Enable incoming traffic on varnish using a Unix Domain Socket (UDS)
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Vgutierrez | T271421 Test envoyproxy as a WMF's CDN TLS terminator with real traffic | |||
Resolved | Vgutierrez | T285374 Enable UDS support on varnish |
Event Timeline
Change 701056 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):
[operations/puppet@production] varnish: Add listen on UDS support
this seemed an innocent change but it effectively forces the update from VCL 4.0 to 4.1:
From varnish documentation:
When UDS listeners are in use, VCL >= 4.1 will be required for all VCL programs loaded by Varnish. If you attempt to load a VCL source with vcl 4.0;, the load will fail with a message that the version is not supported.
Change 701073 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):
[operations/puppet@production] vcl: Use VCL 4.1 instead of 4.0
Initial testing in our labs environment shows that curl doesn't play well with PROXY protocol and unix domain sockets:
root@traffic-cache-atsupload-buster:~# curl --haproxy-protocol --unix-socket /run/varnish-frontend.socket -k -v -H "X-Forwarded-Proto: https" http://127.0.0.1:80/ * Expire in 0 ms for 6 (transfer 0x55a23e318fb0) * Trying /run/varnish-frontend.socket... * Expire in 200 ms for 4 (transfer 0x55a23e318fb0) * Connected to 127.0.0.1 (/run/varnish-frontend.socket) port 80 (#0) > PROXY TCP4 /run/varnish-frontend.socket 0 0 * Send failure: Broken pipe * Failed sending HTTP request * Connection #0 to host 127.0.0.1 left intact curl: (55) Send failure: Broken pipe
bug reported to upstream on https://github.com/curl/curl/issues/7290
Change 701073 merged by Vgutierrez:
[operations/puppet@production] vcl: Use VCL 4.1 instead of 4.0
Change 701056 merged by Vgutierrez:
[operations/puppet@production] varnish: Add listen on UDS support
Change 713482 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):
[operations/puppet@production] varnish: Handle UDS traffic properly
Change 713226 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):
[operations/puppet@production] varnish: Do not assume that UDS implies PROXY protocol
Change 715460 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):
[operations/puppet@production] varnish: Allow configuring UDS owner/group/perms
Change 713226 merged by Vgutierrez:
[operations/puppet@production] varnish: Do not assume that UDS implies PROXY protocol
Change 715460 merged by Vgutierrez:
[operations/puppet@production] varnish: Allow configuring UDS owner/group/perms
Change 713482 merged by Vgutierrez:
[operations/puppet@production] varnish: Handle UDS traffic properly