{"id":31831260,"url":"https://github.com/livingdocsio/dockerfile-varnish","last_synced_at":"2026-03-06T08:33:12.112Z","repository":{"id":47472104,"uuid":"89233696","full_name":"livingdocsIO/dockerfile-varnish","owner":"livingdocsIO","description":"A varnish setup with config hot reloading, ready to use in kubernetes and dockerized environments.","archived":false,"fork":false,"pushed_at":"2023-05-10T14:15:07.000Z","size":176,"stargazers_count":4,"open_issues_count":1,"forks_count":3,"subscribers_count":26,"default_branch":"master","last_synced_at":"2024-04-14T11:56:02.382Z","etag":null,"topics":["backend","cache","cloud-native","delivery","devops","docker-image","high-performance","kubernetes","varnish","website"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/livingdocsIO.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-24T11:44:36.000Z","updated_at":"2024-04-14T11:56:02.382Z","dependencies_parsed_at":"2025-01-22T22:33:25.096Z","dependency_job_id":null,"html_url":"https://github.com/livingdocsIO/dockerfile-varnish","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/livingdocsIO/dockerfile-varnish","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livingdocsIO%2Fdockerfile-varnish","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livingdocsIO%2Fdockerfile-varnish/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livingdocsIO%2Fdockerfile-varnish/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livingdocsIO%2Fdockerfile-varnish/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/livingdocsIO","download_url":"https://codeload.github.com/livingdocsIO/dockerfile-varnish/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/livingdocsIO%2Fdockerfile-varnish/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279008824,"owners_count":26084518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backend","cache","cloud-native","delivery","devops","docker-image","high-performance","kubernetes","varnish","website"],"created_at":"2025-10-11T21:48:50.190Z","updated_at":"2025-10-11T21:48:53.914Z","avatar_url":"https://github.com/livingdocsIO.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [Varnish](https://github.com/livingdocsIO/dockerfile-varnish) [![](https://img.shields.io/docker/automated/livingdocs/varnish.svg)](https://hub.docker.com/r/livingdocs/varnish)\n\nA varnish setup with config hot reloading, ready to use in kubernetes and dockerized environments.\n\nIt includes:\n- A templating setup\n- Hot reloading by watching for file changes\n- Config reloads using `SIGHUP` signal\n- A prometheus exporter running on port `9131`\n- Automatic dns reloads\n- Automatically apply varnish parameters on startup or config change\n\nHow this is different than other varnish operators for Kubernetes:\n- This is no operator. Can be deployed as single deployment\n- Supports a regular docker setup, runs without kubernetes\n- Supports parameter reloading\n\n### Build\n\nFor multi arch builds on Docker we use buildx. You have to create a builder before being able to build the containers.\n```\ndocker buildx create --name container --driver=docker-container container\n```\n\nThe following functions are used to build and push images on x86 machines:\n```\nbuildcontainer () { docker buildx build --no-cache --platform linux/amd64,linux/arm64  \"$@\" }\npushcontainer () { for var in \"$@\"; do docker push \"$var\"; done }\n```\n\nOn Apple Silicon Macs, you have to upload the images to a registry that supports multi-arch images in one step.\n\n```\nbuildcontainer () { docker buildx build --no-cache --push --platform linux/amd64,linux/arm64  \"$@\" }\n```\n\nWith Lima\n```\nlima sudo systemctl start containerd\nlima sudo nerdctl run --privileged --rm tonistiigi/binfmt:qemu-v8.1.5 --install all\n\nbuildcontainer () { nerdctl build --platform=amd64,arm64 \"$@\" }\npushcontainer () { for var in \"$@\"; do nerdctl push --all-platforms \"$var\"; done }\n```\n\n```sh\nbuildcontainer -t livingdocs/varnish .\n```\n\n### Run\n\n### Without config file\n\nFor simplicity, there's support for the most common parameters.\nAttention, parameters in the config file always overwrite those cli parameters.\n\n`--config-source /etc/varnish/source`: The config and template directory\n`--config-output /etc/varnish`: The destination directory for the varnish vcls\n`--backend example.com`: - declares `config.clusters[0].addresses: [example.com]`\n`-p default_ttl=60`: - declares `config.parameters.default_ttl: 60`, or any other varnish param\n`--storage default,512m`: The varnish storage configuration\n`CONFIG_YAML` or `CONFIG_JSON` environment variables: Supports passing the whole config object\n\n\n```sh\n# For example use microcaching of requests, use a ttl of 1\ndocker run --rm -it -p 8080:8080 --name varnish livingdocs/varnish --backend example.com:80 -p default_ttl=1 -p default_grace=60\n```\n\n### With YAML config file\n```sh\necho '\nlistenAddress: 0.0.0.0:8080\nwatchFiles: true\nwatchDns: false\nclusters:\n- name: delivery\n  address: host.docker.internal:8081\n' \u003e config.yaml\n\ndocker run --rm -it -v $PWD:/etc/varnish/source -p 8080:8080 --name varnish livingdocs/varnish\n```\n\n### With a JSON config file\n```sh\necho '\n{\n  \"listenAddress\": \"0.0.0.0:8080\",\n  \"watchFiles\": true,\n  \"watchDns\": false,\n  \"clusters\": [{\"name\": \"delivery\", \"address\": \"host.docker.internal:8081\"}]\n}\n' \u003e config.json\n\ndocker run --rm -it -v $PWD:/etc/varnish/source -p 8080:8080 --name varnish livingdocs/varnish\n```\n\n## Configuration options\n\nYAML and JSON config files are supported. The decision behind that is that YAML\nsupports multi line strings, which allow to embed configs more easily.\n\nThe configuration file must be in the varnish config source directory.\nBy default that's `/etc/varnish/source`. The path can be overridden\nby the `--config-source` cli option. Please dont't change this to `/etc/varnish`,\nas the file watcher would end up in a endless loop of updates.\n\nAttention, in Kubernetes it's also not possible to write any file in a directory where\na config map gets mounted.\n\nConfig file changes are watched and trigger a reload within varnish.\nAttention, file notifications aren't working properly, if the file owner is not `varnish`.\n\nThe configuration can also be reloaded using a `SIGHUP` signal against the main process.\n\nThe whole configuration object gets passed to the VCL templates, so you can\ncan add custom variables that gets passed down to the template renderer.\n\n```yaml\n# /etc/varnish/source/config.yaml\n\n# Static Configurations\n#\n# Any varnish listen option is supported\nlistenAddress: 0.0.0.0:8080,HTTP\nadminListenAddress: 0.0.0.0:2000\nprometheusListenAddress: 0.0.0.0:9131\n# Command args that directly get passed to the process\n# e.g. to add a secondary listen address, you could pass the option\nvarnishRuntimeParameters: [-a, /path/to/listen.sock]\n# The varnish storage configuration\nstorage: default,512m\n# Define a custom secret for the admin port\n# By default one gets generated and\n# written to the secret file.\n# If the secret file already contains a value,\n# that one is preferred\nadminSecret: null\nadminSecretFile: /etc/varnish/secret\n# Enable http access logs to stdout\nvarnishAccessLogs: true\n# During the shutdown period,\n# varnish will serve a 503 error on /_health\nshutdownDelay: 5s\n\n# Dynamic Configurations\n#\n# You can explicitly disable file watches that trigger a config reload\n# 'kill -SIGHUP 1' against the running process will\n# also reload the configuration.\nwatchFiles: true\nwatchDns: true\n# Varnish serves requests with a X-Served-By header\n# You can customize it here. {{hostname}} gets replaced automatically\nxServedBy: \"{{hostname}}\"\n# You can declare multiple vcls and reference them\n# in the top vcl config that gets loaded\nvcl:\n- name: default\n  # The configurations are relative to the config file\n  # So this would be `/etc/varnish/source/default.vcl.ejs`\n  # We only watch for file changes in /etc/varnish/source, so better keep this\n  src: default.vcl.ejs\n  # By default the destination of the final file is\n  # the template name without the ejs extension in the '/etc/varnish' directory.\n  dest: default.vcl\n  # Declare that flag on the main vcl in case there are multiple ones,\n  # so we know which one to set active\n  top: true\n- name: secondary\n  src: secondary.vcl.ejs\n\n# Probes that can get referenced in the cluster.probe config\nprobes:\n  # only this is mandatory, the rest are defaults\n  # Within the vcl, we name the probe probe_delivery\n  # as varnish needs unique names\n- name: probe_delivery\n  url: /status\n  interval: 5s\n  timeout: 4s\n  window: 3\n  threshold: 2\n  initial: null\n\nacl:\n  # The purge acl is required in the default vcl config\n- name: acl_purge\n  entries:\n    - \"# localhost\"\n    - localhost\n    - 127.0.0.1\n    - ::1\n    - \"# Private networks\"\n    - 10.0.0.0/8\n    - 172.16.0.0/12\n    - 192.168.0.0/16\n\nclusters:\n  # Name the cluster. The name is used in the round robin director\n  # Please don't use 'backend' or 'default' here. Those are disallowed keywords.\n- name: delivery\n  # One hostname\n  # A round robin director gets created automatically\n  # that points to all the ip addresses behind a record.\n  # The director name will be cluster.name, in that case 'delivery'.\n  address: host.docker.internal:8081\n  # Or multiple\n  addresses: [host.docker.internal:8081]\n  # Configure a probe declared on the root\n  probe: probe_delivery\n  # Define some backend parameters for every backend in the cluster\n  # Varnish defaults will be used if not declared\n  maxConnections: null\n  firstByteTimeout: null\n  betweenBytesTimeout: null\n  connectTimeout: null\n\n# Enable background fetches in case a request fails\n# This is set to 1 by default\nfetchRetries: 1\n# Always remove all the query strings before\n# a request gets hashed and sent to a backend\nstripQueryString: false,\n# Any varnish parameter that gets loaded on start and file change\n# Those are the defaults if the parameter object is not present\nparameters:\n  feature: +http2,+esi_disable_xml_check\n  default_grace: 86400\n  default_keep: 3600\n  default_ttl: 60\n  backend_idle_timeout: 65\n  timeout_idle: 60\n  syslog_cli_traffic: off\n\n# Instead of completely customizing the VCL built into the image\n# you could also just use those hooks, which get placed at the specific location.\nhooks:\n  # You can also use multi line strings\n  import: |\n    import accept;\n  global: \"\"\n  vclInit: \"\"\n  vclRecvStart: \"\"\n  vclRecvBackendHint: \"\"\n  vclRecvEnd: \"\"\n  vclHash: \"\"\n  vclDeliverStart: \"\"\n  vclDeliverEnd: \"\"\n  vclSynthStart: \"\"\n  vclSynthEnd: \"\"\n```\n\n## Templating\n\nWe're using [EJS](https://ejs.co/) templates to generate the varnish vcl files.\nAll the configurations should be stored in the `/etc/varnish/source` directory, which gets watched and triggers a reload on change.\n\nThe `config.json` or `config.yaml` file, and also the vcl templates should be located in the directory `/etc/varnish/source/`. On build, the vcl files will be written into the `/etc/varnish` directory (e.g. `/etc/varnish/varnish.vcl`).\n\n```yaml\nvcl:\n- name: varnish\n  src: varnish.vcl.ejs\n```\n\nWithin a vcl template, you'll have full access to the config object.\n```\n\u003c%= config.something || '' %\u003e\n```\n\n### Includes\nThere are few specific includes supported:\n\nProbe:\n```\n\u003c% for (const probe of config.probes) { %\u003e\u003c%- include('probe', probe) %\u003e\u003c% } -%\u003e\n```\n\nBackend:\n```\n\u003c% for (const cluster of config.clusters) { %\u003e\u003c%- include('backend', cluster) %\u003e\u003c% } -%\u003e\n```\n\nACL:\n```\n\u003c% for (const acl of config.acl) { %\u003e\u003c%- include('acl', {\"name\": \"purge\", \"entries:}) %\u003e\u003c% } -%\u003e\n\n// or\n\n\u003c%- include('acl', {\"name\": \"purge\", \"entries\": [\"127.0.0.1\"]}) %\u003e\n```\n\nDirector:\n```\n\u003c% for (const cluster of config.clusters) { %\u003e\u003c%- include('director', cluster) -%\u003e\u003c% } %\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flivingdocsio%2Fdockerfile-varnish","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flivingdocsio%2Fdockerfile-varnish","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flivingdocsio%2Fdockerfile-varnish/lists"}