Nils Goroll · @slink
70 followers · 603 posts · Server fosstodon.org

@justin i would recommend to use a unix domain socket (uds) for that reason:

varnishd -a tls=/path/to/socket,PROXY,mode=666

mode=666 is failsafe and not the most secure option

varnish-cache.org/docs/trunk/r :varnishcache:

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
70 followers · 592 posts · Server fosstodon.org

A new module for has become usable: zipflow lets you generate ZIP files on the fly.

git.sr.ht/~slink/libvmod-zipfl

Thank you to @madler for this zipflow code!

#foss #varnishcache #vmod #varnish #opensource

Last updated 1 year ago

Nils Goroll · @slink
70 followers · 592 posts · Server fosstodon.org

@krinkle we do have a proper persistent storage engine for now: SLASH/ fellow gitlab.com/uplex/varnish/slash

#foss #varnishcache

Last updated 1 year ago

Nils Goroll · @slink
68 followers · 556 posts · Server fosstodon.org

Another week, another new for

Today: character encoding conversions for

gitlab.com/uplex/varnish/libvm

#vmod #varnishcache #iconv #vcl

Last updated 1 year ago

Nils Goroll · @slink
67 followers · 553 posts · Server fosstodon.org

JSON formatting in pure VCL is a PITA.

Just released: A formatter for which sucks less.

gitlab.com/uplex/varnish/libvm

Example from the README:

#json #vcl #varnishcache #vmod #foss #opensource

Last updated 1 year ago

Nils Goroll · @slink
60 followers · 496 posts · Server fosstodon.org

@bagder iirc it was two years ago that someone promised to implement http3 for "this year". they even had the features planned in a public repo.
we are all doing it wrong. is the solution.

#varnishcache #vaporware

Last updated 1 year ago

Nils Goroll · @slink
60 followers · 459 posts · Server fosstodon.org

VSV00012 Base64 decoding vulnerability in vmod-digest

A base64 decoding vulnerability has been discovered in vmod-digest, which is often used with .

My personal recommendation is to migrate to vmod-blob, as shown in the advisory.

varnish-cache.org/security/VSV

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
59 followers · 453 posts · Server fosstodon.org

@selea layer4 (syn flood, file descriptor exhaustion): mostly a non issue nowadays because ram is cheap enough.
tls: rate limiting works (eg with ) or techniques along the idea : if an ip hits you too hard, filter it efficiently in the kernel
http: here my best recommendations are all based around because i work on it, but alternatives do exist. i will focus on what i know to be most helpful. 馃У

#haproxy #fail2ban #varnishcache

Last updated 1 year ago

Nils Goroll · @slink
44 followers · 393 posts · Server fosstodon.org

.foreach() for regular expression matches has come to Varnish HTTP Cache.

Our module gitlab.com/uplex/varnish/libvm for now also supports iterating over matches on strings and HTTP bodies

#opensource #pcre2 #regex #varnishcache

Last updated 1 year ago

Nils Goroll · @slink
43 followers · 367 posts · Server fosstodon.org

@GossiTheDog telefonica using cloudflare? not even telcos know how to cache properly? we have - you can do it!

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
40 followers · 350 posts · Server fosstodon.org

This month, SLASH/fellow gitlab.com/uplex/varnish/slash, our advanced, high performance,
eventually persistent, always consistent storage engine for has received bug fixes and relevant performance improvements:
- reduced memory footprint
- improve cache lookup performance
- made memory allocation priorities more fine grained
- reduced overhead for concurrent access to disk objects
- improved disk space allocation

Please try it out, all feedback is welcome!

#opensource #varnishcache

Last updated 1 year ago

Nils Goroll · @slink
38 followers · 291 posts · Server fosstodon.org

vmod_dynamic for just got better *again*.

I have finally implemented some improvements which I had on my mind for ages.

- lookups got more efficient with rbtrees
- reduced lock contention
- implemented detailed backend.list output
- added "keep" parameter to avoid re-creating backends temporarily vanishing from DNS
- lots of refactoring

github.com/nigoroll/libvmod-dy

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
38 followers · 291 posts · Server fosstodon.org

@ezhes_ @retr0id @mjg59 the reverse+forward DNS check works. we use this with to authenticate google and others who offer the same properly configured DNS
github.com/kenshaw/libvmod-dns

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
33 followers · 262 posts · Server fosstodon.org

vmod_dynamic just got better.

Our module for dynamic backends based on DNS A/AAAA and SRV records has finally gained support for the director reference counting which got added to varnish 7.3.

github.com/nigoroll/libvmod-dy

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
33 followers · 262 posts · Server fosstodon.org

@kly at least regarding i have not given up.

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
29 followers · 198 posts · Server fosstodon.org

@carlosabalde is there a project to replace varnishsentry for ?

#varnishcache

Last updated 1 year ago

Nils Goroll · @slink
28 followers · 192 posts · Server fosstodon.org

Our parallel (pESI) module gitlab.com/uplex/varnish/libvd for received some <3 and has now 0 open bugs, better performance, cleaner code and, drumroll please, even a CHANGES.rst gitlab.com/uplex/varnish/libvd

#opensource #esi #varnishcache

Last updated 1 year ago

Nils Goroll · @slink
27 followers · 191 posts · Server fosstodon.org

Lesser known feature of the day: Some of the built-in types have methods, too:

BACKEND
.resolve()
STORAGE
.free_space
.used_space
.happy
STRING
.upper()
.lower()

github.com/varnishcache/varnis

#varnishcache #vcl

Last updated 1 year ago

Nils Goroll · @slink
26 followers · 181 posts · Server fosstodon.org

regsub() on bodies has finally arrived for Varnish HTTP Cache.

Our module gitlab.com/uplex/varnish/libvm for now also supports substitutions on bodies. Similar to the recently announced .match_body() method, this feature supports matches across storage segments while avoiding to make copies using PCRE2's partial match feature.

Another big think you to Philip Hazel and Zoltan Herczeg for their great work on the essential regular expression library.

#opensource #pcre2 #regex #varnishcache

Last updated 1 year ago

Nils Goroll · @slink
26 followers · 170 posts · Server fosstodon.org

asking for a client: any with knowledge interested in a in ?
pm me
boosts welcome

#backenddev #opensource #varnishcache #job #berlin

Last updated 1 year ago