RFC for VIP17: unix domain sockets for listen and backend addresses

Dridi Boukelmoune dridi at varni.sh
Fri May 19 15:24:57 CEST 2017

> +1 I just had a use case for this yesterday, which might also be a general use
> case: cross-container communication (in docker). Sharing a file system with a
> UDS (read only) between container is safe and easy, while configuring a shared
> network between containers is not.

The VIP now covers both -a -T and -M.

> I must say though that this use case calls for more finely grained access
> control for cli connections. Sounds like we could want a cli vcl?

The varnish-cli is already its own language so I don't see how a "cli
vcl" would fit in the picture.

I think that loopback+secret or uds[+secret] is already quite fine.
You need a local access somehow and local credentials with enough
privileges to even use the CLI.


More information about the varnish-dev mailing list