SearchVarnish Enterprise
The Varnish Enterprise offering has Enterprise at its core, as most components interact with it in one way or another. Though installing Enterprise first is recommended, some other components (like the Varnish Administration Console) can be installed independently.
When you sign up for Varnish Enterprise, you’ll receive a welcome letter with the necessary installation information. This includes a unique token for your account, which will be represented as <your_token_here> in this guide.
Installing Varnish Enterprise is a two step process:
When you sign up for Varnish Enterprise, you’ll receive a welcome letter with the necessary installation information. This includes a unique token for your account, which will be represented as TOKEN in this guide.
Note: If you can’t locate your username and password, or your license file, contact support@varnish-software.com.
See the Packages page for full and up-to-date list.
Varnish Enterprise is supported on 64bit systems with Intel or AMD processors (x64).
Free Varnish Enterprise repositories are located on packagecloud.io which provides detailed informations for both debian-based and rpm-based system.
They also very conveniently offer a quick install script:
curl -s https://packagecloud.io/install/repositories/varnishplus/60-enterprise/script.deb.sh | bash
apt-get install varnish-plus
curl -s https://packagecloud.io/install/repositories/varnishplus/60-enterprise/script.rpm.sh | bash
dnf install epel-release
dnf install varnish-plus
If you have a license you wish to use, replace the bundled /etc/varnish/varnish-enterprise.lic file with your own.
You can now proceed to the After installation section.
Since we’re modifying system configurations and installing new packages, all commands below are expected to be run as root. As usual, great powers comes with great responsibility, please make sure that important information is backed up before proceeding.
Note: Though easy and practical, this method isn’t recommended for setting up production environments.
You can install Varnish Enterprise by downloading and running setup.sh:
# this will ask you for you repository token,
# then install the default set of Enterprise packages
curl https://docs.varnish-software.com/scripts/setup.sh | bash
Other usages are possible for automation:
# Specify a repository token for a fully automated install:
curl https://docs.varnish-software.com/scripts/setup.sh | TOKEN=<your_token_here> bash
# Use the INSTALL environment variable to restrict the packages you want to install an to specify their version:
curl https://docs.varnish-software.com/scripts/setup.sh | TOKEN=<your_token_here> INSTALL="varnish-plus varnish-broadcaster-1.2.0-1.el7" bash
# To see all the relevant environment variables
curl -s https://docs.varnish-software.com/scripts/setup.sh | bash -s -- -h
usage: VAR1=VALUE1 VAR2=VALUE2 bash
This help script aims to provide a smooth way to setup varnish-plus repositories
as well as installing software contained in them.
It takes no arguments but instead reads environment variables to adapt its
behavior:
TOKEN The token to acess the repository (varnish-plus/6.0 by
default)
DIST Force the Linux distribution to use (ubuntu, debian, centos).
Setting this variable disables the OS autodection, so you will
need to set REL too
If set to "ask", display a menu instead of trying to guess it.
REL The release of the current distribution (eg. xenial for ubuntu,
7 for centos). This is only needed if you forced DIST
OVERWRITE If not empty, asks before removing files (repos and gpg keys)
INSTALL Override the list of varnish-plus packages to install
REPO What repository to use (60, 60-akamai-connector,
60-deviceatlas or 60-waf). It'll impact the default
INSTALL value.
VERBOSE If not empty, run the package managers in quiet mode
GPGKEY Where the gpg key authenticating the repository can be
stored (default: /tmp/varnish-plus-6.0.gpg)
Note: On rhel platforms, Transparent Huge Pages are usually active by default. Please check the Notes section below on how to deactivate them.
# save your token in /etc/yum/vars/varnish60token
echo "<your_token_here>" > /etc/yum/vars/varnish60token
# the epel repository contains dependencies we need
dnf -y install epel-release
. /etc/os-release
if [ "$PLATFORM_ID" = "platform:el8" ]; then
# disable varnish module, only for el:8
dnf -y module disable varnish
fi
cat << 'EOF' > /etc/yum.repos.d/varnish-enterprise-6.0.repo
[varnish-enterprise-60]
name=varnish-enterprise-60
baseurl=https://$varnish60token:@packagecloud.io/varnishplus/60/el/$releasever/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://$varnish60token:@packagecloud.io/varnishplus/60/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOF
# save your token in /etc/yum/vars/varnish60token
echo "<your_token_here>" > /etc/yum/vars/varnish60token
cat << 'EOF' > /etc/yum.repos.d/varnish-enterprise-6.0.repo
[varnish-enterprise-60]
name=varnish-enterprise-60
baseurl=https://$varnish60token:@packagecloud.io/varnishplus/60/amazon/2023/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://$varnish60token:@packagecloud.io/varnishplus/60/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOF
Install Varnish Enterprise with the required dependencies.
yum install -y varnish-plus
You’ll probably want to enable CRB too if you need varnish-modules, check the section Varnish modules
Packages in our repositories are signed and distributed via HTTPS, so you’ll need to enable HTTPS support in the package manager and install our public key first:
TOKEN=<your_token_here>
. /etc/os-release
# retrieve the repository key
curl -L https://$TOKEN:@packagecloud.io/varnishplus/60/gpgkey -o /etc/apt/keyrings/varnish-enterprise-6.0.gpg
# make apt accept sha1 keys
mkdir -p /etc/crypto-policies/back-ends/
cat << EOF > /etc/crypto-policies/back-ends/apt-sequoia.config
[hash_algorithms]
sha1 = "always"
EOF
# configure the repository
cat << EOF > /etc/apt/sources.list.d/varnish-enterprise-6.0.list
deb [signed-by=/etc/apt/keyrings/varnish-enterprise-6.0.gpg] https://packagecloud.io/varnishplus/60/$ID/ $VERSION_CODENAME main
EOF
# set the token
cat << EOF > /etc/apt/auth.conf.d/varnish-enterprise-6.0.conf
machine https://packagecloud.io
login $TOKEN
EOF
# Finish by updating the `apt` database
apt-get update
Install Varnish Enterprise with the required dependencies.
apt-get install -y varnish-plus
This checks the installed Varnish version, which could be helpful to include when submitting a support request. Note: Version may have changed from example below
The -V argument will output the exact varnishd version installed on your system (which should be varnish-plus):
[root@Your-Machine ~]# varnishd -V
varnishd (varnish-plus-6.0.11r4 revision 676b15e5f7393eb5d5700df47ea504055db032d4)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2023 Varnish Software AS
Enable the service and verify that it’s running:
[root@Your-Machine ~]# systemctl enable --now varnish && systemctl status varnish
● varnish.service - Varnish Cache Plus, a high-performance HTTP accelerator
Loaded: loaded (/usr/lib/systemd/system/varnish.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2023-08-09 23:26:28 UTC; 13min ago
Process: 16004 ExecStart=/usr/sbin/varnishd -a :6081 -a
localhost:8443,proxy -T localhost:6082 -S /etc/varnish/secret -p feature=+http2 -r vcc_allow_inline_c -r allow_exec >
Main PID: 16005 (varnishd)
Tasks: 223
Memory: 156.4M
CGroup: /system.slice/varnish.service
├─16005 /usr/sbin/varnishd -a :6081 -a localhost:8443,proxy -T localhost:6082 -S /etc/varnish/secret -p feature=+http2 -r vcc_allow_inline_c -r allow_exec -f /etc/>
└─16015 /usr/sbin/varnishd -a :6081 -a localhost:8443,proxy -T localhost:6082 -S /etc/varnish/secret -p feature=+http2 -r vcc_allow_inline_c -r allow_exec -f /etc/>
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Debug: Version: varnish-plus-6.0.11r4 revision 676b15e5f7393eb5d5700df47ea504055db032d4
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Debug: Platform: Linux,4.18.0-477.10.1.el8_8.x86_64,x86_64,-junix,-smse,-hcritbit
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Version: varnish-plus-6.0.11r4 revision 676b15e5f7393eb5d5700df47ea504055db032d4
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Platform: Linux,4.18.0-477.10.1.el8_8.x86_64,x86_64,-junix,-smse,-hcritbit
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Debug: Child (16015) Started
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Child (16015) Started
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Child launched OK
Aug 09 23:26:28 AMSI-Machine varnishd[16005]: Child (16015) said
Child starts
Aug 09 23:26:28 AMSI-Machine systemd[1]: Started Varnish Cache Plus,
a high-performance HTTP accelerator.
Aug 09 23:26:28 AMSI-Machine; varnishd[16005]: Child (16015) said
Environment mse fully populated in 0.00 seconds. (0.00 0.00 0.00 0 0 0/1 0 0 0 0)
Using cURL against localhost at port 6081 indicates that Varnish is listening and responding to incoming traffic coming.
Run the following:
[root@Your-Machine ~]# curl -I localhost:6081
It should return something like this:
HTTP/1.1 503 Backend fetch failed
Date: Wed, 09 Aug 2023 23:29:22 GMT
Server: Varnish
Content-Type: text/html; charset=utf-8
Retry-After: 5
X-Varnish: 2
Age: 0
Via: 1.1 varnish (Varnish/6.0)
Content-Length: 278
Connection: keep-alive
The X-Varnish and Via headers confirm that we are, indeed, talking to Varnish.
To find out more about OS:
[root@Your-Machine ~]# cat /etc/os-release
Transparent Huge Pages is a Linux kernel feature to improve performance by more efficiently using a processors’ memory mapping hardware. This is a feature that is enabled by default on most recent Linux distributions.
The approach in Varnish is to assume no huge page is delivered by default and
it will explicitly request huge pages when it is a known benefit for
performance. It is therefore recommended to configure the system to disable
huge pages by default but to honor explicit huge page requests by setting the
policy to madvise.
Alternatively, setting the setting to never can be used safely but some
optimisations within Varnish will have no effect.
The procedure to configure THP will vary based on the distribution being used. Please consult with the manual for your distribution for the correct steps to take.
For example, on RHEL 7 and later to configure THP add or modify the
transparent_hugepage=madvise kernel parameter in /etc/default/grub.
The shared memory log contains files and directories used for Varnishd process logs and counters for consumers such as varnishncsa and
varnishlog. In some circumstances, writing these files to disk-based media (e.g. SSD and NVMe) will become a performance bottleneck.
We recommended mounting the /var/lib/varnish/ directory as a tmpfs
file system. The size of the tmpfs mount shall be, at least, three times the size of the varnishd parameter, vsl_space (default: 80 MB).
Stop any running Varnish processes before proceeding
Creating a (temporary) mount on a Linux system is accomplished by running this command
mount -t tmpfs -o mode=1777,size=240m vworkdir /var/lib/varnish/
To verify that the directory is properly mounted, run the command
findmnt /var/lib/varnish
The response should be as follows:
TARGET SOURCE FSTYPE OPTIONS
/var/lib/varnish vworkdir tmpfs rw,relatime,size=245760k,inode64
To make /var/lib/varnish a persistent tmpfs mount, run the following commands
echo "tmpfs /var/lib/varnish tmpfs rw,relatime,size=240m" >> /etc/fstab
systemctl daemon-reload
mount /var/lib/varnish
The Linux kernel has a global system-wide parameter controlling how many memory maps processes are allowed to use. When a process needs more maps than allowed the operation fails indicating no memory could be allocated. This will often result in a Varnish panic and crash even when there is plenty of physical memory available in the system.
The global parameter is changed using the sysctl value vm.max_map_count and
it should be configured at a value high enough for Varnish to operate,
a value of 262144 or above is highly recommended.
While some distributions have a default value that is much higher than what Varnish requires other distributions like RHEL leverage a very conservative value.
The currently enforced value on the system can be read in multiple ways:
[root@Your-Machine ~]# sysctl vm.max_map_count
vm.max_map_count = 262144
[root@Your-Machine ~]# cat /proc/sys/vm/max_map_count
262144
When the value is lower than 262144, the value must be changed using sysctl, and this change must be persisted or it will reset upon next server boot. The following commands persist the change, reload the sysctl configuration and verify the enforced value:
[root@Your-Machine ~]# echo "vm.max_map_count=262144" > /etc/sysctl.d/99-vm-max-map-count.conf
[root@Your-Machine ~]# sysctl --system
[root@Your-Machine ~]# sysctl vm.max_map_count
vm.max_map_count = 262144
[root@Your-Machine ~]# cat /proc/sys/vm/max_map_count
262144
For more detailed information please refer to the documentation of the Linux kernel and of your distribution.
In 6.0, many Varnish modules (VMODs) are embedded in the varnish-plus
package and no extra installation is required.
Modules with third-party package dependencies (libcurl, libmemcached) are
available in a separate package called varnish-plus-vmods-extra. This
package is not installed by default. In EL9, some of these dependencies are
satisfied by packages from the CodeReady Builder (CRB) repository. If you’d
like to install varnish-plus-vmods-extra, please enable the CRB repository first:
# Only needed if dnf config-manager is not installed
sudo dnf install -y 'dnf-command(config-manager)'
sudo dnf config-manager --set-enabled crb
sudo dnf install varnish-plus-vmods-extra
The CodeReady Builder repository has different name depending on what OS you
are using. In AlmaLinux 9 and Rocky Linux 9 its called crb. With Red Hat
Enterprise Linux 9 the actual name depends on the cloud provider but should
usually contain codeready-builder-for-rhel:
sudo dnf config-manager --set-enabled '*codeready-builder-for-rhel*'
The command dnf repolist --all will print the exact name of all available
repositories, including the CodeReady Builder repository.
The source code for some of these VMODs are available at https://github.com/varnish/varnish-modules/.