SearchVarnish Controller is well-suited for running in containers. The common requirement for Agents, Routers, Brainz and API-GW is that they all need to be able to communicate over NATS. The API-GW needs to be able to expose HTTP(S) port. The Agent needs to reach Varnish secret and administration ports and Varnish needs to read the Agent base directory. If routers are used they need to expose HTTP(S) endpoints to receive traffic.
We provide prebuilt docker images for Varnish Controller. These exists in our quay.io registry. Please see https://docs.varnish-software.com/tutorials/getting-started-with-docker/ to get started.
Using docker-compose it is possible to run a full Varnish Controller setup with Docker. The
following docker-compose is an example and may require modification for your environment. The
example uses our official Docker images from quay.io. This requires a valid Varnish Controller
license.
The example also shows how to run Varnish with TLS, using existing certificates. This requires a
tls.cfg and the certificate files in the Varnish container. Please visit
https://docs.varnish-software.com/varnish-enterprise/features/client-ssl/ for more information
about TLS.
- /home/user/certificates/:/etc/varnish/certs/
- /home/user/varnish-controller7/tls.cfg:/etc/varnish/tls.cfg
- "VARNISH_EXTRA=-A /etc/varnish/tls.cfg"
To make the example complete, the database is also running in Docker via docker-compose. The data is stored in a mounted Docker volume. However, we recommend to run the database with backups etc. outside of Docker.
The directory named /home/user/varnish-controller7 can be replaced with a directory containing the
following files:
license.lic - Varnish Controller License filetls.cfg - TLS configuration for Varnish (optional)Docker volumes used:
varnish - mounted to /var/lib/varnish (used by varnish and agent services)vcontroller - mounted to /etc/varnish (used by varnish, agentandrouter` services)dbdata - mounted to /var/lib/postgresql/data (used by db service)The ports exposed on the host machine are the following:
80 - For HTTP traffic towards Varnish81 - For HTTP traffic towards the traffic router443 - For HTTPS traffic towards Varnish8002 - Varnish Controller API endpoint8080 - Varnish Controller UIUse docker-compose up to start the services.
version: '3.6'
services:
varnish:
container_name: varnish
image: "quay.io/varnish-software/varnish-plus:latest"
hostname: varnish
restart: always
volumes:
- type: "volume"
source: vcontroller
target: /etc/varnish
- type: "volume"
source: varnish
target: /var/lib/varnish
- /home/user/certificates/:/etc/varnish/certs/
- /home/user/varnish-controller7/tls.cfg:/etc/varnish/tls.cfg
environment:
- "VARNISH_ADMIN_LISTEN_ADDRESS=0.0.0.0"
- "VARNISH_EXTRA=-A /etc/varnish/tls.cfg"
ports:
- "80:6081"
- "443:443"
networks:
- external
- internal
router:
container_name: router
image: 'quay.io/varnish-software/varnish-controller7-router:latest'
hostname: router
restart: always
volumes:
- type: "volume"
source: vcontroller
target: /etc/varnish
links:
- nats
environment:
- "VARNISH_CONTROLLER_ROUTER_NAME=router1"
- "VARNISH_CONTROLLER_BASE_DIR=/etc/varnish/router1"
- "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
- "VARNISH_CONTROLLER_LOG=info"
- "VARNISH_CONTROLLER_TAGS=prod"
ports:
- "81:8080"
depends_on:
- nats
networks:
- external
- internal
agent:
container_name: agent
image: 'quay.io/varnish-software/varnish-controller7-agent:latest'
hostname: agent
restart: always
volumes:
- type: "volume"
source: vcontroller
target: /etc/varnish
- type: "volume"
source: varnish
target: /var/lib/varnish
links:
- varnish
- nats
environment:
- "VARNISH_CONTROLLER_AGENT_NAME=agent1"
- "VARNISH_CONTROLLER_BASE_DIR=/etc/varnish/agent1"
- "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
- "VARNISH_CONTROLLER_LOG=info"
- "VARNISH_CONTROLLER_STATS_INTERVAL=60s"
- "VARNISH_CONTROLLER_VARNISH_NAME=varnish"
- "VARNISH_CONTROLLER_VARNISH_HOST=varnish"
- "VARNISH_CONTROLLER_VARNISH_SECRET=/etc/varnish/secret"
- "VARNISH_CONTROLLER_VARNISH_ADMIN_PORT=6082"
- "VARNISH_CONTROLLER_TAGS=prod"
- "VARNISH_CONTROLLER_BASE_URL=http://192.168.99.102"
depends_on:
- nats
networks:
- internal
apigw:
container_name: apigw
image: 'quay.io/varnish-software/varnish-controller7-api-gw:latest'
hostname: apigw
restart: always
environment:
- "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
- "VARNISH_CONTROLLER_LOG=info"
- "VARNISH_CONTROLLER_PORT=8002"
depends_on:
- nats
- brainz
ports:
- "8002:8002"
networks:
- external
- internal
brainz:
container_name: brainz
image: 'quay.io/varnish-software/varnish-controller7-brainz:latest'
hostname: brainz
restart: always
volumes:
- /home/user/varnish-controller7/license.lic:/var/lib/varnish-controller7/varnish-controller7-brainz/license.lic
links:
- nats
environment:
- "VARNISH_CONTROLLER_NATS_SERVER=nats://nats:4222"
- "VARNISH_CONTROLLER_DB_USER=varnish-controller"
- "VARNISH_CONTROLLER_DB_PASS=varnish-controller"
- "VARNISH_CONTROLLER_DB_NAME=varnish-controller"
- "VARNISH_CONTROLLER_DB_SERVER=db"
- "VARNISH_CONTROLLER_LOG=info"
- "VARNISH_CONTROLLER_MOD_ADMIN_USER=true"
- "VARNISH_CONTROLLER_SYSTEM_ADMIN_USER=test"
- "VARNISH_CONTROLLER_SYSTEM_ADMIN_PASS=test"
depends_on:
- db
- nats
networks:
- internal
controller-ui:
container_name: controllerui
image: 'quay.io/varnish-software/varnish-controller7-ui:latest'
hostname: ui
restart: always
environment:
- "VARNISH_UI_SERVER_API_HOSTS=http://apigw:8002"
- "VARNISH_UI_SERVER_CSP=false"
depends_on:
- apigw
ports:
- "8080:8080"
networks:
- external
- internal
db:
container_name: psql
image: postgres
hostname: db
restart: always
volumes:
- dbdata:/var/lib/postgresql/data
environment:
POSTGRES_USER: varnish-controller
POSTGRES_PASSWORD: varnish-controller
networks:
- internal
nats:
container_name: nats
image: 'quay.io/varnish-software/varnish-controller7-nats:latest'
hostname: nats
restart: always
expose:
- "4222"
networks:
- internal
volumes:
vcontroller:
dbdata:
varnish:
networks:
internal:
driver: bridge
internal: true
external:
driver: bridge
docker-compose pull.