This repository contains configurations and information for using VARNISH as a http proxy in CVMFS deployments, as an alternative for the commonly used SQUID proxy.
For historical reasons, SQUID proxies at many sites are used both for CVMFS and FRONTIER. Thus, a replacement for SQUID needs to support both FRONTIER and CVMFS.
The two main features that FRONTIER needs are collapsed forwarding and the If-Modified-Since header (details to be added).
For CVMFS, a forward proxy is preferrable as some logic around selecting the URLs for the server is done on the client side, and it's hard to get a reverse proxy config that is universally applicable and not only useful for one site.
VARNISH is a reverse proxy by design, but can be run as a forward proxy using the dynamic vmod. See cvmfs.vcl for an example.
The following instructions have been tested on a fresh almalinux 9 box:
yum -y update
yum -y install varnish
# on alma 9, currently varnish 6.6
varnishd -V
yum -y install git
git clone https://github.com/nigoroll/libvmod-dynamic
cd libvmod-dynamic/
# branch compatible with varnish 6.6
git checkout 6.6
yum -y groupinstall 'Development Tools'
yum -y install python-docutils
yum -y install getdns-devel
yum -y install varnish-devel
./autogen.sh
./configure
make install
cd ..
git clone https://github.com/cvmfs-contrib/varnish-cvmfs
cd varnish-cvmfs/
cp cvmfs.vcl /etc/varnish/default.vcl
systemctl start varnish
systemctl status varnish
# open firewall if needed
firewall-cmd --zone=public --permanent --add-port 6081/tcp
firewall-cmd --reload
# sanity test
# you may want to run varnishlog in another terminal to check the activity
varnishlog
http_proxy=http://127.0.0.1:6081/ curl http://cvmfs-stratum-one.cern.ch/cvmfs/atlas.cern.ch/.cvmfspublished
# config to use in cvmfs-clients:
# CVMFS_HTTP_PROXY=<url of proxy machine>:6081
Join or contact the mailinglist cvmfs-varnish-wg _ cern _ ch for discussions.