SearchVarnish Enterprise
The Varnish Enterprise offering has Enterprise at its core, as most components interact with it in one way or another. Though installing Enterprise first is recommended, some other components (like the Varnish Administration Console) can be installed independently.
When you sign up for Varnish Enterprise, you’ll receive a welcome letter with the necessary installation information. This includes a unique token for your account, which will be represented as TOKEN in this guide.
Installing Varnish Enterprise is a two step process:
Note: If you can’t locate your username and password, contact support@varnish-software.com.
See the Packages page for full and up-to-date list.
Varnish Enterprise is supported on 64bit systems with Intel or AMD processors (x64).
Since we’re modifying system configurations and installing new packages, all commands below are expected to be run as root. As usual, great powers comes with great responsibility, please make sure that important information is backed up before proceeding.
Note: Though easy and practical, this method isn’t recommended for setting up production environments.
You can install Varnish Enterprise by downloading and running setup.sh:
# this will ask you for you repository token,
# then install the default set of Enterprise packages
curl https://docs.varnish-software.com/scripts/setup.sh | bash
Specify a repository token for a fully automated install:
curl https://docs.varnish-software.com/scripts/setup.sh | TOKEN=$TOKEN bash
Use the INSTALL environment variable to restrict the packages you want to install an to specify their version:
curl https://docs.varnish-software.com/scripts/setup.sh | TOKEN=$TOKEN INSTALL="varnish-plus varnish-broadcaster-1.2.0-1.el7" bash
Note: On rhel platforms, Transparent Huge Pages are usually active by default. Please check the Notes section below on how to deactivate them.
You’ll need to disable the Varnish DNF module before installation to avoid conflicts and issues related to package compatibility. This is for RHEL 8 based distributions only.
Run the following command:
dnf -y module disable varnish
Sample output:
[root@Your-Machine ~]# dnf -y module disable varnish
varnish-enterprise-60 1.4kB/s|833B 00:00
varnish-enterprise-60 39kB/s|3.8kB 00:00
Importing GPG key 0x96070917:
Userid :"https://packagecloud.io/varnishplus/60
(https://packagecloud.io/docs#gpg_signing) <support@packagecloud.io>"
Fingerprint: CE98 860E 21CE CAE9 5429 3743 5E00 8F49 9607 0917
From :
https://your-token-here:@packagecloud.io/varni shplus/60/gpgkey
varnish-enterprise-60 337kB/s|224kB 00:00
Dependencies resolved.
==============================================================================
Package Architecture Version Repository Size
===============================================================================
Disabling modules:
varnish
Transaction Summary
==============================================================================
Create or edit /etc/yum.repos.d/varnish-enterprise-6.0.repo to contain the repository details:
[varnish-enterprise-60]
name=varnish-enterprise-60
baseurl=https://TOKEN:@packagecloud.io/varnishplus/60/el/$releasever/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://TOKEN:@packagecloud.io/varnishplus/60/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
Note: Be sure to replace the ${TOKEN} with the Package cloud token found in the credential section.
The epel-release repository or, “Extra Packages for Enterprise Linux” (EPEL), contains some dependencies that Varnish Enterprise packages will require.
Run the following command:
yum install -y epel-release
This output will confirm the installation:
...
Installed:
epel-release-8-18.el8.noarch
...
Install Varnish Enterprise with the required dependencies.
Run the following command:
yum install -y varnish-plus
The following output will confirm the installation:
...
Installed:
annobin-10.94-1.el8.x86_64 binutils-2.30-119.el8.x86_64
cpp-8.5.0-18.el8.x86_64
dwz-0.12-10.el8.x86_64 efi-srpm-macros-3-3.el8.noarch
gcc-8.5.0-18.el8.x86_64
.
.
.
.
varnish-plus-selinux-6.0.11r4-1.el8.noarch
zip-3.0-23.el8.x86_64
...
You’ll probably want to enable CRB too if you need varnish-modules, check the section Varnish modules
Packages in our repositories are signed and distributed via HTTPS, so you’ll need to enable HTTPS support in the package manager and install our public key first:
apt-get install -y apt-transport-https
curl -L https://TOKEN:@packagecloud.io/varnishplus/60/gpgkey | apt-key add -
To use our Varnish Enterprise repositories, paste the following in /etc/apt/sources.list.d/varnish-enterprise-6.0.list:
# be sure to replace "DIST" with "ubuntu" or "debian", and "RELEASE" with
# "xenial", "bionic" or "stretch" depending on your exact platform
# Varnish Enterprise 6.0 and VMODs
deb https://TOKEN:@packagecloud.io/varnishplus/60/DIST/ RELEASE main
If you are using Debian 9.0 (stretch), paste the following in /etc/apt/sources.list.d/sources.list:
deb http://deb.debian.org/debian stretch-backports main
Finish by updating the apt database and installing the varnish-plus package:
apt-get update
apt-get install -y varnish-plus
This checks the installed Varnish version, which could be helpful to include when submitting a support request. Note: Version may have changed from example below
The -V argument will output the exact varnishd version installed on your system (which should be varnish-plus):
[root@Your-Machine ~]# varnishd -V
varnishd (varnish-plus-6.0.11r4 revision 676b15e5f7393eb5d5700df47ea504055db032d4)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2023 Varnish Software AS
Enable the service and verify that it’s running:
[root@Your-Machine ~]# systemctl enable --now varnish && systemctl status varnish
● varnish.service - Varnish Cache Plus, a high-performance HTTP accelerator
Loaded: loaded (/usr/lib/systemd/system/varnish.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2023-08-09 23:26:28 UTC; 13min ago
Process: 16004 ExecStart=/usr/sbin/varnishd -a :6081 -a
localhost:8443,proxy -T localhost:6082 -S /etc/varnish/secret -p feature=+http2 -r vcc_allow_inline_c -r allow_exec >
Main PID: 16005 (varnishd)
Tasks: 223
Memory: 156.4M
CGroup: /system.slice/varnish.service
├─16005 /usr/sbin/varnishd -a :6081 -a localhost:8443,proxy -T localhost:6082 -S /etc/varnish/secret -p feature=+http2 -r vcc_allow_inline_c -r allow_exec -f /etc/>
└─16015 /usr/sbin/varnishd -a :6081 -a localhost:8443,proxy -T localhost:6082 -S /etc/varnish/secret -p feature=+http2 -r vcc_allow_inline_c -r allow_exec -f /etc/>
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Debug: Version: varnish-plus-6.0.11r4 revision 676b15e5f7393eb5d5700df47ea504055db032d4
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Debug: Platform: Linux,4.18.0-477.10.1.el8_8.x86_64,x86_64,-junix,-smse,-hcritbit
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Version: varnish-plus-6.0.11r4 revision 676b15e5f7393eb5d5700df47ea504055db032d4
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Platform: Linux,4.18.0-477.10.1.el8_8.x86_64,x86_64,-junix,-smse,-hcritbit
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Debug: Child (16015) Started
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Child (16015) Started
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Child launched OK
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Child (16015) said
Child starts
Aug 09 23:26:28 AMSI-Machine systemd[1]: Started Varnish Cache Plus,
a high-performance HTTP accelerator.
Aug 09 23:26:28 AMSI-Machine; varnishd[16005]: Child (16015) said
Environment mse fully populated in 0.00 seconds. (0.00 0.00 0.00 0 0 0/1 0 0 0 0)
Using cURL against localhost at port 6081 indicates that Varnish is listening and responding to incoming traffic coming.
Run the following:
[root@Your-Machine ~]# curl -I localhost:6081
It should return something like this:
HTTP/1.1 503 Backend fetch failed
Date: Wed, 09 Aug 2023 23:29:22 GMT
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
X-Varnish: 2
Age: 0
Via: 1.1 varnish (Varnish/6.0)
Content-Length: 278
Connection: keep-alive
The X-Varnish and Via headers confirm that we are, indeed, talking to Varnish.
To find out more about OS:
[root@Your-Machine ~]# cat /etc/os-release
Transparent Huge Pages is a Linux kernel feature to improve performance by more efficiently using a processors’ memory mapping hardware. This is a feature that is enabled by default on most recent Linux distributions.
The approach in Varnish is to assume no huge page is delivered by default and
it will explicitly request huge pages when it is a known benefit for
performance. It is therefore recommended to configure the system to disable
huge pages by default but to honor explicit huge page requests by setting the
policy to madvise.
Alternatively, setting the setting to never can be used safely but some
optimisations within Varnish will have no effect.
The procedure to configure THP will vary based on the distribution being used. Please consult with the manual for your distribution for the correct steps to take.
For example, on RHEL 7 and later to configure THP add or modify the
transparent_hugepage=madvise kernel parameter in /etc/default/grub.
The shared memory log contains file which are used for communicating
logs and counters to log consumers like varnishncsa and
varnishlog. In some circumstances, having these files on a physical
medium can create performance problems. For this reason it is strongly
recommended to mount the /var/lib/varnish/ directory as a tmpfs
file system.
If you choose to limit the size of the tmpfs file system, a
reasonable size is three times the varnishd parameter vsl_space.
The Linux kernel has a global system-wide parameter controlling how many memory maps processes are allowed to use. When a process needs more maps than allowed the operation fails indicating no memory could be allocated. This will often result in a Varnish panic and crash even when there is plenty of physical memory available in the system.
The global parameter is changed using the sysctl value vm.max_map_count and
it should be configured at a value high enough for Varnish to operate,
a value of 262144 or above is highly recommended.
While some distributions have a default value that is much higher than what Varnish requires other distributions like RHEL leverage a very conservative value.
The currently enforced value on the system can be read in multiple ways:
[root@Your-Machine ~]# sysctl vm.max_map_count
vm.max_map_count = 262120
[root@Your-Machine ~]# cat /proc/sys/vm/max_map_count
262120
When the value is lower than 262120, the value must be changed using sysctl, and this change must be persisted or it will reset upon next server boot. The following commands persist the change, reload the sysctl configuration and verify the enforced value:
[root@Your-Machine ~]# echo "vm.max_map_count=262120" > /etc/sysctl.d/99-vm-max-map-count.conf
[root@Your-Machine ~]# sysctl --system
[root@Your-Machine ~]# sysctl vm.max_map_count
vm.max_map_count = 262120
[root@Your-Machine ~]# cat /proc/sys/vm/max_map_count
262120
For more detailed information please refer to the documentation of the Linux kernel and of your distribution.
In 6.0, many Varnish modules (VMODs) are embedded in the varnish-plus
package and no extra installation is required.
Modules with third-party package dependencies (libcurl, libmemcached) are
available in a separate package called varnish-plus-vmods-extra. This
package is not installed by default. In EL9, some of these dependencies are
satisfied by packages from the CodeReady Builder (CRB) repository. If you’d
like to install varnish-plus-vmods-extra, please enable the CRB repository first:
# Only needed if dnf config-manager is not installed
sudo dnf install -y 'dnf-command(config-manager)'
sudo dnf config-manager --set-enabled crb
sudo dnf install varnish-plus-vmods-extra
The CodeReady Builder repository has different name depending on what OS you
are using. In AlmaLinux 9 and Rocky Linux 9 its called crb. With Red Hat
Enterprise Linux 9 the actual name depends on the cloud provider but should
usually contain codeready-builder-for-rhel:
sudo dnf config-manager --set-enabled '*codeready-builder-for-rhel*'
The command dnf repolist --all will print the exact name of all available
repositories, including the CodeReady Builder repository.
The source code for some of these VMODs are available at https://github.com/varnish/varnish-modules/.