1VARNISHD(1) VARNISHD(1)
2
6 varnishd - HTTP accelerator daemon
7
9 varnishd
10 [-a [name=][listen_address[,PROTO]] [-b [host[:port]|path]] [-C]
11 [-d] [-F] [-f config] [-h type[,options]] [-I clifile] [-i iden‐
12 tity] [-j jail[,jailoptions]] [-l vsl] [-M address:port] [-n
13 workdir] [-P file] [-p param=value] [-r param[,param...]] [-S
14 secret-file] [-s [name=]kind[,options]] [-T address[:port]] [-t
15 TTL] [-V] [-W waiter]
16 varnishd [-x parameter|vsl|cli|builtin|optstring]
18 varnishd [-?]
20
22 The varnishd daemon accepts HTTP requests from clients, passes them on
23 to a backend server and caches the returned documents to better satisfy
24 future requests for the same document.
25
27 Basic options
28 -a <[name=][listen_address[,PROTO]]>
29 Accept for client requests on the specified listen_address (see
30 below).
31 Name is referenced in logs. If name is not specified, "a0",
33 "a1", etc. is used.
34 PROTO can be "HTTP" (the default) or "PROXY". Both version 1
36 and 2 of the proxy protocol can be used.
37 Multiple -a arguments are allowed.
39 If no -a argument is given, the default -a :80 will listen to
41 all IPv4 and IPv6 interfaces.
42 -a <[name=][ip_address][:port][,PROTO]>
44 The ip_address can be a host name ("localhost"), an IPv4 dot‐
45 ted-quad ("127.0.0.1") or an IPv6 address enclosed in square
46 brackets ("[::1]")
47 If port is not specified, port 80 (http) is used.
49 At least one of ip_address or port is required.
51 -a <[name=][path][,PROTO][,user=name][,group=name][,mode=octal]>
53 (VCL4.1 and higher)
54 Accept connections on a Unix domain socket. Path must be abso‐
56 lute ("/path/to/listen.sock").
57 The user, group and mode sub-arguments may be used to specify
59 the permissions of the socket file -- use names for user and
60 group, and a 3-digit octal value for mode.
61 -b <[host[:port]|path]>
63 Use the specified host as backend server. If port is not speci‐
64 fied, the default is 8080.
65 If the value of -b begins with /, it is interpreted as the abso‐
67 lute path of a Unix domain socket to which Varnish connects. In
68 that case, the value of -b must satisfy the conditions required
69 for the .path field of a backend declaration, see vcl(7). Back‐
70 ends with Unix socket addresses may only be used with VCL ver‐
71 sions >= 4.1.
72 -b can be used only once, and not together with f.
74 -f config
76 Use the specified VCL configuration file instead of the builtin
77 default. See vcl(7) for details on VCL syntax.
78 If a single -f option is used, then the VCL instance loaded from
80 the file is named "boot" and immediately becomes active. If more
81 than one -f option is used, the VCL instances are named "boot0",
82 "boot1" and so forth, in the order corresponding to the -f argu‐
83 ments, and the last one is named "boot", which becomes active.
84 Either -b or one or more -f options must be specified, but not
86 both, and they cannot both be left out, unless -d is used to
87 start varnishd in debugging mode. If the empty string is speci‐
88 fied as the sole -f option, then varnishd starts without start‐
89 ing the worker process, and the management process will accept
90 CLI commands. You can also combine an empty -f option with an
91 initialization script (-I option) and the child process will be
92 started if there is an active VCL at the end of the initializa‐
93 tion.
94 When used with a relative file name, config is searched in the
96 vcl_path. It is possible to set this path prior to using -f op‐
97 tions with a -p option. During startup, varnishd doesn't com‐
98 plain about unsafe VCL paths: unlike the varnish-cli(7) that
99 could later be accessed remotely, starting varnishd requires lo‐
100 cal privileges.
101 -n workdir
103 Runtime directory for the shared memory, compiled VCLs etc.
104 In performance critical applications, this directory should be
106 on a RAM backed filesystem.
107 Relative paths will be appended to /var/run/ (NB: Binary pack‐
109 ages of Varnish may have adjusted this to the platform.)
110 The default value is /var/run/varnishd (NB: as above.)
112 Documentation options
114 For these options, varnishd prints information to standard output and
115 exits. When a -x option is used, it must be the only option (it outputs
116 documentation in reStructuredText, aka RST).
117 -?
119 Print the usage message.
120 -x parameter
122 Print documentation of the runtime parameters (-p options), see
123 List of Parameters.
124 -x vsl Print documentation of the tags used in the Varnish shared mem‐
126 ory log, see vsl(7).
127 -x cli Print documentation of the command line interface, see var‐
129 nish-cli(7).
130 -x builtin
132 Print the contents of the default VCL program builtin.vcl.
133 -x optstring
135 Print the optstring parameter to getopt(3) to help writing wrap‐
136 per scripts.
137 Operations options
139 -F Do not fork, run in the foreground. Only one of -F or -d can be
140 specified, and -F cannot be used together with -C.
141 -T <address[:port]>
143 Offer a management interface on the specified address and port.
144 See varnish-cli(7) for documentation of the management commands.
145 To disable the management interface use none.
146 -M <address:port>
148 Connect to this port and offer the command line interface.
149 Think of it as a reverse shell. When running with -M and there
150 is no backend defined the child process (the cache) will not
151 start initially.
152 -P file
154 Write the PID of the process to the specified file.
155 -i identity
157 Specify the identity of the Varnish server. This can be accessed
158 using server.identity from VCL and with VSM_Name() from utili‐
159 ties. If not specified the output of gethostname(3) is used.
160 -I clifile
162 Execute the management commands in the file given as clifile be‐
163 fore the the worker process starts, see CLI Command File.
164 Tuning options
166 -t TTL Specifies the default time to live (TTL) for cached objects.
167 This is a shortcut for specifying the default_ttl run-time pa‐
168 rameter.
169 -p <param=value>
171 Set the parameter specified by param to the specified value, see
172 List of Parameters for details. This option can be used multiple
173 times to specify multiple parameters.
174 -s <[name=]type[,options]>
176 Use the specified storage backend. See Storage Backend section.
177 This option can be used multiple times to specify multiple stor‐
179 age files. Name is referenced in logs, VCL, statistics, etc. If
180 name is not specified, "s0", "s1" and so forth is used.
181 -l <vsl>
183 Specifies size of the space for the VSL records, shorthand for
184 -p vsl_space=<vsl>. Scaling suffixes like 'K' and 'M' can be
185 used up to (G)igabytes. See vsl_space for more information.
186 Security options
188 -r <param[,param...]>
189 Make the listed parameters read only. This gives the system ad‐
190 ministrator a way to limit what the Varnish CLI can do. Con‐
191 sider making parameters such as cc_command, vcc_allow_inline_c
192 and vmod_path read only as these can potentially be used to es‐
193 calate privileges from the CLI.
194 -S secret-file
196 Path to a file containing a secret used for authorizing access
197 to the management port. To disable authentication use none.
198 If this argument is not provided, a secret drawn from the system
200 PRNG will be written to a file called _.secret in the working
201 directory (see opt_n) with default ownership and permissions of
202 the user having started varnish.
203 Thus, users wishing to delegate control over varnish will proba‐
205 bly want to create a custom secret file with appropriate permis‐
206 sions (ie. readable by a unix group to delegate control to).
207 -j <jail[,jailoptions]>
209 Specify the jailing mechanism to use. See Jail section.
210 Advanced, development and debugging options
212 -d Enables debugging mode: The parent process runs in the fore‐
213 ground with a CLI connection on stdin/stdout, and the child
214 process must be started explicitly with a CLI command. Terminat‐
215 ing the parent process will also terminate the child.
216 Only one of -d or -F can be specified, and -d cannot be used to‐
218 gether with -C.
219 -C Print VCL code compiled to C language and exit. Specify the VCL
221 file to compile with the -f option. Either -f or -b must be used
222 with -C, and -C cannot be used with -F or -d.
223 -V Display the version number and exit. This must be the only op‐
225 tion.
226 -h <type[,options]>
228 Specifies the hash algorithm. See Hash Algorithm section for a
229 list of supported algorithms.
230 -W waiter
232 Specifies the waiter type to use.
233 Hash Algorithm
235 The following hash algorithms are available:
236 -h critbit
238 self-scaling tree structure. The default hash algorithm in Var‐
239 nish Cache 2.1 and onwards. In comparison to a more traditional
240 B tree the critbit tree is almost completely lockless. Do not
241 change this unless you are certain what you're doing.
242 -h simple_list
244 A simple doubly-linked list. Not recommended for production
245 use.
246 -h <classic[,buckets]>
248 A standard hash table. The hash key is the CRC32 of the object's
249 URL modulo the size of the hash table. Each table entry points
250 to a list of elements which share the same hash key. The buckets
251 parameter specifies the number of entries in the hash table.
252 The default is 16383.
253 Storage Backend
255 The argument format to define storage backends is:
256 -s <[name]=kind[,options]>
258 If name is omitted, Varnish will name storages sN, starting with
259 s0 and incrementing N for every new storage.
260 For kind and options see details below.
262 Storages can be used in vcl as storage.name, so, for example if myStor‐
264 age was defined by -s myStorage=malloc,5G, it could be used in VCL like
265 so:
266 set beresp.storage = storage.myStorage;
268 A special name is Transient which is the default storage for un‐
270 cacheable objects as resulting from a pass, hit-for-miss or
271 hit-for-pass.
272 If no -s options are given, the default is:
274 -s default,100m
276 If no Transient storage is defined, the default is an unbound default
278 storage as if defined as:
279 -s Transient=default
281 The following storage types and options are available:
283 -s <default[,size]>
285 The default storage type resolves to umem where available and
286 malloc otherwise.
287 -s <malloc[,size]>
289 malloc is a memory based backend.
290 -s <umem[,size]>
292 umem is a storage backend which is more efficient than malloc on
293 platforms where it is available.
294 See the section on umem in chapter Storage backends of The Var‐
296 nish Users Guide for details.
297 -s <file,path[,size[,granularity[,advice]]]>
299 The file backend stores data in a file on disk. The file will be
300 accessed using mmap. Note that this storage provide no cache
301 persistence.
302 The path is mandatory. If path points to a directory, a tempo‐
304 rary file will be created in that directory and immediately un‐
305 linked. If path points to a non-existing file, the file will be
306 created.
307 If size is omitted, and path points to an existing file with a
309 size greater than zero, the size of that file will be used. If
310 not, an error is reported.
311 Granularity sets the allocation block size. Defaults to the sys‐
313 tem page size or the filesystem block size, whichever is larger.
314 Advice tells the kernel how varnishd expects to use this mapped
316 region so that the kernel can choose the appropriate read-ahead
317 and caching techniques. Possible values are normal, random and
318 sequential, corresponding to MADV_NORMAL, MADV_RANDOM and
319 MADV_SEQUENTIAL madvise() advice argument, respectively. De‐
320 faults to random.
321 -s <persistent,path,size>
323 Persistent storage. Varnish will store objects in a file in a
324 manner that will secure the survival of most of the objects in
325 the event of a planned or unplanned shutdown of Varnish. The
326 persistent storage backend has multiple issues with it and will
327 likely be removed from a future version of Varnish.
328 Jail
330 Varnish jails are a generalization over various platform specific meth‐
331 ods to reduce the privileges of varnish processes. They may have spe‐
332 cific options. Available jails are:
333 -j <solaris[,worker=`privspec`]>
335 Reduce privileges(5) for varnishd and sub-process to the mini‐
336 mally required set. Only available on platforms which have the
337 setppriv(2) call.
338 The optional worker argument can be used to pass a privi‐
340 lege-specification (see ppriv(1)) by which to extend the effec‐
341 tive set of the varnish worker process. While extended privi‐
342 leges may be required by custom vmods, it is always the more se‐
343 cure to not use the worker option.
344 Example to grant basic privileges to the worker process:
346 -j solaris,worker=basic
348 -j <unix[,user=`user`][,ccgroup=`group`][,workuser=`user`]>
350 Default on all other platforms when varnishd is started with an
351 effective uid of 0 ("as root").
352 With the unix jail mechanism activated, varnish will switch to
354 an alternative user for subprocesses and change the effective
355 uid of the master process whenever possible.
356 The optional user argument specifies which alternative user to
358 use. It defaults to varnish.
359 The optional ccgroup argument specifies a group to add to var‐
361 nish subprocesses requiring access to a c-compiler. There is no
362 default.
363 The optional workuser argument specifies an alternative user to
365 use for the worker process. It defaults to vcache.
366 -j none
368 last resort jail choice: With jail mechanism none, varnish will
369 run all processes with the privileges it was started with.
370 Management Interface
372 If the -T option was specified, varnishd will offer a command-line man‐
373 agement interface on the specified address and port. The recommended
374 way of connecting to the command-line management interface is through
375 varnishadm(1).
376 The commands available are documented in varnish-cli(7).
378 CLI Command File
380 The -I option makes it possible to run arbitrary management commands
381 when varnishd is launched, before the worker process is started. In
382 particular, this is the way to load configurations, apply labels to
383 them, and make a VCL instance active that uses those labels on startup:
384 vcl.load panic /etc/varnish_panic.vcl
386 vcl.load siteA0 /etc/varnish_siteA.vcl
387 vcl.load siteB0 /etc/varnish_siteB.vcl
388 vcl.load siteC0 /etc/varnish_siteC.vcl
389 vcl.label siteA siteA0
390 vcl.label siteB siteB0
391 vcl.label siteC siteC0
392 vcl.load main /etc/varnish_main.vcl
393 vcl.use main
394 Every line in the file, including the last line, must be terminated by
396 a newline or carriage return.
397 If a command in the file is prefixed with '-', failure will not abort
399 the startup.
400 Note that it is necessary to include an explicit vcl.use command to se‐
402 lect which VCL should be the active VCL when relying on CLI Command
403 File to load the configurations at startup.
404
406 Run Time Parameter Flags
407 Runtime parameters are marked with shorthand flags to avoid repeating
408 the same text over and over in the table below. The meaning of the
409 flags are:
410 • experimental
412 We have no solid information about good/bad/optimal values for this
414 parameter. Feedback with experience and observations are most wel‐
415 come.
416 • delayed
418 This parameter can be changed on the fly, but will not take effect
420 immediately.
421 • restart
423 The worker process must be stopped and restarted, before this parame‐
425 ter takes effect.
426 • reload
428 The VCL programs must be reloaded for this parameter to take effect.
430 • wizard
432 Do not touch unless you really know what you're doing.
434 • only_root
436 Only works if varnishd is running as root.
438 Default Value Exceptions on 32 bit Systems
440 Be aware that on 32 bit systems, certain default or maximum values are
441 reduced relative to the values listed below, in order to conserve VM
442 space:
443 • workspace_client: 24k
445 • workspace_backend: 20k
447 • http_resp_size: 8k
449 • http_req_size: 12k
451 • gzip_buffer: 4k
453 • vsl_buffer: 4k
455 • vsl_space: 1G (maximum)
457 • thread_pool_stack: 64k
459 List of Parameters
461 This text is produced from the same text you will find in the CLI if
462 you use the param.show command:
463 accept_filter
465 NB: This parameter depends on a feature which is not available on all
466 platforms.
467 • Units: bool
469 • Default: on (if your platform supports accept filters)
471 Enable kernel accept-filters. This may require a kernel module to be
473 loaded to have an effect when enabled.
474 Enabling accept_filter may prevent some requests to reach Varnish in
476 the first place. Malformed requests may go unnoticed and not increase
477 the client_req_400 counter. GET or HEAD requests with a body may be
478 blocked altogether.
479 acceptor_sleep_decay
481 • Default: 0.9
482 • Minimum: 0
484 • Maximum: 1
486 • Flags: experimental
488 If we run out of resources, such as file descriptors or worker threads,
490 the acceptor will sleep between accepts. This parameter (multiplica‐
491 tively) reduce the sleep duration for each successful accept. (ie: 0.9
492 = reduce by 10%)
493 acceptor_sleep_incr
495 • Units: seconds
496 • Default: 0.000
498 • Minimum: 0.000
500 • Maximum: 1.000
502 • Flags: experimental
504 If we run out of resources, such as file descriptors or worker threads,
506 the acceptor will sleep between accepts. This parameter control how
507 much longer we sleep, each time we fail to accept a new connection.
508 acceptor_sleep_max
510 • Units: seconds
511 • Default: 0.050
513 • Minimum: 0.000
515 • Maximum: 10.000
517 • Flags: experimental
519 If we run out of resources, such as file descriptors or worker threads,
521 the acceptor will sleep between accepts. This parameter limits how
522 long it can sleep between attempts to accept new connections.
523 auto_restart
525 • Units: bool
526 • Default: on
528 Automatically restart the child/worker process if it dies.
530 backend_idle_timeout
532 • Units: seconds
533 • Default: 60.000
535 • Minimum: 1.000
537 Timeout before we close unused backend connections.
539 backend_local_error_holddown
541 • Units: seconds
542 • Default: 10.000
544 • Minimum: 0.000
546 • Flags: experimental
548 When connecting to backends, certain error codes (EADDRNOTAVAIL, EAC‐
550 CESS, EPERM) signal a local resource shortage or configuration issue
551 for which retrying connection attempts may worsen the situation due to
552 the complexity of the operations involved in the kernel. This parame‐
553 ter prevents repeated connection attempts for the configured duration.
554 backend_remote_error_holddown
556 • Units: seconds
557 • Default: 0.250
559 • Minimum: 0.000
561 • Flags: experimental
563 When connecting to backends, certain error codes (ECONNREFUSED, ENETUN‐
565 REACH) signal fundamental connection issues such as the backend not ac‐
566 cepting connections or routing problems for which repeated connection
567 attempts are considered useless This parameter prevents repeated con‐
568 nection attempts for the configured duration.
569 ban_cutoff
571 • Units: bans
572 • Default: 0
574 • Minimum: 0
576 • Flags: experimental
578 Expurge long tail content from the cache to keep the number of bans be‐
580 low this value. 0 disables.
581 When this parameter is set to a non-zero value, the ban lurker contin‐
583 ues to work the ban list as usual top to bottom, but when it reaches
584 the ban_cutoff-th ban, it treats all objects as if they matched a ban
585 and expurges them from cache. As actively used objects get tested
586 against the ban list at request time and thus are likely to be associ‐
587 ated with bans near the top of the ban list, with ban_cutoff, least re‐
588 cently accessed objects (the "long tail") are removed.
589 This parameter is a safety net to avoid bad response times due to bans
591 being tested at lookup time. Setting a cutoff trades response time for
592 cache efficiency. The recommended value is proportional to
593 rate(bans_lurker_tests_tested) / n_objects while the ban lurker is
594 working, which is the number of bans the system can sustain. The addi‐
595 tional latency due to request ban testing is in the order of ban_cutoff
596 / rate(bans_lurker_tests_tested). For example, for
597 rate(bans_lurker_tests_tested) = 2M/s and a tolerable latency of 100ms,
598 a good value for ban_cutoff may be 200K.
599 ban_dups
601 • Units: bool
602 • Default: on
604 Eliminate older identical bans when a new ban is added. This saves CPU
606 cycles by not comparing objects to identical bans. This is a waste of
607 time if you have many bans which are never identical.
608 ban_lurker_age
610 • Units: seconds
611 • Default: 60.000
613 • Minimum: 0.000
615 The ban lurker will ignore bans until they are this old. When a ban is
617 added, the active traffic will be tested against it as part of object
618 lookup. Because many applications issue bans in bursts, this parameter
619 holds the ban-lurker off until the rush is over. This should be set to
620 the approximate time which a ban-burst takes.
621 ban_lurker_batch
623 • Default: 1000
624 • Minimum: 1
626 The ban lurker sleeps ${ban_lurker_sleep} after examining this many ob‐
628 jects. Use this to pace the ban-lurker if it eats too many resources.
629 ban_lurker_holdoff
631 • Units: seconds
632 • Default: 0.010
634 • Minimum: 0.000
636 • Flags: experimental
638 How long the ban lurker sleeps when giving way to lookup due to lock
640 contention.
641 ban_lurker_sleep
643 • Units: seconds
644 • Default: 0.010
646 • Minimum: 0.000
648 How long the ban lurker sleeps after examining ${ban_lurker_batch} ob‐
650 jects. Use this to pace the ban-lurker if it eats too many resources.
651 A value of zero will disable the ban lurker entirely.
652 between_bytes_timeout
654 • Units: seconds
655 • Default: 60.000
657 • Minimum: 0.000
659 We only wait for this many seconds between bytes received from the
661 backend before giving up the fetch. VCL values, per backend or per
662 backend request take precedence. This parameter does not apply to
663 pipe'ed requests.
664 cc_command
666 NB: The actual default value for this parameter depends on the Varnish
667 build environment and options.
668 • Default: exec $CC $CFLAGS %w -shared -o %o %s
670 • Flags: must_reload
672 The command used for compiling the C source code to a dlopen(3) load‐
674 able object. The following expansions can be used:
675 • %s: the source file name
677 • %o: the output file name
679 • %w: the cc_warnings parameter
681 • %d: the raw default cc_command
683 • %D: the expanded default cc_command
685 • %n: the working directory (-n option)
687 • %%: a percent sign
689 Unknown percent expansion sequences are ignored, and to avoid future
691 incompatibilities percent characters should be escaped with a double
692 percent sequence.
693 The %d and %D expansions allow passing the parameter's default value to
695 a wrapper script to perform additional processing.
696 cc_warnings
698 NB: The actual default value for this parameter depends on the Varnish
699 build environment and options.
700 • Default: -Wall -Werror
702 • Flags: must_reload
704 Warnings used when compiling the C source code with the cc_command pa‐
706 rameter. By default, VCL is compiled with the same set of warnings as
707 Varnish itself.
708 cli_limit
710 • Units: bytes
711 • Default: 48k
713 • Minimum: 128b
715 • Maximum: 99999999b
717 Maximum size of CLI response. If the response exceeds this limit, the
719 response code will be 201 instead of 200 and the last line will indi‐
720 cate the truncation.
721 cli_timeout
723 • Units: seconds
724 • Default: 60.000
726 • Minimum: 0.000
728 Timeout for the child's replies to CLI requests from the mgt_param.
730 clock_skew
732 • Units: seconds
733 • Default: 10
735 • Minimum: 0
737 How much clockskew we are willing to accept between the backend and our
739 own clock.
740 clock_step
742 • Units: seconds
743 • Default: 1.000
745 • Minimum: 0.000
747 How much observed clock step we are willing to accept before we panic.
749 connect_timeout
751 • Units: seconds
752 • Default: 3.500
754 • Minimum: 0.000
756 Default connection timeout for backend connections. We only try to con‐
758 nect to the backend for this many seconds before giving up. VCL can
759 override this default value for each backend and backend request.
760 critbit_cooloff
762 • Units: seconds
763 • Default: 180.000
765 • Minimum: 60.000
767 • Maximum: 254.000
769 • Flags: wizard
771 How long the critbit hasher keeps deleted objheads on the cooloff list.
773 debug
775 • Default: none
776 Enable/Disable various kinds of debugging.
778 none Disable all debugging
780 Use +/- prefix to set/reset individual bits:
782 req_state
784 VSL Request state engine
785 workspace
787 VSL Workspace operations
788 waitinglist
790 VSL Waitinglist events
791 syncvsl
793 Make VSL synchronous
794 hashedge
796 Edge cases in Hash
797 vclrel Rapid VCL release
799 lurker VSL Ban lurker
801 esi_chop
803 Chop ESI fetch to bits
804 flush_head
806 Flush after http1 head
807 vtc_mode
809 Varnishtest Mode
810 witness
812 Emit WITNESS lock records
813 vsm_keep
815 Keep the VSM file on restart
816 slow_acceptor
818 Slow down Acceptor
819 h2_nocheck
821 Disable various H2 checks
822 vmod_so_keep
824 Keep copied VMOD libraries
825 processors
827 Fetch/Deliver processors
828 protocol
830 Protocol debugging
831 vcl_keep
833 Keep VCL C and so files
834 lck Additional lock statistics
836 default_grace
838 • Units: seconds
839 • Default: 10.000
841 • Minimum: 0.000
843 • Flags: obj_sticky
845 Default grace period. We will deliver an object this long after it has
847 expired, provided another thread is attempting to get a new copy.
848 default_keep
850 • Units: seconds
851 • Default: 0.000
853 • Minimum: 0.000
855 • Flags: obj_sticky
857 Default keep period. We will keep a useless object around this long,
859 making it available for conditional backend fetches. That means that
860 the object will be removed from the cache at the end of ttl+grace+keep.
861 default_ttl
863 • Units: seconds
864 • Default: 120.000
866 • Minimum: 0.000
868 • Flags: obj_sticky
870 The TTL assigned to objects if neither the backend nor the VCL code as‐
872 signs one.
873 experimental
875 • Default: none
876 Enable/Disable experimental features.
878 none Disable all experimental features
880 Use +/- prefix to set/reset individual bits:
882 drop_pools
884 Drop thread pools
885 feature
887 • Default: +validate_headers
888 Enable/Disable various minor features.
890 default
892 Set default value
893 none Disable all features.
895 Use +/- prefix to enable/disable individual feature:
897 http2 Enable HTTP/2 protocol support.
899 short_panic
901 Short panic message.
902 no_coredump
904 No coredumps. Must be set before child process starts.
905 https_scheme
907 Extract host from full URI in the HTTP/1 request line, if the
908 scheme is https.
909 http_date_postel
911 Tolerate non compliant timestamp headers like Date, Last-Mod‐
912 ified, Expires etc.
913 esi_ignore_https
915 Convert <esi:include src"https://... to http://...
916 esi_disable_xml_check
918 Allow ESI processing on non-XML ESI bodies
919 esi_ignore_other_elements
921 Ignore XML syntax errors in ESI bodies.
922 esi_remove_bom
924 Ignore UTF-8 BOM in ESI bodies.
925 esi_include_onerror
927 Parse the onerror attribute of <esi:include> tags.
928 wait_silo
930 Wait for persistent silos to completely load before serving
931 requests.
932 validate_headers
934 Validate all header set operations to conform to RFC7230.
935 busy_stats_rate
937 Make busy workers comply with thread_stats_rate.
938 fetch_chunksize
940 • Units: bytes
941 • Default: 16k
943 • Minimum: 4k
945 • Flags: experimental
947 The default chunksize used by fetcher. This should be bigger than the
949 majority of objects with short TTLs. Internal limits in the stor‐
950 age_file module makes increases above 128kb a dubious idea.
951 fetch_maxchunksize
953 • Units: bytes
954 • Default: 0.25G
956 • Minimum: 64k
958 • Flags: experimental
960 The maximum chunksize we attempt to allocate from storage. Making this
962 too large may cause delays and storage fragmentation.
963 first_byte_timeout
965 • Units: seconds
966 • Default: 60.000
968 • Minimum: 0.000
970 Default timeout for receiving first byte from backend. We only wait for
972 this many seconds for the first byte before giving up. VCL can over‐
973 ride this default value for each backend and backend request. This pa‐
974 rameter does not apply to pipe'ed requests.
975 gzip_buffer
977 • Units: bytes
978 • Default: 32k
980 • Minimum: 2k
982 • Flags: experimental
984 Size of malloc buffer used for gzip processing. These buffers are used
986 for in-transit data, for instance gunzip'ed data being sent to a
987 client.Making this space to small results in more overhead, writes to
988 sockets etc, making it too big is probably just a waste of memory.
989 gzip_level
991 • Default: 6
992 • Minimum: 0
994 • Maximum: 9
996 Gzip compression level: 0=debug, 1=fast, 9=best
998 gzip_memlevel
1000 • Default: 8
1001 • Minimum: 1
1003 • Maximum: 9
1005 Gzip memory level 1=slow/least, 9=fast/most compression. Memory impact
1007 is 1=1k, 2=2k, ... 9=256k.
1008 h2_header_table_size
1010 • Units: bytes
1011 • Default: 4k
1013 • Minimum: 0b
1015 HTTP2 header table size. This is the size that will be used for the
1017 HPACK dynamic decoding table.
1018 h2_initial_window_size
1020 • Units: bytes
1021 • Default: 65535b
1023 • Minimum: 65535b
1025 • Maximum: 2147483647b
1027 HTTP2 initial flow control window size.
1029 h2_max_concurrent_streams
1031 • Units: streams
1032 • Default: 100
1034 • Minimum: 0
1036 HTTP2 Maximum number of concurrent streams. This is the number of re‐
1038 quests that can be active at the same time for a single HTTP2 connec‐
1039 tion.
1040 h2_max_frame_size
1042 • Units: bytes
1043 • Default: 16k
1045 • Minimum: 16k
1047 • Maximum: 16777215b
1049 HTTP2 maximum per frame payload size we are willing to accept.
1051 h2_max_header_list_size
1053 • Units: bytes
1054 • Default: 2147483647b
1056 • Minimum: 0b
1058 HTTP2 maximum size of an uncompressed header list.
1060 h2_rx_window_increment
1062 • Units: bytes
1063 • Default: 1M
1065 • Minimum: 1M
1067 • Maximum: 1G
1069 • Flags: wizard
1071 HTTP2 Receive Window Increments. How big credits we send in WINDOW_UP‐
1073 DATE frames Only affects incoming request bodies (ie: POST, PUT etc.)
1074 h2_rx_window_low_water
1076 • Units: bytes
1077 • Default: 10M
1079 • Minimum: 65535b
1081 • Maximum: 1G
1083 • Flags: wizard
1085 HTTP2 Receive Window low water mark. We try to keep the window at
1087 least this big Only affects incoming request bodies (ie: POST, PUT
1088 etc.)
1089 h2_rxbuf_storage
1091 • Default: Transient
1092 • Flags: must_restart
1094 The name of the storage backend that HTTP/2 receive buffers should be
1096 allocated from.
1097 http1_iovs
1099 • Units: struct iovec (=16 bytes)
1100 • Default: 64
1102 • Minimum: 5
1104 • Maximum: 1024
1106 • Flags: wizard
1108 Number of io vectors to allocate for HTTP1 protocol transmission. A
1110 HTTP1 header needs 7 + 2 per HTTP header field. Allocated from
1111 workspace_thread.
1112 http_gzip_support
1114 • Units: bool
1115 • Default: on
1117 Enable gzip support. When enabled Varnish request compressed objects
1119 from the backend and store them compressed. If a client does not sup‐
1120 port gzip encoding Varnish will uncompress compressed objects on de‐
1121 mand. Varnish will also rewrite the Accept-Encoding header of clients
1122 indicating support for gzip to:
1123 Accept-Encoding: gzip
1124 Clients that do not support gzip will have their Accept-Encoding header
1126 removed. For more information on how gzip is implemented please see the
1127 chapter on gzip in the Varnish reference.
1128 When gzip support is disabled the variables beresp.do_gzip and
1130 beresp.do_gunzip have no effect in VCL.
1131 http_max_hdr
1133 • Units: header lines
1134 • Default: 64
1136 • Minimum: 32
1138 • Maximum: 65535
1140 Maximum number of HTTP header lines we allow in
1142 {req|resp|bereq|beresp}.http (obj.http is autosized to the exact number
1143 of headers). Cheap, ~20 bytes, in terms of workspace memory. Note
1144 that the first line occupies five header lines.
1145 http_range_support
1147 • Units: bool
1148 • Default: on
1150 Enable support for HTTP Range headers.
1152 http_req_hdr_len
1154 • Units: bytes
1155 • Default: 8k
1157 • Minimum: 40b
1159 Maximum length of any HTTP client request header we will allow. The
1161 limit is inclusive its continuation lines.
1162 http_req_size
1164 • Units: bytes
1165 • Default: 32k
1167 • Minimum: 0.25k
1169 Maximum number of bytes of HTTP client request we will deal with. This
1171 is a limit on all bytes up to the double blank line which ends the HTTP
1172 request. The memory for the request is allocated from the client
1173 workspace (param: workspace_client) and this parameter limits how much
1174 of that the request is allowed to take up.
1175 http_resp_hdr_len
1177 • Units: bytes
1178 • Default: 8k
1180 • Minimum: 40b
1182 Maximum length of any HTTP backend response header we will allow. The
1184 limit is inclusive its continuation lines.
1185 http_resp_size
1187 • Units: bytes
1188 • Default: 32k
1190 • Minimum: 0.25k
1192 Maximum number of bytes of HTTP backend response we will deal with.
1194 This is a limit on all bytes up to the double blank line which ends the
1195 HTTP response. The memory for the response is allocated from the back‐
1196 end workspace (param: workspace_backend) and this parameter limits how
1197 much of that the response is allowed to take up.
1198 idle_send_timeout
1200 • Units: seconds
1201 • Default: 60.000
1203 • Minimum: 0.000
1205 • Flags: delayed
1207 Send timeout for individual pieces of data on client connections. May
1209 get extended if 'send_timeout' applies.
1210 When this timeout is hit, the session is closed.
1212 See the man page for setsockopt(2) or socket(7) under SO_SNDTIMEO for
1214 more information.
1215 listen_depth
1217 • Units: connections
1218 • Default: 1024
1220 • Minimum: 0
1222 • Flags: must_restart
1224 Listen queue depth.
1226 lru_interval
1228 • Units: seconds
1229 • Default: 2.000
1231 • Minimum: 0.000
1233 • Flags: experimental
1235 Grace period before object moves on LRU list. Objects are only moved
1237 to the front of the LRU list if they have not been moved there already
1238 inside this timeout period. This reduces the amount of lock operations
1239 necessary for LRU list access.
1240 max_esi_depth
1242 • Units: levels
1243 • Default: 5
1245 • Minimum: 0
1247 Maximum depth of esi:include processing.
1249 max_restarts
1251 • Units: restarts
1252 • Default: 4
1254 • Minimum: 0
1256 Upper limit on how many times a request can restart.
1258 max_retries
1260 • Units: retries
1261 • Default: 4
1263 • Minimum: 0
1265 Upper limit on how many times a backend fetch can retry.
1267 max_vcl
1269 • Default: 100
1270 • Minimum: 0
1272 Threshold of loaded VCL programs. (VCL labels are not counted.) Pa‐
1274 rameter max_vcl_handling determines behaviour.
1275 max_vcl_handling
1277 • Default: 1
1278 • Minimum: 0
1280 • Maximum: 2
1282 Behaviour when attempting to exceed max_vcl loaded VCL.
1284 • 0 - Ignore max_vcl parameter.
1286 • 1 - Issue warning.
1288 • 2 - Refuse loading VCLs.
1290 nuke_limit
1292 • Units: allocations
1293 • Default: 50
1295 • Minimum: 0
1297 • Flags: experimental
1299 Maximum number of objects we attempt to nuke in order to make space for
1301 a object body.
1302 pcre2_depth_limit
1304 • Default: 20
1305 • Minimum: 1
1307 The recursion depth-limit for the internal match logic in a
1309 pcre2_match().
1310 (See: pcre2_set_depth_limit() in pcre2 docs.)
1312 This puts an upper limit on the amount of stack used by PCRE2 for cer‐
1314 tain classes of regular expressions.
1315 We have set the default value low in order to prevent crashes, at the
1317 cost of possible regexp matching failures.
1318 Matching failures will show up in the log as VCL_Error messages.
1320 pcre2_jit_compilation
1322 • Units: bool
1323 • Default: on
1325 Use the pcre2 JIT compiler if available.
1327 pcre2_match_limit
1329 • Default: 10000
1330 • Minimum: 1
1332 The limit for the number of calls to the internal match logic in
1334 pcre2_match().
1335 (See: pcre2_set_match_limit() in pcre2 docs.)
1337 This parameter limits how much CPU time regular expression matching can
1339 soak up.
1340 ping_interval
1342 • Units: seconds
1343 • Default: 3
1345 • Minimum: 0
1347 • Flags: must_restart
1349 Interval between pings from parent to child. Zero will disable pinging
1351 entirely, which makes it possible to attach a debugger to the child.
1352 pipe_sess_max
1354 • Units: connections
1355 • Default: 0
1357 • Minimum: 0
1359 Maximum number of sessions dedicated to pipe transactions.
1361 pipe_timeout
1363 • Units: seconds
1364 • Default: 60.000
1366 • Minimum: 0.000
1368 Idle timeout for PIPE sessions. If nothing have been received in either
1370 direction for this many seconds, the session is closed.
1371 pool_req
1373 • Default: 10,100,10
1374 Parameters for per worker pool request memory pool.
1376 The three numbers are:
1378 min_pool
1380 minimum size of free pool.
1381 max_pool
1383 maximum size of free pool.
1384 max_age
1386 max age of free element.
1387 pool_sess
1389 • Default: 10,100,10
1390 Parameters for per worker pool session memory pool.
1392 The three numbers are:
1394 min_pool
1396 minimum size of free pool.
1397 max_pool
1399 maximum size of free pool.
1400 max_age
1402 max age of free element.
1403 pool_vbo
1405 • Default: 10,100,10
1406 Parameters for backend object fetch memory pool.
1408 The three numbers are:
1410 min_pool
1412 minimum size of free pool.
1413 max_pool
1415 maximum size of free pool.
1416 max_age
1418 max age of free element.
1419 prefer_ipv6
1421 • Units: bool
1422 • Default: off
1424 Prefer IPv6 address when connecting to backends which have both IPv4
1426 and IPv6 addresses.
1427 rush_exponent
1429 • Units: requests per request
1430 • Default: 3
1432 • Minimum: 2
1434 • Flags: experimental
1436 How many parked request we start for each completed request on the ob‐
1438 ject. NB: Even with the implict delay of delivery, this parameter con‐
1439 trols an exponential increase in number of worker threads.
1440 send_timeout
1442 • Units: seconds
1443 • Default: 600.000
1445 • Minimum: 0.000
1447 • Flags: delayed
1449 Total timeout for ordinary HTTP1 responses. Does not apply to some in‐
1451 ternally generated errors and pipe mode.
1452 When 'idle_send_timeout' is hit while sending an HTTP1 response, the
1454 timeout is extended unless the total time already taken for sending the
1455 response in its entirety exceeds this many seconds.
1456 When this timeout is hit, the session is closed
1458 shortlived
1460 • Units: seconds
1461 • Default: 10.000
1463 • Minimum: 0.000
1465 Objects created with (ttl+grace+keep) shorter than this are always put
1467 in transient storage.
1468 sigsegv_handler
1470 • Units: bool
1471 • Default: on
1473 • Flags: must_restart
1475 Install a signal handler which tries to dump debug information on seg‐
1477 mentation faults, bus errors and abort signals.
1478 syslog_cli_traffic
1480 • Units: bool
1481 • Default: on
1483 Log all CLI traffic to syslog(LOG_INFO).
1485 tcp_fastopen
1487 NB: This parameter depends on a feature which is not available on all
1488 platforms.
1489 • Units: bool
1491 • Default: off
1493 • Flags: must_restart
1495 Enable TCP Fast Open extension.
1497 tcp_keepalive_intvl
1499 NB: This parameter depends on a feature which is not available on all
1500 platforms.
1501 • Units: seconds
1503 • Default: platform dependent
1505 • Minimum: 1.000
1507 • Maximum: 100.000
1509 • Flags: experimental
1511 The number of seconds between TCP keep-alive probes. Ignored for Unix
1513 domain sockets.
1514 tcp_keepalive_probes
1516 NB: This parameter depends on a feature which is not available on all
1517 platforms.
1518 • Units: probes
1520 • Default: platform dependent
1522 • Minimum: 1
1524 • Maximum: 100
1526 • Flags: experimental
1528 The maximum number of TCP keep-alive probes to send before giving up
1530 and killing the connection if no response is obtained from the other
1531 end. Ignored for Unix domain sockets.
1532 tcp_keepalive_time
1534 NB: This parameter depends on a feature which is not available on all
1535 platforms.
1536 • Units: seconds
1538 • Default: platform dependent
1540 • Minimum: 1.000
1542 • Maximum: 7200.000
1544 • Flags: experimental
1546 The number of seconds a connection needs to be idle before TCP begins
1548 sending out keep-alive probes. Ignored for Unix domain sockets.
1549 thread_pool_add_delay
1551 • Units: seconds
1552 • Default: 0.000
1554 • Minimum: 0.000
1556 • Flags: experimental
1558 Wait at least this long after creating a thread.
1560 Some (buggy) systems may need a short (sub-second) delay between creat‐
1562 ing threads. Set this to a few milliseconds if you see the
1563 'threads_failed' counter grow too much.
1564 Setting this too high results in insufficient worker threads.
1566 thread_pool_destroy_delay
1568 • Units: seconds
1569 • Default: 1.000
1571 • Minimum: 0.010
1573 • Flags: delayed, experimental
1575 Wait this long after destroying a thread.
1577 This controls the decay of thread pools when idle(-ish).
1579 thread_pool_fail_delay
1581 • Units: seconds
1582 • Default: 0.200
1584 • Minimum: 0.010
1586 • Flags: experimental
1588 Wait at least this long after a failed thread creation before trying to
1590 create another thread.
1591 Failure to create a worker thread is often a sign that the end is
1593 near, because the process is running out of some resource. This delay
1594 tries to not rush the end on needlessly.
1595 If thread creation failures are a problem, check that thread_pool_max
1597 is not too high.
1598 It may also help to increase thread_pool_timeout and thread_pool_min,
1600 to reduce the rate at which treads are destroyed and later recreated.
1601 thread_pool_max
1603 • Units: threads
1604 • Default: 5000
1606 • Minimum: thread_pool_min
1608 • Flags: delayed
1610 The maximum number of worker threads in each pool.
1612 Do not set this higher than you have to, since excess worker threads
1614 soak up RAM and CPU and generally just get in the way of getting work
1615 done.
1616 thread_pool_min
1618 • Units: threads
1619 • Default: 100
1621 • Minimum: 5
1623 • Maximum: thread_pool_max
1625 • Flags: delayed
1627 The minimum number of worker threads in each pool.
1629 Increasing this may help ramp up faster from low load situations or
1631 when threads have expired.
1632 Technical minimum is 5 threads, but this parameter is strongly recom‐
1634 mended to be at least 10
1635 thread_pool_reserve
1637 • Units: threads
1638 • Default: 0 (auto-tune: 5% of thread_pool_min)
1640 • Maximum: 95% of thread_pool_min
1642 • Flags: delayed
1644 The number of worker threads reserved for vital tasks in each pool.
1646 Tasks may require other tasks to complete (for example, client requests
1648 may require backend requests, http2 sessions require streams, which re‐
1649 quire requests). This reserve is to ensure that lower priority tasks do
1650 not prevent higher priority tasks from running even under high load.
1651 The effective value is at least 5 (the number of internal priority
1653 classes), irrespective of this parameter.
1654 thread_pool_stack
1656 • Units: bytes
1657 • Default: 80k
1659 • Minimum: sysconf(_SC_THREAD_STACK_MIN)
1661 • Flags: delayed
1663 Worker thread stack size. This will likely be rounded up to a multiple
1665 of 4k (or whatever the page_size might be) by the kernel.
1666 The required stack size is primarily driven by the depth of the
1668 call-tree. The most common relevant determining factors in varnish core
1669 code are GZIP (un)compression, ESI processing and regular expression
1670 matches. VMODs may also require significant amounts of additional
1671 stack. The nesting depth of VCL subs is another factor, although typi‐
1672 cally not predominant.
1673 The stack size is per thread, so the maximum total memory required for
1675 worker thread stacks is in the order of size = thread_pools x
1676 thread_pool_max x thread_pool_stack.
1677 Thus, in particular for setups with many threads, keeping the stack
1679 size at a minimum helps reduce the amount of memory required by Var‐
1680 nish.
1681 On the other hand, thread_pool_stack must be large enough under all
1683 circumstances, otherwise varnish will crash due to a stack overflow.
1684 Usually, a stack overflow manifests itself as a segmentation fault (aka
1685 segfault / SIGSEGV) with the faulting address being near the stack
1686 pointer (sp).
1687 Unless stack usage can be reduced, thread_pool_stack must be increased
1689 when a stack overflow occurs. Setting it in 150%-200% increments is
1690 recommended until stack overflows cease to occur.
1691 thread_pool_timeout
1693 • Units: seconds
1694 • Default: 300.000
1696 • Minimum: 10.000
1698 • Flags: delayed, experimental
1700 Thread idle threshold.
1702 Threads in excess of thread_pool_min, which have been idle for at least
1704 this long, will be destroyed.
1705 thread_pool_watchdog
1707 • Units: seconds
1708 • Default: 60.000
1710 • Minimum: 0.100
1712 • Flags: experimental
1714 Thread queue stuck watchdog.
1716 If no queued work have been released for this long, the worker process
1718 panics itself.
1719 thread_pools
1721 • Units: pools
1722 • Default: 2
1724 • Minimum: 1
1726 • Maximum: 32
1728 • Flags: delayed, experimental
1730 Number of worker thread pools.
1732 Increasing the number of worker pools decreases lock contention. Each
1734 worker pool also has a thread accepting new connections, so for very
1735 high rates of incoming new connections on systems with many cores, in‐
1736 creasing the worker pools may be required.
1737 Too many pools waste CPU and RAM resources, and more than one pool for
1739 each CPU is most likely detrimental to performance.
1740 Can be increased on the fly, but decreases require a restart to take
1742 effect, unless the drop_pools experimental debug flag is set.
1743 thread_queue_limit
1745 • Units: requests
1746 • Default: 20
1748 • Minimum: 0
1750 • Flags: experimental
1752 Permitted request queue length per thread-pool.
1754 This sets the number of requests we will queue, waiting for an avail‐
1756 able thread. Above this limit sessions will be dropped instead of
1757 queued.
1758 thread_stats_rate
1760 • Units: requests
1761 • Default: 10
1763 • Minimum: 0
1765 • Flags: experimental
1767 Worker threads accumulate statistics, and dump these into the global
1769 stats counters if the lock is free when they finish a job (re‐
1770 quest/fetch etc.) This parameters defines the maximum number of jobs a
1771 worker thread may handle, before it is forced to dump its accumulated
1772 stats into the global counters.
1773 timeout_idle
1775 • Units: seconds
1776 • Default: 5.000
1778 • Minimum: 0.000
1780 Idle timeout for client connections.
1782 A connection is considered idle until we have received the full request
1784 headers.
1785 This parameter is particularly relevant for HTTP1 keepalive connec‐
1787 tions which are closed unless the next request is received before this
1788 timeout is reached.
1789 timeout_linger
1791 • Units: seconds
1792 • Default: 0.050
1794 • Minimum: 0.000
1796 • Flags: experimental
1798 How long the worker thread lingers on an idle session before handing it
1800 over to the waiter. When sessions are reused, as much as half of all
1801 reuses happen within the first 100 msec of the previous request com‐
1802 pleting. Setting this too high results in worker threads not doing
1803 anything for their keep, setting it too low just means that more ses‐
1804 sions take a detour around the waiter.
1805 vary_notice
1807 • Units: variants
1808 • Default: 10
1810 • Minimum: 1
1812 How many variants need to be evaluated to log a Notice that there might
1814 be too many variants.
1815 vcc_allow_inline_c
1817 • Units: bool
1818 • Default: off
1820 Allow inline C code in VCL.
1822 vcc_err_unref
1824 • Units: bool
1825 • Default: on
1827 Unreferenced VCL objects result in error.
1829 vcc_unsafe_path
1831 • Units: bool
1832 • Default: on
1834 Allow '/' in vmod & include paths. Allow 'import ... from ...'.
1836 vcl_cooldown
1838 • Units: seconds
1839 • Default: 600.000
1841 • Minimum: 1.000
1843 How long a VCL is kept warm after being replaced as the active VCL
1845 (granularity approximately 30 seconds).
1846 vcl_path
1848 NB: The actual default value for this parameter depends on the Varnish
1849 build environment and options.
1850 • Default: ${sysconfdir}/varnish:${datadir}/varnish/vcl
1852 Directory (or colon separated list of directories) from which relative
1854 VCL filenames (vcl.load and include) are to be found. By default Var‐
1855 nish searches VCL files in both the system configuration and shared
1856 data directories to allow packages to drop their VCL files in a stan‐
1857 dard location where relative includes would work.
1858 vmod_path
1860 NB: The actual default value for this parameter depends on the Varnish
1861 build environment and options.
1862 • Default: ${libdir}/varnish/vmods
1864 Directory (or colon separated list of directories) where VMODs are to
1866 be found.
1867 vsl_buffer
1869 • Units: bytes
1870 • Default: 16k
1872 • Minimum: vsl_reclen + 12 bytes
1874 Bytes of (req-/backend-)workspace dedicated to buffering VSL records.
1876 When this parameter is adjusted, most likely workspace_client and
1877 workspace_backend will have to be adjusted by the same amount.
1878 Setting this too high costs memory, setting it too low will cause more
1880 VSL flushes and likely increase lock-contention on the VSL mutex.
1881 vsl_mask
1883 • Default: -Debug,-ObjProtocol,-ObjStatus,-ObjReason,-Obj‐
1884 Header,-VCL_trace,-ExpKill,-WorkThread,-Hash,-VfpAcct,-H2Rx‐
1885 Hdr,-H2RxBody,-H2TxHdr,-H2TxBody,-VdpAcct
1886 Mask individual VSL messages from being logged.
1888 default
1890 Set default value
1891 Use +/- prefix in front of VSL tag name to unmask/mask individual VSL
1893 messages.
1894 vsl_reclen
1896 • Units: bytes
1897 • Default: 255b
1899 • Minimum: 16b
1901 • Maximum: vsl_buffer - 12 bytes
1903 Maximum number of bytes in SHM log record.
1905 vsl_space
1907 • Units: bytes
1908 • Default: 80M
1910 • Minimum: 1M
1912 • Maximum: 4G
1914 • Flags: must_restart
1916 The amount of space to allocate for the VSL fifo buffer in the VSM mem‐
1918 ory segment. If you make this too small, varnish{ncsa|log} etc will
1919 not be able to keep up. Making it too large just costs memory re‐
1920 sources.
1921 vsm_free_cooldown
1923 • Units: seconds
1924 • Default: 60.000
1926 • Minimum: 10.000
1928 • Maximum: 600.000
1930 How long VSM memory is kept warm after a deallocation (granularity ap‐
1932 proximately 2 seconds).
1933 workspace_backend
1935 • Units: bytes
1936 • Default: 96k
1938 • Minimum: 1k
1940 • Flags: delayed
1942 Bytes of HTTP protocol workspace for backend HTTP req/resp. If larger
1944 than 4k, use a multiple of 4k for VM efficiency.
1945 workspace_client
1947 • Units: bytes
1948 • Default: 96k
1950 • Minimum: 9k
1952 • Flags: delayed
1954 Bytes of HTTP protocol workspace for clients HTTP req/resp. Use a mul‐
1956 tiple of 4k for VM efficiency. For HTTP/2 compliance this must be at
1957 least 20k, in order to receive fullsize (=16k) frames from the client.
1958 That usually happens only in POST/PUT bodies. For other traffic-pat‐
1959 terns smaller values work just fine.
1960 workspace_session
1962 • Units: bytes
1963 • Default: 0.75k
1965 • Minimum: 384b
1967 • Flags: delayed
1969 Allocation size for session structure and workspace. The workspace
1971 is primarily used for TCP connection addresses. If larger than 4k, use
1972 a multiple of 4k for VM efficiency.
1973 workspace_thread
1975 • Units: bytes
1976 • Default: 2k
1978 • Minimum: 0.25k
1980 • Maximum: 8k
1982 • Flags: delayed
1984 Bytes of auxiliary workspace per thread. This workspace is used for
1986 certain temporary data structures during the operation of a worker
1987 thread. One use is for the IO-vectors used during delivery. Setting
1988 this parameter too low may increase the number of writev() syscalls,
1989 setting it too high just wastes space. ~0.1k + UIO_MAXIOV *
1990 sizeof(struct iovec) (typically = ~16k for 64bit) is considered the
1991 maximum sensible value under any known circumstances (excluding exotic
1992 vmod use).
1993
1995 Varnish and bundled tools will, in most cases, exit with one of the
1996 following codes
1997 • 0 OK
1999 • 1 Some error which could be system-dependent and/or transient
2001 • 2 Serious configuration / parameter error - retrying with the same
2003 configuration / parameters is most likely useless
2004 The varnishd master process may also OR its exit code
2006 • with 0x20 when the varnishd child process died,
2008 • with 0x40 when the varnishd child process was terminated by a signal
2010 and
2011 • with 0x80 when a core was dumped.
2013
2015 • varnishlog(1)
2016 • varnishhist(1)
2018 • varnishncsa(1)
2020 • varnishstat(1)
2022 • varnishtop(1)
2024 • varnish-cli(7)
2026 • vcl(7)
2028
2030 The varnishd daemon was developed by Poul-Henning Kamp in cooperation
2031 with Verdens Gang AS and Varnish Software.
2032 This manual page was written by Dag-Erling Smørgrav with updates by
2034 Stig Sandbeck Mathisen <ssm@debian.org>, Nils Goroll and others.
2035
2037 This document is licensed under the same licence as Varnish itself. See
2038 LICENCE for details.
2039 • Copyright (c) 2007-2015 Varnish Software AS
2041 VARNISHD(1)