Varnish Caching Proxy
And the FOSHttpCacheBundle
Webmardi Fribourg, June 3rd 2014
© David Buchmann, Liip AG
Step 1
apt-get update
apt-get install varnish
Step 1
apt-get update
apt-get install varnish
Step 2
- Edit
/etc/default/varnish, replace port 6081 by port 80
- Edit webserver config to run on port 8080
service apache2 restart
service varnish restart
Step 3
What could possibly go wrong?
- Nothing gets cached (HTTP Headers)
- Too much gets cached (also HTTP Headers)
- Editors see no changes (cache invalidation)
- Caches get mixed up (personal content)
What is a reverse proxy again?
HTTP is simple
GET /path
HTTP/1.1 200 OK
Content-Type: text/html
<html>...</html>
HTTP verbs
- GET
- HEAD
- POST
- PUT
- DELETE
- ...
HTTP response codes
- 1xx hold on
- 2xx here you go
- 3xx go away
- 4xx you fucked up
- 5xx I fucked up
https://twitter.com/stevelosh/status/372740571749572610
Default Varnish behaviour
- Only attempt to cache GET and HEAD request
- Never cache request with cookies / authorization
- Never cache response with set-cookie
Only cache response with status 200, 203, 300, 301, 302, 307, 404, 410
http://httpstatusdogs.com
Cache control headers
Cache-Control: s-maxage=3600, max-age=900
Expires: Thu, 15 May 2014 08:00:00 GMT
- s-maxage
- max-age
- Expires
Do not cache
Cache-Control: s-maxage=0, private, no-cache
- Varnish 3 does not respect no-cache, but s-maxage=0.
- Varnish 4 does.
Keep variants apart
Vary: Accept, Cookie
Cache validation (I)
Last-Modified: Tue, 13 May 2014 08:13:20 GMT
If-Modified-Since: Tue, 13 May 2014 08:13:20 GMT
304 Not Modified
Cache validation (II)
ETag: 82901821233
If-None-Match: 82901821233
304 Not Modified
There are dog images too, but I won't show the 304 one.
Know your tools
- Follow a link: Use cache if allowed, If-Modified-Since / If-None-Match
- ctrl-r or reload button in firefox / chrome: If-Modified-Since / If-None-Match
- Force reload: Make sure the browser ignores all local caches
- Firefox: shift-ctrl-R
- Chrome: shift-ctrl-R or shift-F5
- Clear browser cache
Tools and helpers
- firebug / chrome network tab in debug toolbar (copy URL as curl!)
wget -Sq --spider http://localhost/path.html
curl -o /dev/null -sD - http://cmf.lo/app_dev.php
Default Symfony headers
HTTP/1.1 200 OK
Date: Wed, 12 May 2014 08:20:06 GMT
Cache-Control: no-cache
Vary: Accept-Language,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set Symfony cache headers
// DefaultController::indexAction
$response = $this->render('::index.html.twig');
$response->setMaxAge(600);
$response->setPublic();
return $response;
- Add such code to every action that renders a response.
- Or annotate every action with @Cache.
FOSHttpCacheBundle
fos_http_cache:
rules:
# login must not be cached
-
match:
path: ^/(login|login_check|logout)
controls:
private: true
max_age: 0
# Cache the homepage for 10 minutes
-
match:
path: ^/$
vary: Cookie
controls:
public: true
max_age: 600
FOSHttpCacheBundle
# ...
# Cache everything else for 1 hour
-
match:
path: ^/
vary: Cookie
controls:
public: true
max_age: 3600
Clear the Symfony cache whenever you change values here
Lets look into Varnish
- Reverse proxy
- Domain specific language: VCL
- Hook function for each step
- Configuration compiled to machine code at Varnish startup
- Loadbalance, handle downtimes of webserver
Restart Varnish like a pro
- Restart to start with empty cache
- Restart to see changed configuration
VCL
vcl_recv: entry point, lookup or pass
vcl_fetch: receive from backend, cache or not
vcl_deliver: remove headers not for client
vcl_hash: determine cache key
vcl_hit: found in cache, deliver or pass
vcl_miss: pass or fetch
vcl_pipe: do not alter request
vcl_error: define error page
Warning!
Varnish does what you tell it
Think carefully and test thoroughly
VCL: Remove cookies
sub vcl_recv {
if (req.http.Cookie) {
if (req.url ~ "^/static") {
remove req.http.Cookie;
}
}
}
VCL: Debug hit or miss
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
VCL: Custom TTL
fos_http_cache:
rules:
#...
reverse_proxy_ttl: 600
sub vcl_fetch {
...
if (beresp.http.X-Reverse-Proxy-TTL) {
C{
char *ttl;
ttl = VRT_GetHdr(sp, HDR_BERESP, "\024X-Reverse-Proxy-TTL:");
VRT_l_beresp_ttl(sp, atoi(ttl));
}C
unset beresp.http.X-Reverse-Proxy-TTL;
}
...
Cache Invalidation
There are only two hard things in computer science:
- Cache invalidation
- Naming things
- Off by one errors
Cache busting
- Very long cache lifetime for assets
- Append ?version to asset links
- Query string to miss the cache
# app/config.yml
framework:
templating:
assets_version: v1
<link rel="stylesheet" href="/css/style.css?v1" type="text/css"/>
...
<script src="/js/scripts.js?v1"></script>
Explicit cache invalidation
- Long cache lifetime on varnish
- Explicitly tell varnish to invalidate cached URLs
- When not detectable if content changes: Low lifetime
Invalidation flavors
- Purge: URL and all variants
- Refresh: Remove cache for this exact request
- Ban: Batch invalidation with regular expression
FOSHttpCacheBundle proxy client
// CommentsController::postAction
// the page changed, send a purge request for this url
...
$path = $this->generate('page', array(
'id' => $post->getPage()->getId())
);
$cacheManager = $container->get('fos_http_cache.cache_manager');
$cacheManager->invalidatePath($path);
...
Configure client
# app/config.yml
fos_http_cache:
proxy_client:
varnish:
servers: 4.4.4.11:80, 4.4.4.22:80
base_url: yourwebsite.com
Configure Varnish
# default.vcl
sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ invalidators) {
error 405 "PURGE not allowed";
}
return (lookup);
}
}
sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "Purged";
}
}
sub vcl_miss { // same as hit
Banning
- Regular expression matching
- On any request headers, not only path
Refresh
- Invalidate exact request
- And fetch it again to have warmed up cache
- No variants
Cache Context
Group based caching
Cache Tagging
/** @var $cm CacheManageer */
$cm->tagResponse($response, array('comment-42'));
...
$cm->invalidateTags(array('comment-42'));
use FOS\HttpCacheBundle\Configuration\Tag;
class CommentController extends Controller
{
/**
* @Tag({"comments", "'comment-'~id"})
*/
public function commentAction($id)
{
// ...
Cache Tagging
ban("obj.http.host ~ " + req.http.x-host
+ " && obj.http.x-url ~ " + req.http.x-url
+ " && obj.http.content-type ~ " +
req.http.x-content-type
+ " && obj.http.x-cache-tags ~ " +
req.http.x-cache-tags
);
Conclusions
- Varnish is powerful
- Varnish is dangerous
- Using FOSHttpCacheBundle makes live easier
- KISS VCL!
Outlook: FOSHttpCacheBundle
- Nginx support
- User context caching
- Stable release this summer
Outlook: Varnish is a powerful tool
Varnish 4
- Respond stale content while updating from backend
- Cleanups in VCL
Outlook: Where to go from here
Questions / Input / Feedback ?
Twitter: @dbu
Use Edge Side Includes
- Symfony creates special links for page elements
- Varnish fetches and caches elements separatly
- Individual caching rules per element
- E.g. only some elements vary on cookie
Enable ESI in Symfony
# app/config/config.yml
framework:
esi: { enabled: true }
# app/config/routing.yml
_internal:
resource: "@FrameworkBundle/Resources/config/routing/internal.xml"
prefix: /_internal
Make sure either your webserver is only reachable by Varnish or add access restrictions for /_internal
{# index.html.twig #}
{% render 'DbuCoreBundle:Comments:comments'
with {}, {'standalone': true} %}
Adjust cache settings
- Only have Vary: Cookie where its the case
- Exclude _internal from cache rules
- Set cache rules for the ESI - exposed actions
fos_http_cache:
rules:
# do not apply rules to _internal
-
match:
path: ^/_internal
# no controls
Fragment controllers
// UserController::showBoxAction
$response = $this->render(
'DbuCoreBundle:User:box.html.twig');
$response->setVary('Cookie', false);
$response->setMaxAge(0);
$response->setPrivate();
return $response;
// CommentsController::commentsAction
$response = $this->render(
'DbuCoreBundle:Comments:comments.html.twig',
array('comments' => $this->getComments()));
$response->setMaxAge(3600);
$response->setPublic();
return $response;
Purge just the comments fragment
$cm = $container->get('fos_http_cache.cache_manager');
$kernel = $this->container->get('http_kernel');
$path = $kernel->generateInternalUri(
'DbuCoreBundle:Comments:comments'
);
$cm->invalidatePath($path);
Note: generateInternalUri is helpful but does not check if controller exists
ESI response
$ app/console cache:clear --env=prod --no-debug
$ curl -H "Surrogate-Capability: abc=ESI/1.0" \
http://performance.lo/
...
<esi:include src="/_internal/secure/DbuCoreBundle%3AUser%3AshowLogin/none.html" onerror="continue" />
...
<esi:include src="/_internal/secure/DbuCoreBundle%3AComments%3Acomments/none.html" onerror="continue" />
...
Enable ESI in Varnish
sub vcl_recv {
set req.http.Surrogate-Capability = "abc=ESI/1.0";
# try to lookup even if there is a cookie
return (lookup);
}
sub vcl_fetch {
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
if (beresp.http.Vary) {
return (pass);
}
}
Make sure others do not cache
sub vcl_deliver {
if (! req.url ~ ".*\.(css|js|png)(\?.*)?$") {
set resp.http.Vary = "Cookie";
unset resp.http.Last-Modified;
}
}
