Aka serving a cached response while the cache is getting refreshed (even to the request who initiated the refresh). Currently when nginx has to refresh the cache it will "hang" the current response until it gets refreshed (the requests that follow, even while the cache is getting refreshed, will get the stale version tho).
It's the difference between your client being amazed by how fast your api is, to "wtf does page X takes 3s to render from time to time" comments.
Once you start breaking your stack apart to 1) add redundancy, 2) isolate hardware for different workloads, and 3) scale the components independently of each other, the situation gets a little more interesting. Sure, you could run different clusters of Nginx for each of SSL termination, static content, cache and compress, etc. and have them reverse proxy to each other (and some people probably do this), but when you get to this evolution of your architecture, it's worth evaluating the different options for each layer of the stack. There's an argument to be made that e.g. HAProxy is a better load balancer, Nginx is a better static content server, Pound is a better SSL terminator, Varnish is a better caching and compressing reverse proxy, etc. (N.B. that I am not saying these things, I am just saying that they can be said.) If you're not serving static content at all—let's say you're presenting an API written in Elixir/Phoenix—it may not make sense to go with Nginx in the first place!
Regarding Varnish, specifically, I've found that it offers unparalleled power and flexibility when it comes to caching and compression. Yes, that power and flexibility comes at the cost of more complexity, but it's there when you need it. It offers different storage backends, including a pure memory backend; the ability to serve gzipped content directly from cache (for supported clients); PURGE and BAN HTTP verbs; synthetic responses; query string sorting; the ability to serve stale content while updating; ESI; and probably a whole bunch of other stuff I'm forgetting and/or have never used. Nginx and Nginx Plus may support some or all of these things, built-in or as modules... I'm not sure.
* More fine-grained control of your caching is possible
* Easier to express normalisation of requests (increase your cache hit rate and protect your underlying origin from malicious requests by discarding cache busters)
* Inline C means you can do things like move your authentication to the edge
* In theory if you have enough RAM you can go faster than nginx's on-disk... in practice the sweet spot for the gain is small and they're both on par
But then... it comes with disadvantages too. Like most Varnish services would never let you do the nice Inline C stuff because no-one in their right mind would run untrusted code in their environment where it could impact another customer. If you see a provider do this (at any price point), avoid them.
If you make your own VMOD(can take from a few hours to days), make sure to send a PR and add it to the directory above (IOW: share it) :)
Not in theory, but in reality. Even if you don't, varnish's file on-disk implementation is just as good as nginx's if not better.
The idea behind a cache is to increase performance. If that is the priority then you would pick a design and implementation geared towards that problem set. Sure you can say "Well, nginx or httpd is 'good enough'" and that would be right. But when nginx or httpd aren't good enough, you need varnish. And even when you don't need varnish, it is often a better architectural design to break out specific functionality (best of breed).
In terms of introspectability, Varnish (afaik) is without equal.
I believe that the power and utility of VSL are so underestimated and overlooked that I don't know where to start...
2: More control.
3: Better compliance
From a purely operational point of view, you are better of with two different SSL proxies in front if your Varnish (or other webserver), so that you can turn OpenSSL off in even-numbered weeks and the other (pick your poison) in odd-numbered weeks.
The code to hold safely onto your certificate and do all the songs and dances involved in SSL/TLS, is under all circumstances something which should be isolated in as small a process/protection domain as possible.
however. given that tls is operationally important. and using an additional proxy causes a lot of configuration and performance headaches. isn't there any better path forward?
Made by Varnish Software to provide a "browser-vendor-compliant" HTTP/2 stack.
:-(
In the BBC’s testing, they found that with NGINX as a drop-in replacement for Varnish, they saw five times more throughput.
https://news.ycombinator.com/item?id=10752209
So the conclusion is, as long your malloc fits in your system memory, Varnish should be blazing fast on Linux. If you need a gigantic cache, please try FreeBSD.
I have heard from (other parts of) BBC that Varnish saved a fair amount of bacon for them during the London Olympics, obviously in different workloads.
And nobody would be more surprised than me, if Varnish was a micacle-cure for every single website in the world...
Varnish is an excellent piece of software, but I thought it was totally funded by the commercial side varnish software. How does this model work? It seems odd to ask for donations while also selling an expensive supported version?
The Varnish Cache FOSS project and Varnish Software the company are two entirely different things.
By and large, the Varnish Cache FOSS project is me, and I am not employed by Varnish Software: I have my own one-man company where I "make computers to do weird things".
The time I spend on Varnish Cache is funded by "The Varnish Moral License":
http://phk.freebsd.dk/VML/index.html
(See also: http://queue.acm.org/detail.cfm?id=2636165)
Varnish Software is one of the handful of companies who pay via the VML to keep me working on Varnish.
Varnish Software has also supported the project in many other ways as well, from running the project server to donating manpower and source code.
Some of these things are being scaled down, for instance the project server had become the square peg in their round internal IT systems, so I have been migrating that off to a server kindly sponsored by RootBSD.
Why they are pulling back is anybody's guess. But it sounds like they are focusing on monetizing the existing codebase instead of further developing it.
Of course he relented and implemented SPDY and HTTP/2 anyway.
But all the same I can't help but feel that his original criticsm still stands, and what we need is a rethink of e.g. cookies.
From my reading PHK didn't think it went far enough, and wanted to change more.
I think he's got good points to make on session ids, cookies etc. and I suspect we'll se some of the ideas feed into future versions too.
Anyway, I'm looking forward to testing it out and integrating v5 with Cachoid ( shameful plug: https://www.cachoid.com/ ).
> Varnish 5.0 changes some (mostly) internal APIs and adds some major new features over Varnish 4.1.
> We are in the process of adding HTTP/2 support to Varnish ... we hope to have it production ready for the next major release (2017-03-15).
