Search
Varnish High Availability

Settings

The following VHA6 settings are supported.

Global

All global settings must be configured in vcl_init. Each setting is shown with its default value.

vha6_opts.set("token", "[secret]");

  • The HMAC signing key used in all transaction. This key is used for signing and never exposed in an actual transaction. This key must be identical across all nodes. After setting the key, call vha6_token_init; must be used.

    Not setting a token or calling the init function will prevent Varnish from successfully loading the VCL.

vha6_opts.set("broadcaster_scheme", "http");

  • The scheme to use when connecting to the broadcaster. Can be http or https. If using https, make sure the broadcaster is configured for HTTPS.

vha6_opts.set("broadcaster_host", "localhost");

  • The host to use when connecting to the broadcaster.

vha6_opts.set("broadcaster_port", "8088");

  • The port to use when connecting to the broadcaster.

vha6_opts.set("broadcaster_group", "");

  • The group to broadcast to. This is defined in the nodes.conf. Defaults to all nodes in the root configuration.

vha6_opts.set("broadcaster_force_sync", "false");

  • If true, immediately attempt to flush the broadcast request to the remote host. Otherwise the broadcast is flushed in the background. Defaults to false.

vha6_opts.set("broadcaster_ssl_verify_peer", "true");

  • If using SSL, validate the broadcaster node’s certificate chain.

vha6_opts.set("broadcaster_ssl_verify_host", "false");

  • If using SSL, verify the broadcaster node’s identity in the SSL certificate.

vha6_opts.set("origin_scheme", "");

  • The scheme for peers to use to connect back to the VHA6 origin node. Defaults to the scheme defined in the nodes.conf. If no match is found and Varnish or Hitch is listening on port 443, https is used. Otherwise http.

vha6_opts.set("origin", "");

  • Hostname or IP of the origin node. Defaults to the value defined in the nodes.conf, otherwise server.ip.

vha6_opts.set("origin_port", "");

  • The port for peers to use to connect back to the VHA6 origin node. Defaults to the port defined in the nodes.conf. If no match is found, the listening port for Varnish or Hitch is used.

vha6_opts.set("origin_ssl", "");

  • Enable or disable SSL communication when talking to the VHA6 origin node. Defaults to the scheme defined in the nodes.conf. origin_scheme will override this value.

vha6_opts.set("origin_ssl_sni", "true");

  • If using SSL, enable SNI when connecting to the origin node.

vha6_opts.set("origin_ssl_verify_peer", "true");

  • If using SSL, validate the origin node’s certificate chain.

vha6_opts.set("origin_ssl_verify_host", "false");

  • If using SSL, verify the origin node’s identity in the SSL certificate.

vha6_opts.set("allow_locahost", "false");

  • Allow a localhost address for the origin node.

vha6_opts.set("allow_stale", "false");

  • Allow stale objects to be transferred.

vha6_opts.set("fetch_timeout", "");

  • How long to wait for a VHA_FETCH to complete. This is a VCL duration.

vha6_opts.set("force_fast304", "false");

  • Attempt to use fast_304() on all VHA6 transactions. Only applies to objects with 304 origin responses.

vha6_opts.set("force_update", "false");

  • Force all VHA6 transactions to update an existing object in cache. The default keeps existing objects in cache when replicating a duplicate.

vha6_opts.set("keep_alive", "120s");

  • Once a VHA6 request is validated, set the session’s timeout_idle to this value. The default is twice the default value of backend_idle_timeout to maximize the reuse of connections from other nodes.

vha6_opts.set("min_ttl", "3s");

  • If an object has a ttl value equal to or less than this value, the object will not be replicated.

vha6_opts.set("max_requests_sec", "200");

  • Maximum number of VHA_BROADCAST requests per second sent by a Varnish node.

  • Maximum number of VHA_BROADCAST or VHA_FETCH requests per second received by a Varnish node that will be processed by VHA6.

  • Maximum number of inflight VHA_BROADCAST requests sent by a Varnish node and awaiting completion.

For the first two scenarios, the error_rate_limited counter is incremented.

For the third scenario, the error_max_broadcasts counter is incremented.

See the varnishstat section on VHA6 monitoring for other noteworthy counters.

It should be noted that this setting acts both on the sending and receiving ends. With a value of 200 in a cluster of 4 Varnish nodes, if all nodes broadcast 100 cache insertions per second on average, it results in 300 VHA_BROADCAST requests received by each node per second. As a result 100 of them will be rejected each second, leaving no room for subsequent VHA_FETCH requests. To avoid a stalemate situation in a VHA6 cluster, the setting should be tuned to accommodate the receiving end.

vha6_opts.set("max_bytes", "25000000");

  • If an object has a Content-Length larger than this value, it is not replicated. Chunked responses cannot be evaluated for this parameter.

vha6_opts.set("peer_stream", "true");

  • Stream objects thru the peers.

vha6_opts.set("token_ttl", "2m");

  • How long the token HMAC signature is valid for on VHA6 transactions. This also represents the maximum clock skew allowed between servers.

vha6_opts.set("vcs", "true");

  • Toggle VCS logging.

vha6_opts.set("vcs_key", "vcs-key");

  • Change the VCS key prefix.

vha6_opts.set("origin_backend_linger", "10s");

  • Linger time of dynamic origin backends

Request

All request settings must be configured in vcl_backend_fetch or vcl_backend_response. Each setting is shown with its default value.

vha6_request.set("skip", "false");

  • If set to true, this request will not be replicated.

vha6_request.set("force_update", "false");

  • Force this VHA6 transaction to update an existing object in cache.

Hooks

Hooks allow for custom VCL code to execute during specific VHA6 states. To setup hooks, run the following commands:

mkdir -p /etc/varnish/vha6/hooks
cp /usr/share/varnish-plus/vcl/vha6/hooks/states.vcl /etc/varnish/vha6/hooks

This sets up a default VHA6 hooks file at /etc/varnish/vha6/hooks/states.vcl. Edit this file to add custom VCL to any of the defined VHA6 hooks.