This program will listen for incoming connections from varnishadm and other
Varnish Cache CLI clients and relay ban requests to all Varnish Cache
instances for a given section.io-hosted Varnish by forwarding the request
to the section.io API.
The Varnish CLI Bridge has some mandatory configuration requirements:
-
API endpoint: The absolute section.io application URL with account ID, application ID, environment name, and proxy name. Can be configured via the
SECTION_IO_API_ENDPOINTenvironment variable or the-api-endpointcommand line argument, with the latter taking precedence. The URL must contain the account ID and application ID to target but should also include the environment name and proxy name. You can find the relevant URL on the API page in Aperture. To support multiple section.io applications, run multiple instances of the bridge. Example URL for account1, application2, environmentProduction, proxyvarnish: https://aperture.section.io/api/v1/account/1/application/2/environment/Production/proxy/varnish -
API username: The username with which to authenticate to the section.io API. Can be configured via the
SECTION_IO_USERNAMEenvironment variable or the-usernamecommand line argument, with the latter taking precedence. -
API password: The password corresponding to the username above. Can only be configured via the
SECTION_IO_PASSWORDenvironment variable. Providing passwords on the command line is not recommended in general and not supported by the Varnish CLI Bridge.
The Varnish CLI Bridge also has some optional configuration that can be specified if the defaults are not suitable:
-
API proxy name: The name of the proxy in the section.io stack to target. Can be specified via the
SECTION_IO_PROXY_NAMEenvironment variable or the-proxy-namecommand line argument, with the latter taking precedence. Defaults tovarnishif not provided. -
Varnish CLI secret file: The path to the file containing the pre-shared secret used to authenticate connections to the Varnish CLI Bridge. Can be specified via the
VARNISH_CLI_BRIDGE_SECRET_FILEenvironment variable or the-secret-filecommand line argument, with the latter taking precedence. If specified the ile contents must be identical to the secret file passed tovarnishadmvia its-Sargument. If left blank the bridge will not send the authentication challenge and so the client should not specify a secret file or value either. -
Listen address: The TCP port and optional interface IP address on which the Varnish CLI Bridge should listen for incoming connections. Can be specified via the
VARNISH_CLI_BRIDGE_LISTEN_ADDRESSenvironment variable or the-listen-addresscommand line argument, with the latter taking precedence. Format is[IP]:PORTand the default is127.0.0.1:6082if not provided. Omitting the IP results in binding to all interfaces (ieINADDR_ANY). -
Varnish version: The protocol version to simulate. Also sets the default version reported in the protocol banner response unless overridden. Can be specified via the
VARNISH_CLI_BRIDGE_VARNISH_VERSIONenvironment variable or the-varnish-versioncommand line argument, with the latter taking precedence. The only supported values are3.0,4.0and4.1. The default value is3.0. -
Varnish banner: The text to include in the protocol banner response denoting the Varnish version. Can be specified via the
VARNISH_CLI_BRIDGE_BANNER_VERSIONenvironment variable or the-banner-versioncommand line argument, with the latter taking precedence. The recommended format isvarnish-[MAJOR].[MINOR].[BUILD] revision [REVISION]but is not enforced. The default value isvarnish-3.0.0 revision 0000000.
The Varnish CLI Bridge does not implement every command yet and some are not planned to be implemented.
authbanban.url(via automatic rewriting toban)bannerhelppingparam.show(currently onlycli_buffer,esi_syntax, andfeature)vcl.inlinevcl.use
backend.listban.listquitstatusvcl.listvcl.show
backend.set_healthparam.setpanic.clearpanic.showstartstopstorage.listvcl.discardvcl.load
Read more about the CLI commands here: https://www.varnish-cache.org/docs/trunk/reference/varnish-cli.html