Named listen addresses in VCL

Dridi Boukelmoune dridi at varni.sh
Mon Jul 4 14:22:36 CEST 2016


Hi,

Inspired by stevedore names that (if I understood correctly) are now
properly checked at vcc time, I'd like to add names to -a options too
and introduce a new field in server too.

On the command line: -a [name=]address[:port][,proto]

In VCL: server.listen_address

In varnish-cli: listing listen addresses no longer a debug command

In varnishtest: s1_addr for the first one, s1_addr_$NAME for all

The point is to decouple IP/port addressing from the purpose, and for
example being able to distinguish secure traffic:

    if (server.listen_address == "hitch") {
        set req.http.X-Forwarded-Proto = "https";
    }

The listen address name could be safely used on different environments
(prod, qa, dev...) without requiring a single change in the VCL code.

It would also be an alternative to ACLs when dealing with
administrative requests:

    if (req.method == "PURGE") {
        if (server.listen_address != "admin") {
            return (synth(405));
        }
        return (purge);
    }

Those snippets wouldn't compile on a varnishd instance not started
with named listen addresses "https" and "admin".

So far, all the work I've done on this feature is writing this email and
a bit of thinking, should I proceed further?

Best,
Dridi



More information about the varnish-dev mailing list