@dalias with #varnishcache my recommendation for persistent storage is SLASH/fellow

https://gitlab.com/uplex/varnish/slash

@Photo55 @dalias last info i have is that #wikimedia currently uses #varnishcache and #ats. they did use varnish only with two layers, but understandibly replaced the persistent varnish layer with ats, because the first persistent storage engine had design issues. now that we have SLASH/fellow, varnish could do the job well again.

https://meta.m.wikimedia.org/wiki/Wikimedia_servers

@ck this is not wrong, but also not the best advice either. varnishd should not be restarted to reload the vcl, use varnishadm vcl.load and vcl.use for that, or a script like https://github.com/varnishcache/pkg-varnish-cache/blob/master/systemd/varnishreload

@slink @jandi @overunderlay @esoteric_programmer @bsdphk awww thank you Nils! ​

You have no idea how grateful I am for #VarnishCache. It's a real gem, protecting my site against the Mastodon stampede. Nothing else worked before.

Bravissimo for the great work on it ​

@jandi thank you for letting me know about the two LEGENDS responsible for #VarnishCache (aka my favorite discovery in this 7-month self-hosting journey)

@overunderlay @esoteric_programmer @bsdphk @slink

Update no.2: It turns out, I cannot install #VarnishCache on my shared hosting plan because that requires #Nginx and my plan doesn't support it...

The only option I have - to manually install Varnish - is to move my #Wordpress site from my shared hosting plan to a #VPS.

I already have 2 VPS's so it would cost me nothing but this takes a bazillion steps and I honestly don't want to do it ​ I love the Dashboard / ease of use of my shared hosting plan vis-à-vis Wordpress.

Plan C is seeing if things are different with BunnyCDN.

Plan Z is moving all my blogging efforts to Ghost but I don't want do to that. I'll try anything to protect my Wordpress site against the Mastodon stampede.

Edit: for context, I have had this Wordpress site since 2010 (15 years now!) so I don't want to mess with it.

cc: @cleantext and @ck0 (who asked about this)

@david_chisnall

I'll take one for #varnishcache too!

@jorijn @inawhilecrocodile the built-in malloc based stevedore has various issues specific to the underlying implementation, but independent of that, it needs more memory than configured and it has an lru fairness issue. all of these issues are solved with https://gitlab.com/uplex/varnish/slash #varnishcache

@jorijn using uds with #kubernetes is not an issue. just configure a file system shared between multiple containers of the same pod and put the uds "file" there.
fwiw, this is also the way to use varnishadm/varnishstat/varnishlog from a different container than where varnishd runs.
learning curve: yes, but it makes you more competent also :)
#varnishcache

@jorijn @monospace i did also use nginx and have no hard arguments against it besides "project governance" maybe. but a relevant benefit of using #haproxy in tcp mode is to avoid any double processing of http, which otherwise is prone to desync bugs. tcp mode simply adds/removes the tls pipe, nothing more, nothing less. all the http processing remains in #varnishcache only.

@jorijn it's a long story with much detail. but there is one relevant argument: not to have complex tls code in the same address space as varnishd itself: http://varnish-cache.org/docs/trunk/phk/ssl.html and http://varnish-cache.org/docs/trunk/phk/ssl_again.html .

what we are working on right now (unpublished WIP) uses the keyless tls idea, which cloudflare made popular (but did not invent, iirc): https://www.cloudflare.com/en-gb/learning/ssl/keyless-ssl/

@jorijn yes, as of today, the recommended way is to use #haproxy as a combined tls onloader/offloader with the PROXY2 protocol such that haproxy has "zero" configuration: see http://varnish-cache.org/docs/trunk/users-guide/vcl-backends.html#connecting-through-a-proxy and .via in http://varnish-cache.org/docs/trunk/reference/vcl-backend.html#vcl-backend-7
this also works with dns: https://github.com/nigoroll/libvmod-dynamic/blob/master/src/vmod_dynamic.vcc

that said, we will do something about this eventually #varnishcache

@selea until recently, the default h2 status in #varnishcache (unintentional)

https://github.com/varnishcache/varnish-cache/pull/4284