Varnish Docker image
Varnish docker image with support for dynamic backends, Rancher DNS, auto-configure
This image is generic, thus you can obviously re-use it within
your non-related EEA projects.
- Debian Jessie
- Varnish 4.1.8
- Varnish agent 2 4.1.3
- Varnish dashboard
- EXPOSE 6081 6085
Supported tags and respective Dockerfile links
:latestDockerfile (Debian Jessie, Varnish 4.1)
Stable and immutable tags
:4.1-6.2Dockerfile - Varnish: 4.1 Release: **6.2
See older versions
Base docker image
- Install Docker.
Run with Docker Compose
Here is a basic example of a
docker-compose.yml file using the
eeacms/varnish docker image:
version: "2" services: varnish: image: eeacms/varnish ports: - "80:6081" - "6085:6085" depends_on: - anon - auth - download environment: BACKENDS: "anon auth download" BACKENDS_PORT: "8080" DNS_ENABLED: "true" BACKENDS_PROBE_INTERVAL: "3s" BACKENDS_PROBE_TIMEOUT: "1s" BACKENDS_PROBE_WINDOW: "3" BACKENDS_PROBE_THRESHOLD: "2" DASHBOARD_USER: "admin" DASHBOARD_PASSWORD: "admin" DASHBOARD_SERVERS: "varnish" DASHBOARD_DNS_ENABLED: "true" anon: image: eeacms/hello environment: PORT: "8080" auth: image: eeacms/hello environment: PORT: "8080" download: image: eeacms/hello environment: PORT: "8080"
The application can be scaled to use more server instances as backends, with
$ docker-compose up -d $ docker-compose scale anon=4 auth=2 varnish=2
An example of a more complex application using the
image is EEA WWW.
Extend the image with a custom varnish.vcl file
default.vcl file provided with this image is bare and only contains
the marker to specify the VCL version. If you plan on using a more
elaborate base configuration in your container and you want it shipped with
your image, you can extend the image in a Dockerfile, like this:
FROM eeacms/varnish COPY varnish.vcl /etc/varnish/conf.d/
and then run
$ docker build -t varnish-custom /path/to/Dockerfile
Support for specifying probe request headers
Two environment variables support defining specific probe request headers.
The primary warning / tricky part is around the delimiter used for separating
the individual headers. Below is an example:
BACKENDS_PROBE_REQUEST: 'GET / HTTP/1.1|Host: example.com|Connection: close|User-Agent: Varnish Health Probe' BACKENDS_PROBE_REQUEST_DELIMITER: '|'
The above will result in the probe being specified using the probe.request attribute
and will replace the default probe.url attribute completely.
The important point, of course, is that you need to pick an appropriate delimiter
that is not contained within any headers that you wish to pass.
The hostname of the current backend being probed can be specify using the
BACKENDS_PROBE_REQUEST: 'GET / HTTP/1.1|Host: %(hostname)s|Connection: close|User-Agent: Varnish Health Probe' BACKENDS_PROBE_REQUEST_DELIMITER: '|'
Change and reload configuration without restarting the container
If the configuration directory is mounted as a volume, you can modify
it from outside the container. In order for the modifications
to be loaded by the varnish daemon, you have to run the
$ docker exec <container-name-or-id> reload
The command will load the new configuration, compile it, and if compilation
succeeds replace the old one with it. If compilation of the new configuration
fails, the varnish daemon will continue to use the old configuration.
Keep in mind that the only way to restore a previous configuration is to
restore the configuration files and then reload them.
Support for stripping cookies for better caching
By default, if any cookies are present, the cache is bypassed. This section describes
new support for configuration of various cookie-based cache options. Configuration is
enabled with the COOKIES environment variable. If set, additional code
is executed that builds a cookie_config.vcl file containing additions to
the generated default.vcl file. The following cookie options are currently supported.
- Whitelist of cookies - Allows stripping all but a small list of cookies
- (Future) Remove cookies for listed static file types, so caching works
Whitelist of cookies
With this option you provide a regular expression describing those cookies that should
be passed through to the backend. All cookies not described by the expression will be
stripped from the headers. Here is an example.
$ docker pull eeacms/varnish
Supported environment variables
As varnish has close to no purpose by itself, this image should be used
in combination with others with Docker Compose.
The varnish daemon can be configured by modifying the following environment variables:
PRIVILEDGED_USERPriviledge separation user id (e.g.
CACHE_SIZESize of the RAM cache storage (default
CACHE_STORAGEOverride default RAM cache (e.g.
ADDRESS_PORTHTTP listen address and port (default
ADMIN_PORTHTTP admin address and port (e.g.
PARAM_VALUEA list of parameter-value pairs, each preceeded by the
BACKENDSA list of
host[:port]pairs separated by space
BACKENDS_PORTDefault port to be used for backends (defalut
BACKENDS_PROBE_ENABLEDEnable backend probe (default
BACKENDS_PROBE_URLBackend probe URL (default
BACKENDS_PROBE_TIMEOUTBackend probe timeout (defalut
BACKENDS_PROBE_INTERVALBackend probe interval (defalut
BACKENDS_PROBE_WINDOWBackend probe window (defalut
BACKENDS_PROBE_THRESHOLDBackend probe threshold (defalut
DNS_ENABLEDDNS lookup provided
BACKENDS. Use this option when your backends are resolved by an internal/external DNS service (e.g. Rancher)
DNS_TTLDNS lookup backends every $DNS_TTL minutes. Default 1 minute.
BACKENDS_SAINT_MODERegister backends using saintmode module
BACKENDS_PROBE_REQUESTBackend probe request header list (default empty)
BACKENDS_PROBE_REQUEST_DELIMITERBackend probe request headers delimiter (default
DASHBOARD_SERVERSInclude varnish services, space separated, within varnish dashboard. Useful when you want to scale varnish and see them all within varnish dashboard (e.g.:
docker-compose scale varnish=2)
DASHBOARD_SERVERSto ips in order to discover multiple varnish instances. (default
DASHBOARD_PORTRun Varnish dashboard on this port inside container (default
DASHBOARD_USERUser to access the varnish dashboard exposed on
DASHBOARD_PASSWORDPassword for the user to access the varnish dashboard exposed on
COOKIESEnables cookie configuration
COOKIES_WHITELISTA regular expression describing cookies that are passed through, all others are stripped
Copyright and license
The Initial Owner of the Original Code is European Environment Agency (EEA).
All Rights Reserved.
The Original Code is free software;
you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation;
either version 2 of the License, or (at your option) any later