"
    ports:
      - "81:8080"
    depends_on:
      - nats
    networks:
      - external
      - internal

  agent:
    container_name: agent
    image: 'quay.io/varnish-software/varnish-controller7-agent:latest'
    hostname: agent
    restart: always
    volumes:
        - type: "volume"
          source: vcontroller
          target: /etc/varnish
        - type: "volume"
          source: varnish
          target: /var/lib/varnish
    links:
      - varnish
      - nats
    environment:
      - "VARNISH_CONTROLLER_AGENT_NAME=agent1"
      - "VARNISH_CONTROLLER_BASE_DIR=/etc/varnish/agent1"
      - "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
      - "VARNISH_CONTROLLER_LOG=info"
      - "VARNISH_CONTROLLER_STATS_INTERVAL=60s"
      - "VARNISH_CONTROLLER_VARNISH_NAME=varnish"
      - "VARNISH_CONTROLLER_VARNISH_HOST=varnish"
      - "VARNISH_CONTROLLER_VARNISH_SECRET=/etc/varnish/secret"
      - "VARNISH_CONTROLLER_VARNISH_ADMIN_PORT=6082"
      - "VARNISH_CONTROLLER_TAGS=prod"
      - "VARNISH_CONTROLLER_BASE_URL=http://192.168.99.102"
    depends_on:
      - nats
    networks:
      - internal

  apigw:
    container_name: apigw
    image: 'quay.io/varnish-software/varnish-controller7-api-gw:latest'
    hostname: apigw
    restart: always
    environment:
      - "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
      - "VARNISH_CONTROLLER_LOG=info"
      - "VARNISH_CONTROLLER_PORT=8002"
    depends_on:
      - nats
      - brainz
    ports:
        - "8002:8002"
    networks:
      - external
      - internal

  brainz:
    container_name: brainz
    image: 'quay.io/varnish-software/varnish-controller7-brainz:latest'
    hostname: brainz
    restart: always
    volumes:
      - /home/user/varnish-controller7/license.lic:/var/lib/varnish-controller7/varnish-controller7-brainz/license.lic
    links:
      - nats
    environment:
      - "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
      - "VARNISH_CONTROLLER_DB_USER=varnish-controller"
      - "VARNISH_CONTROLLER_DB_PASS=varnish-controller"
      - "VARNISH_CONTROLLER_DB_NAME=varnish-controller"
      - "VARNISH_CONTROLLER_DB_SERVER=db"
      - "VARNISH_CONTROLLER_LOG=info"
      - "VARNISH_CONTROLLER_MOD_ADMIN_USER=true"
      - "VARNISH_CONTROLLER_SYSTEM_ADMIN_USER=test"
      - "VARNISH_CONTROLLER_SYSTEM_ADMIN_PASS=test"
    depends_on:
      - db
      - nats
    networks:
      - internal

  controller-ui:
    container_name: controllerui
    image: 'quay.io/varnish-software/varnish-controller7-ui:latest'
    hostname: ui
    restart: always
    environment:
        - "VARNISH_UI_SERVER_API_HOSTS=http://apigw:8002"
        - "VARNISH_UI_SERVER_CSP=false"
    depends_on:
      - apigw
    ports:
        - "8080:8080"
    networks:
      - external
      - internal

  db:
    container_name: psql
    image: postgres
    hostname: db
    restart: always
    volumes:
      - dbdata:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: varnish-controller
      POSTGRES_PASSWORD: varnish-controller
    networks:
      - internal

  nats:
    container_name: nats
    image: 'quay.io/varnish-software/varnish-controller7-nats:latest'
    hostname: nats
    restart: always
    expose:
      - "4222"
    networks:
      - internal


volumes:
  vcontroller:
  dbdata:
  varnish:

networks:
  internal:
    driver: bridge
    internal: true
  external:
    driver: bridge

®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203