Varnish
-
thanks marcelloc! I don't see your updates yet but i think one of the core dev has to merge them in. looking github, it states changes were made about 5 hours ago.. when i check what changes were made, its one jimp did 20 hours ago…
looking forward to testing this
-
This is working much better… I was able to get it to work the way I want it to somewhat... I'm not keen on the backend server checks because if a server prompts you for a username and password, it fails the check... No biggy for now.
For the main webserver, I added the host names within the Backend setup. For the other devices I had to use the LB setup but i'm able to have FQDNs route to correct the IP now. It seems to be working as a reverse-proxy now... I think some tweeks is still needed for the recerse-proxy function but i have to finish reading the Varnish docs first.
I think a good tweak is to add to both to the Backend tab and the LB tab, a way to change the the order of the entries.
-
Hi all,
Varnish package 0.8.8 is out whith fail over for load balance pools.
There is also a new option to force "no cache" to a specific mapping or director.
att,
Marcello Coutinho -
Thanks for the update Marcello!
I did notice a bug with the package. If I disable varnish and restart the router, varnish starts-up again. The file varnish.sh should be deleted when you disable varnish to prevent it from starting when you reboot the router. Once you re-enable varnish, it should create the file and startup.
-
Thanks again for your feedback, I will check this option.
-
**varnish 0.8.9 is out.
Actual state:**
Good for production servers.
Just looking if are any main options for gui until release candidate.main improvements:
Per user session cache control
better static cache options
new sync gui
Application and client cache control are now respected by varnish.main fixes:
JSESSION verification before cookies are set.
reload sync between varnish boxes works again.
varnish will not start after a reboot if it is disabled.TODO:
PURGE gui options
listen on interface options
a way to change backends and directors order in gui
ssl suport via 'hidden' pound reverse proxy (maybe)att,
Marcello Coutinho -
Thanks marcelloc for all your help. This thread has been very valuable in getting the service up and running correctly. I agree with previous post about somehow sorting the order of entries for the director.
-
I seem to have found a minor bug in the GUI
In the Custom VCL tab, whatever is input into the vcl_pipe_early windows i written into the vcl_fetch_early window as well as the vcl_pipe_early window. That code is also put into the vcl_fetch clause of the config file.
Same with vcl_pipe_late -> vcl_fetch_late
I have tested on two different install ins both FireFox and Safari. PfSense ver 2.0 Varnish package 0.8.9.1
The Varnish package works great otherwise.
-
thanks for your feedback, i'll take a look
EDIT
The Custom options are placed correctly in varnish conf file.
Can you check this on your setup?
-
Varnish 0.8.9.2 is out, now with dashboard widget.
-
I've sucessfully compiled varnish 3.0.2 to pfsense.
So, packager version for varnish 2.1.5 gets its release status and now varnish3 is out in beta stage.
There are many improvements between 2.1.5 and 3.0.2, one of the major features included is streaming support.
Take a look at varnish website to see how this tool can help you.
If you have time, give it a try and feedback. ;)
-
Hi Marcelloc, I tried to get this working last night as I stated in my other post "Topic: Using DNS in PFSense to split traffic based on host request".
I feel like I understand the principle pretty well but I can not get it to work. The attachment shows my config file. I was not sure what to do with the NAT settings so I tried with them enabled and disabled but it still did not work.
The only options I setup where two Backends and two LB Directors. Am I missing something?
-
check backend status on varnish widget.
You must disable nat for port 80, varnish will do the job.
Until you get this working, publish varnish on port 81 for example, create a wan rule to permit port 81 communication and do tests.
