Named listen addresses in VCL
Dridi Boukelmoune
dridi at varni.sh
Mon Jul 4 14:22:36 CEST 2016
Hi,
Inspired by stevedore names that (if I understood correctly) are now
properly checked at vcc time, I'd like to add names to -a options too
and introduce a new field in server too.
On the command line: -a [name=]address[:port][,proto]
In VCL: server.listen_address
In varnish-cli: listing listen addresses no longer a debug command
In varnishtest: s1_addr for the first one, s1_addr_$NAME for all
The point is to decouple IP/port addressing from the purpose, and for
example being able to distinguish secure traffic:
if (server.listen_address == "hitch") {
set req.http.X-Forwarded-Proto = "https";
}
The listen address name could be safely used on different environments
(prod, qa, dev...) without requiring a single change in the VCL code.
It would also be an alternative to ACLs when dealing with
administrative requests:
if (req.method == "PURGE") {
if (server.listen_address != "admin") {
return (synth(405));
}
return (purge);
}
Those snippets wouldn't compile on a varnishd instance not started
with named listen addresses "https" and "admin".
So far, all the work I've done on this feature is writing this email and
a bit of thinking, should I proceed further?
Best,
Dridi
More information about the varnish-dev
mailing list