Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Development repository for Chef Cookbook varnish
Failed to load latest commit information.
attributes Add an attribute switch to bypass repo install
libraries Fix build issues
recipes Fix build issues
templates/default Add varnish_exec_reload_command helper
test Fix build issues
.gitignore Fix whitespace updated rakefile, c.yml, k.c.yml, readme
.kitchen.yml Fix build issues
.rubocop.yml Changed delay for varnish logging to use guard so it always triggers
Berksfile opscode2chef Release v2.3.0 Update docs, Rakefile, standards
Gemfile Fix build issues
Guardfile Update docs, Rakefile, standards
LICENSE Preparing repository for splitting cookbooks into their own repos. Update docs, Rakefile, standards
Rakefile Update docs, Rakefile, standards
chefignore reverting adding of vmod, it now exists in the tests branch
circle.yml Update docs, Rakefile, standards
metadata.rb Release v2.3.0

Circle CI

varnish Cookbook

Installs and configures varnish.



  • Requires chef-client 12 and above.


Tested on:

  • Ubuntu 12.04
  • Ubuntu 14.04
  • Debian 6.0
  • Centos 5.9
  • Centos 6.5
  • Centos 7.0


  • node['varnish']['dir'] - location of the varnish configuration directory
  • node['varnish']['default'] - location of the default file that controls the varnish init script on Debian/Ubuntu systems.
  • node['varnish']['version'] - If retrieving from official Varnish project repository, may choose 3.0 or 4.0.
  • node['varnish']['start'] - Should we start varnishd at boot? Set to "no" to disable (yes)
  • node['varnish']['nfiles'] - Open files (131072)
  • node['varnish']['memlock'] - Maxiumum locked memory size for shared memory log (82000)
  • node['varnish']['instance'] - Default varnish instance name (node['fqdn'])
  • node['varnish']['listen_address'] - Default address to bind to. Blank address (the default) means all IPv4 and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted quad, or an IPv6 address in brackets
  • node['varnish']['listen_port'] - Default port to listen on (6081)
  • node['varnish']['vcl_conf'] - Name to use for main configuration file. (default.vcl.erb)
  • node['varnish']['vcl_source'] - Name for default configuration file template. (default.vcl)
  • node['varnish']['vcl_cookbook'] - Cookbook in which to look for the default.vcl.erb (or 'vcl_source' filename) template. This is used to specify custom template without modifying community cookbook files. (varnish)
  • node['varnish']['vcl_generated'] - Generate the varnish configuration using the supplied template. (true)
  • node['varnish']['conf_source'] - Name of the default system configuration file. (default.erb)
  • node['varnish']['conf_cookbook'] - Cookbook in which the default system configuration file is located. (varnish)
  • node['varnish']['secret_file'] - Path to a file containing a secret used for authorizing access to the management port. (/etc/varnish/secret)
  • node['varnish']['admin_listen_address'] - Telnet admin interface listen address (
  • node['varnish']['admin_listen_port'] - Telnet admin interface listen port (6082)
  • node['varnish']['user'] - Specifies the name of an unprivileged user to which the child process should switch before it starts accepting connections (varnish)
  • node['varnish']['group'] - Specifies the name of an unprivileged group to which the child process should switch before it starts accepting connections (varnish)
  • node['varnish']['ttl'] - Specifies a hard minimum time to live for cached documents. (120)
  • node['varnish']['storage'] - The storage type used ('file')
  • node['varnish']['storage_file'] - Specifies either the path to the backing file or the path to a directory in which varnishd will create the backing file. Only used if using file storage. ('/var/lib/varnish/$INSTANCE/varnish_storage.bin')
  • node['varnish']['storage_size'] - Specifies the size of the backing file or max memory allocation. The size is assumed to be in bytes, unless followed by one of the following suffixes: K,k,M,m,G,g,T,g,% (1G)
  • node['varnish']['log_daemon'] - Specifies if the system varnishlog daemon dumping all the varnish logs into /var/log/varnish/varnish.log should be enabled. (true)
  • node['varnish']['parameters'] = Set the parameter specified by param to the specified value. See Run-Time Parameters for a list of parameters. This option can be used multiple times to specifymultiple parameters.

If you don't specify your own vcl_conf file, then these attributes are used in the cookbook default.vcl template:

  • node['varnish']['backend_host'] = Host to serve/cache content from (localhost)
  • node['varnish']['backend_port'] = Port on backend host to access (8080)



Installs the varnish package, manages the default varnish configuration file, and the init script defaults file.


If placed before the default recipe in the run list, the official Varnish project apt repository will offer access to more version and platform support.


On systems that need a high performance caching server, use recipe[varnish]. Additional configuration can be done by modifying the default.vcl.erb and default.erb templates.

If running on a Redhat derivative then you may need to include yum-epel as it provides the jemalloc dependency that varnish needs


See the distro_install and vendor_install recipes for examples of these resources in action.


Installs Varnish with the default configuration supplied by the package.

The :install action handles package installation. By default, it will install Varnish from your distro repositories. If you set the vendor_repo parameter to true, then it will install Varnish from the varnish-cache repositories.


Name Type Default Value
package_name string 'varnish'
vendor_repo true or false false
vendor_version string '4.0'


  • :install - Installs and enables the Varnish service.


Install from the OS distribution :

varnish_install 'default' do
  package_name 'varnish'
  vendor_repo false

Install version 4 from the vendor :

varnish_install 'default' do
  package_name 'varnish'
  vendor_repo true
  vendor_version '4.0'


Configures the Varnish service. If you do not include this, the config files that come with your distro package will be used instead.

Name Type Default Value
start_on_boot true or false true
max_open_files integer 131_072
max_locked_memory integer 82_000
instance_name string nil
listen_address string nil
listen_port integer 6081
admin_listen_address string ''
admin_plisten_port integer 6082
user string 'varnish'
group string 'varnish'
ttl integer 120
storage 'malloc' or 'file' 'file'
file_storage_path string '/var/lib/varnish/%s_storage.bin' where %s is replaced with the resource name
file_storage_size string '1G'
malloc_size string nil
path_to_secret string '/etc/varnish/secret'

You can also send a hash to parameters which will add additional parameters to the varnish daemon via the -p option. The default hash is:

{ 'thread_pools' => '4',
  'thread_pool_min' => '5',
  'thread_pool_max' => '500',
  'thread_pool_timeout' => '300' }


  • :configure - Creates the varnish configuration file from template.


Configure some parameters on the Varnish service :

varnish_default_config 'default' do
  start_on_boot true
  max_open_files 131_072
  max_locked_memory 82_000
  listen_address nil
  listen_port 6081
  path_to_vcl '/etc/varnish/default.vcl'
  admin_listen_address ''
  admin_listen_port 6082
  user 'varnish'
  group 'varnish'
  ttl 120
  storage 'malloc'
  malloc_size "#{(node['memory']['total'][0..-3].to_i * 0.75).to_i}K"
  parameters(thread_pools: '4',
             thread_pool_min: '5',
             thread_pool_max: '500',
             thread_pool_timeout: '300')
  path_to_secret '/etc/varnish/secret'


Name Type Default Value
backend_host string 'localhost'
backend_port integer 8080


Set a backend to :

varnish_default_vcl 'default' do
  backend_host ''
  backend_port 80


  • :configure - Creates a default.vcl file.


Configures varnishlog or varnishncsa service. You can define both logfiles by calling varnish_log more than once. You can install logrotate config files if you wish as well.

Name Type Default Value
file_name string '/var/log/varnish/varnishlog.log'
pid string '/var/run/'
log_format 'varnishlog' or 'varnishncsa' 'varnishlog'
ncsa_format_string string '%h|%l|%u|%t|\"%r\"|%s|%b|\"%{Referer}i\"|\"%{User-agent}i\"'
instance_name string nil
logrotate true or false true
logrotate_path string '/etc/logrotate.d'


  • :configure - configures the varnishlog or varnishncsa service.


Configure varnish logs with log rotation :

varnish_log 'default' do
  file_name '/var/log/varnish/varnishlog.log'
  pid '/var/run/'
  log_format 'varnishlog'
  logrotate true
  logrotate_path '/etc/logrotate.d'

Configure ncsa logs with a specific output format and without log rotation :

varnish_log 'default_ncsa' do
  file_name '/var/log/varnish/varnishncsa.log'
  pid '/var/run/'
  log_format 'varnishncsa'
  ncsa_format_string '%h|%l|%u|%t|\"%r\"|%s|%b|\"%{Referer}i\"|\"%{User-agent}i\"'
  logrotate false

License & Authors

Copyright 2008-2009, Joe Williams <>
Copyright 2014. Patrick Connolly <>
Copyright 2015. Rackspace, US Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.
Something went wrong with that request. Please try again.