
Varnish Cache 5.0 - ruben_varnish
http://varnish.org/releases/rel5.0.0.html#rel5-0-0
======
tomschlick
As someone who has never used Varnish but has used Nginx's cache to some
degree... whats the benefit of placing varnish in the middle vs going with
Nginx?

~~~
buro9
* ESI support is really nice (if you're an API designer, you can really go nuts on this and make a super simple API do some very complex things or expressive composition from lots of simple calls)

* More fine-grained control of your caching is possible

* Easier to express normalisation of requests (increase your cache hit rate and protect your underlying origin from malicious requests by discarding cache busters)

* Inline C means you can do things like move your authentication to the edge

* In theory if you have enough RAM you can go faster than nginx's on-disk... in practice the sweet spot for the gain is small and they're both on par

But then... it comes with disadvantages too. Like most Varnish services would
never let you do the nice Inline C stuff because no-one in their right mind
would run untrusted code in their environment where it could impact another
customer. If you see a provider do this (at any price point), avoid them.

~~~
ruben_varnish
Since 3.0 you have VMODs, to counter for the well-founded lack of Inline C
support around. These Varnish modules will extend VCL with C, C++ or even Rust
libraries on a safer manner: [https://varnish-
cache.org/vmods/](https://varnish-cache.org/vmods/)

If you make your own VMOD(can take from a few hours to days), make sure to
send a PR and add it to the directory above (IOW: share it) :)

------
hannob
Do I understand this right? It supports HTTP/2, but doesn't support HTTPS.
Therefore it supports HTTP/2 in a mostly unusable form, because browser
vendors (for good reasons) decided to support HTTP/2 only over HTTPS.

~~~
phkamp
The reason I don't want to link Varnish against a SSL library, is that in my
considered opinion, they all suck.

From a purely operational point of view, you are better of with two different
SSL proxies in front if your Varnish (or other webserver), so that you can
turn OpenSSL off in even-numbered weeks and the other (pick your poison) in
odd-numbered weeks.

The code to hold safely onto your certificate and do all the songs and dances
involved in SSL/TLS, is under all circumstances something which should be
isolated in as small a process/protection domain as possible.

~~~
encoderer
This is why i love hn. Thanks for answering this!

------
flojo
[https://www.nginx.com/blog/maximizing-
drupal-8-performance-n...](https://www.nginx.com/blog/maximizing-
drupal-8-performance-nginx-part-ii-caching-load-balancing/)

In the BBC’s testing, they found that with NGINX as a drop-in replacement for
Varnish, they saw five times more throughput.

~~~
olavgg
PHK explained the cause of this is that the Linux kernel VM system performs
poorly when overcomitted.

[https://news.ycombinator.com/item?id=10752209](https://news.ycombinator.com/item?id=10752209)

So the conclusion is, as long your malloc fits in your system memory, Varnish
should be blazing fast on Linux. If you need a gigantic cache, please try
FreeBSD.

------
willvarfar
Historically, PHK was a very vocal criticizer of SPDY and HTTP/2:
[http://www.varnish-cache.org/docs/trunk/phk/http20.html](http://www.varnish-
cache.org/docs/trunk/phk/http20.html)

Of course he relented and implemented SPDY and HTTP/2 anyway.

But all the same I can't help but feel that his original criticsm still
stands, and what we need is a rethink of e.g. cookies.

~~~
youngtaff
The original brief for H2 was to have the same semantics etc, as HTTP/1.x

From my reading PHK didn't think it went far enough, and wanted to change
more.

I think he's got good points to make on session ids, cookies etc. and I
suspect we'll se some of the ideas feed into future versions too.

~~~
willvarfar
I don't think we will, because most in the driving seat make their money
identifying visitors. Cynical but true.

------
jjoe
It's always good to see new stuff coming out for Varnish. Do these changes
warrant a major jump in release numbers especially when HTTP/2 support
(biggest feature) is experimental?

Anyway, I'm looking forward to testing it out and integrating v5 with Cachoid
( shameful plug: [https://www.cachoid.com/](https://www.cachoid.com/) ).

~~~
ksherlock
From the horse's mouth:

> Varnish 5.0 changes some (mostly) internal APIs and adds some major new
> features over Varnish 4.1.

> We are in the process of adding HTTP/2 support to Varnish ... we hope to
> have it production ready for the next major release (2017-03-15).

------
boyter
From the release notes [http://varnish.org/docs/5.0/whats-
new/relnote-5.0.html](http://varnish.org/docs/5.0/whats-new/relnote-5.0.html)
"It is important that people understand that Free and Open Source Software
isn't the same as gratis software: Somebody has to pay the developers
mortgages and student loans."

Varnish is an excellent piece of software, but I thought it was totally funded
by the commercial side varnish software. How does this model work? It seems
odd to ask for donations while also selling an expensive supported version?

~~~
phkamp
Varnish Cache Author here.

The Varnish Cache FOSS project and Varnish Software the company are two
entirely different things.

By and large, the Varnish Cache FOSS project is me, and I am not employed by
Varnish Software: I have my own one-man company where I "make computers to do
weird things".

The time I spend on Varnish Cache is funded by "The Varnish Moral License":

[http://phk.freebsd.dk/VML/index.html](http://phk.freebsd.dk/VML/index.html)

(See also:
[http://queue.acm.org/detail.cfm?id=2636165](http://queue.acm.org/detail.cfm?id=2636165))

Varnish Software is one of the handful of companies who pay via the VML to
keep me working on Varnish.

Varnish Software has also supported the project in many other ways as well,
from running the project server to donating manpower and source code.

Some of these things are being scaled down, for instance the project server
had become the square peg in their round internal IT systems, so I have been
migrating that off to a server kindly sponsored by RootBSD.

~~~
boyter
Thanks so much for replying. I did notice the Moral License and was confused
as to how it works. I will attempt to get some high profile users I know to
help pay for some continued development.

