/

vcl (7) Linux Manual Page

ByLinux Manual Posted on Updated on

VCL – Varnish Configuration Language

Description

The VCL language is a small domain-specific language designed to be used to describe request handling and document caching policies for Varnish Cache. When a new configuration is loaded, the varnishd management process translates the VCL code to C and compiles it to a shared object which is then loaded into the server process. This document focuses on the syntax of the VCL language. For a full description of syntax and semantics, with ample examples, please see the online documentation at https://www.varnish-cache.org/docs/ . Starting with Varnish 4.0, each VCL file must start by declaring its version with a special "vcl 4.0;" marker at the top of the file.

Operators

The following operators are available in VCL:

=

Assignment operator.

==

Comparison.

~

Match. Can either be used with regular expressions or ACLs.

!

Negation.

&&

Logical and.

||

Logical or.

Conditionals

VCL has if and else statements. Nested logic can be implemented with the elseif statement. (elsif/elif/else if is equivalent.) Note that are no loops or iterators of any kind in VCL.

Strings, booleans, time, duration and integers

These are the data types in Varnish. You can set or unset these. Example: 

set req.http.User-Agent = "unknown";
unset req.http.Range;

Strings

Basic strings are enclosed in double quotes (" … "), and may not contain newlines. Long strings are enclosed in {" … "}. They may contain any character including single double quotes ("), newline and other control characters except for the NUL (0x00) character.

Booleans

Booleans can be either true or false.

Time

VCL has time. The function now returns a time. A duration can be added to a time to make another time. In string context they return a formatted string.

Durations

Durations are defined by a number and a designation. The number can be a real so 1.5w is allowed.

ms

milliseconds

s

seconds

m

minutes

h

hours

d

days

w

weeks

y

years

Integers

Certain fields are integers, used as expected. In string context they return a string.

Real numbers

VCL understands real numbers. As with integers, when used in a string context they will return a string.

Regular Expressions

Varnish uses Perl-compatible regular expressions (PCRE). For a complete description please see the pcre(3) man page. To send flags to the PCRE engine, such as to do case insensitive matching, add the flag within parens following a question mark, like this: 

# If host is NOT example dot com..
if (req.http.host !~ "(?i)example.com$") {
 ...
}

Include statement

To include a VCL file in another file use the include keyword: 

include "foo.vcl";

Import statement

The import statement is used to load Varnish Modules (VMODs.) Example: 

import std;
sub vcl_recv {
 std.log("foo");
}

Comments

Single lines of VCL can be commented out using // or #. Multi-line blocks can be commented out with /* block /*. Example: 

sub vcl_recv {
 // Single line of out-commented VCL.
 # Another way of commenting out a single line.
 /*
 Multi-line block of commented-out VCL.
 */
}

Backend definition

A backend declaration creates and initialises a named backend object. A declaration start with the keyword backend followed by the name of the backend. The actual declaration is in curly brackets, in a key/value fashion.: 

backend name {
    .attribute = "value";
}

The only mandatory attribute is host. The attributes will inherit their defaults from the global parameters. The following attributes are available:

host (mandatory)

The host to be used. IP address or a hostname that resolves to a single IP address.

port

The port on the backend that Varnish should connect to.

host_header

A host header to add.

connect_timeout

Timeout for connections.

first_byte_timeout

Timeout for first byte.

between_bytes_timeout

Timeout between bytes.

probe

Attach a probe to the backend. See Probes.

max_connections

Maximum number of open connections towards this backend. If Varnish reaches the maximum Varnish it will start failing connections. Backends can be used with directors. Please see the vmod_directors(3) man page for more information.

Probes

Probes will query the backend for status on a regular basis and mark the backend as down it they fail. A probe is defined as this:: probe name {
.attribute = "value";
} There are no mandatory options. These are the options you can set:

url

The URL to query. Defaults to "/".

request

Specify a full HTTP request using multiple strings. .request will have rn automatically inserted after every string. If specified,

expected_response

The expected HTTP response code. Defaults to 200.

timeout

The timeout for the probe. Default is 2s.

interval

How often the probe is run. Default is 5s.

initial

How many of the polls in .window are considered good when Varnish starts. Defaults to the value of threshold – 1. In this case, the backend starts as sick and requires one single poll to be considered healthy.

window

How many of the latest polls we examine to determine backend health. Defaults to 8.

threshold

How many of the polls in .window must have succeeded for us to consider the backend healthy. Defaults to 3.

Access Control List (ACL)

An Access Control List (ACL) declaration creates and initialises a named access control list which can later be used to match client addresses: 

acl localnetwork {
 "localhost"; # myself
 "192.0.2.0"/24; # and everyone on the local network
 ! "192.0.2.23"; # except for the dial-in router
}

If an ACL entry specifies a host name which Varnish is unable to resolve, it will match any address it is compared to. Consequently, if it is preceded by a negation mark, it will reject any address it is compared to, which may not be what you intended. If the entry is enclosed in parentheses, however, it will simply be ignored. To match an IP address against an ACL, simply use the match operator: if (client.ip ~localnetwork) {
return (pipe);
}

VCL objects A VCL object can be made with the new keyword. Example: 

sub vcl_init {
 new b = directors.round_robin()
 b.add_backend(node1);
}

Subroutines

A subroutine is used to group code for legibility or reusability: 

sub pipe_if_local
{
    if (client.ip ~localnetwork) {
        return (pipe);
    }
}

Subroutines in VCL do not take arguments, nor do they return values. The built in subroutines all have names beginning with vcl_, which is reserved. To call a subroutine, use the call keyword followed by the subroutine’s name: 

sub vcl_recv {
 call pipe_if_local;
}

Return statements

The ongoing vcl_* subroutine execution ends when a return(action) statement is made. The action specifies how execution should proceed. The context defines which actions are available.

Multiple subroutines

If multiple subroutines with the name of one of the built-in ones are defined, they are concatenated in the order in which they appear in the source. The built-in VCL distributed with Varnish will be implicitly concatenated when the VCL is compiled.

Variables

In VCL you have access to certain variable objects. These contain requests and responses currently being worked on. What variables are available depends on context.

bereq

bereq Type: HTTP Readable from: backend The entire backend request HTTP data structure bereq.backend Type: BACKEND Readable from: vcl_pipe, backend Writable from: vcl_pipe, backend bereq.between_bytes_timeout Type: DURATION Readable from: backend Writable from: backend The time in seconds to wait between each received byte from the backend. Not available in pipe mode. bereq.connect_timeout Type: DURATION Readable from: vcl_pipe, backend Writable from: vcl_pipe, backend The time in seconds to wait for a backend connection. bereq.first_byte_timeout Type: DURATION Readable from: backend Writable from: backend The time in seconds to wait for the first byte from the backend. Not available in pipe mode. bereq.http. Type: HEADER Readable from: vcl_pipe, backend Writable from: vcl_pipe, backend The corresponding HTTP header. bereq.method Type: STRING Readable from: vcl_pipe, backend Writable from: vcl_pipe, backend The request type (e.g. "GET", "HEAD"). bereq.proto Type: STRING Readable from: vcl_pipe, backend Writable from: vcl_pipe, backend The HTTP protocol version used to talk to the server. bereq.retries Type: INT Readable from: backend A count of how many times this request has been retried. bereq.uncacheable Type: BOOL Readable from: backend Indicates whether this request is uncacheable due to a pass in the client side or a hit on an existing uncacheable object (aka hit-for-pass). bereq.url Type: STRING Readable from: vcl_pipe, backend Writable from: vcl_pipe, backend The requested URL. bereq.xid Type: STRING Readable from: backend Unique ID of this request.

beresp

beresp Type: HTTP Readable from: vcl_backend_response, vcl_backend_error The entire backend response HTTP data structure beresp.backend.ip Type: IP Readable from: vcl_backend_response, vcl_backend_error IP of the backend this response was fetched from. beresp.backend.name Type: STRING Readable from: vcl_backend_response, vcl_backend_error Name of the backend this response was fetched from. beresp.do_esi Type: BOOL Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Boolean. ESI-process the object after fetching it. Defaults to false. Set it to true to parse the object for ESI directives. Will only be honored if req.esi is true. beresp.do_gunzip Type: BOOL Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Boolean. Unzip the object before storing it in the cache. Defaults to false. beresp.do_gzip Type: BOOL Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Boolean. Gzip the object before storing it. Defaults to false. When http_gzip_support is on Varnish will request already compressed content from the backend and as such compression in Varnish is not needed. beresp.do_stream Type: BOOL Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Deliver the object to the client directly without fetching the whole object into varnish. If this request is pass’ed it will not be stored in memory. beresp.grace Type: DURATION Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Set to a period to enable grace. beresp.http. Type: HEADER Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error The corresponding HTTP header. beresp.keep Type: DURATION Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Set to a period to enable conditional backend requests. The keep time is cache lifetime in addition to the ttl. Objects with ttl expired but with keep time left may be used to issue conditional (If-Modified-Since / If-None-Match) requests to the backend to refresh them. beresp.proto Type: STRING Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error The HTTP protocol version used the backend replied with. beresp.reason Type: STRING Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error The HTTP status message returned by the server. beresp.status Type: INT Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error The HTTP status code returned by the server. beresp.storage_hint Type: STRING Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Hint to Varnish that you want to save this object to a particular storage backend. beresp.ttl Type: DURATION Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error The object’s remaining time to live, in seconds. beresp.ttl is writable. beresp.uncacheable Type: BOOL Readable from: vcl_backend_response, vcl_backend_error Writable from: vcl_backend_response, vcl_backend_error Inherited from bereq.uncacheable, see there. Setting this variable makes the object uncacheable, which may get stored as a hit-for-pass object in the cache. Clearing the variable has no effect and will log the warning "Ignoring attempt to reset beresp.uncacheable".

client

client.identity Type: STRING Readable from: client Writable from: client Identification of the client, used to load balance in the client director. client.ip Type: IP Readable from: client The client’s IP address.

now

now Type: TIME Readable from: vcl_all The current time, in seconds since the epoch. When used in string context it returns a formatted string.

obj

obj.grace Type: DURATION Readable from: vcl_hit The object’s remaining grace period in seconds. obj.hits Type: INT Readable from: vcl_hit, vcl_deliver The count of cache-hits on this object. A value of 0 indicates a cache miss. obj.http. Type: HEADER Readable from: vcl_hit The corresponding HTTP header. obj.keep Type: DURATION Readable from: vcl_hit The object’s remaining keep period in seconds. obj.proto Type: STRING Readable from: vcl_hit The HTTP protocol version used when the object was retrieved. obj.reason Type: STRING Readable from: vcl_hit The HTTP status message returned by the server. obj.status Type: INT Readable from: vcl_hit The HTTP status code returned by the server. obj.ttl Type: DURATION Readable from: vcl_hit The object’s remaining time to live, in seconds. obj.uncacheable Type: BOOL Readable from: vcl_deliver Whether the object is uncacheable (pass or hit-for-pass).

req

req Type: HTTP Readable from: client The entire request HTTP data structure req.backend_hint Type: BACKEND Readable from: client Writable from: client Set bereq.backend to this if we attempt to fetch. req.can_gzip Type: BOOL Readable from: client Does the client accept the gzip transfer encoding. req.esi Type: BOOL Readable from: client Writable from: client Boolean. Set to false to disable ESI processing regardless of any value in beresp.do_esi. Defaults to true. This variable is subject to change in future versions, you should avoid using it. req.esi_level Type: INT Readable from: client A count of how many levels of ESI requests we’re currently at. req.hash_always_miss Type: BOOL Readable from: vcl_recv Writable from: vcl_recv Force a cache miss for this request. If set to true Varnish will disregard any existing objects and always (re)fetch from the backend. req.hash_ignore_busy Type: BOOL Readable from: vcl_recv Writable from: vcl_recv Ignore any busy object during cache lookup. You would want to do this if you have two server looking up content from each other to avoid potential deadlocks. req.http. Type: HEADER Readable from: client Writable from: client The corresponding HTTP header. req.method Type: STRING Readable from: client Writable from: client The request type (e.g. "GET", "HEAD"). req.proto Type: STRING Readable from: client Writable from: client The HTTP protocol version used by the client. req.restarts Type: INT Readable from: client A count of how many times this request has been restarted. req.ttl Type: DURATION Readable from: client Writable from: client req.url Type: STRING Readable from: client Writable from: client The requested URL. req.xid Type: STRING Readable from: client Unique ID of this request.

resp

resp Type: HTTP Readable from: vcl_deliver, vcl_synth The entire response HTTP data structure resp.http. Type: HEADER Readable from: vcl_deliver, vcl_synth Writable from: vcl_deliver, vcl_synth The corresponding HTTP header. resp.proto Type: STRING Readable from: vcl_deliver, vcl_synth Writable from: vcl_deliver, vcl_synth The HTTP protocol version to use for the response. resp.reason Type: STRING Readable from: vcl_deliver, vcl_synth Writable from: vcl_deliver, vcl_synth The HTTP status message that will be returned. resp.status Type: INT Readable from: vcl_deliver, vcl_synth Writable from: vcl_deliver, vcl_synth The HTTP status code that will be returned.

server

server.hostname Type: STRING Readable from: vcl_all The host name of the server. server.identity Type: STRING Readable from: vcl_all The identity of the server, as set by the -i parameter. If the -i parameter is not passed to varnishd, server.identity will be set to the name of the instance, as specified by the -n parameter. server.ip Type: IP Readable from: client The IP address of the socket on which the client connection was received.

storage

storage.<name>.free_space Type: BYTES Readable from: client, backend Free space available in the named stevedore. Only available for the malloc stevedore. storage.<name>.used_space Type: BYTES Readable from: client, backend Used space in the named stevedore. Only available for the malloc stevedore. storage.<name>.happy Type: BOOL Readable from: client, backend Health status for the named stevedore. Not available in any of the current stevedores.

Functions

The following built-in functions are available:

ban(expression)

Invalidates all objects in cache that match the expression with the ban mechanism.

call(subroutine)

Run a VCL subroutine within the current scope.

hash_data(input)

Adds an input to the hash input. In the built-in VCL hash_data() is called on the host and URL of the request. Available in vcl_hash.

new()

Instanciate a new VCL object. Available in vcl_init.

return()

End execution of the current VCL subroutine, and continue to the next step in the request handling state machine.

rollback()

Restore req HTTP headers to their original state. This function is deprecated. Use std.rollback() instead.

synthetic(STRING)

Prepare a synthetic response body containing the STRING. Available in vcl_synth and vcl_backend_error.

regsub(str, regex, sub)

Returns a copy of str with the first occurrence of the regular expression regex replaced with sub. Within sub,

Leave a Reply

Your email address will not be published. Required fields are marked *