Vinyl Cache and Varnish Cache(vinyl-cache.org)

52 pointsby Foxboron5 days ago5 comments

geerlingguy2 days ago
This is the first I've actually heard of the name change... I used to use Varnish quite a bit, and had a decent grasp of VCL, for Drupal deployments. But I think Varnish 6 or 7 was when I started dropping off managing the caching layer as almost every project chose to offload caching to Cloudflare.
captn3m02 days ago
This is helpful, but it is yet to be seen how downstream picks it up. Wikidata[0] has renamed it and marked the Vinyl repo as the preferred one. Gentoo[1] renamed the package and switched to Vinyl. Homebrew[2] is now tracking Varnish Software (downstream of Vinyl). Fedora[3] has switched to Varnish Software as well. At endoflife.date[5], we renamed to vinyl and switched tracking as well. Wikipedia[6] has renamed Varnish (Software) -> Vinyl Cache.
[0]: https://www.wikidata.org/wiki/Q1602447
[1]: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=679937b...
[2]: https://github.com/Homebrew/homebrew-core/pull/273280
[3]: https://src.fedoraproject.org/rpms/varnish/c/59f403810b746e0...
[4]: https://repology.org/project/varnish/packages
[5]: https://github.com/endoflife-date/endoflife.date/pull/9792
[6]: https://en.wikipedia.org/wiki/Vinyl_Cache
hannibalhorn2 days ago
Did not know this had happened, but does seem PHK (the original author of Varnish) is now with of the Vinyl Cache project, so this is not just a typical fork.
willjp2 days ago
I appreciate the mysql/mariadb comparison.
- nesarkvechnep2 days ago
  It finally made it click for me.
wmf2 days ago
What's the deal with Antirez and PHK refusing to add TLS support?
- phkamp2 days ago
  I'm not "refusing to add TLS support" I insist that the certificate is safely isolated in a separate process for security reasons. There are many ways to skin that cat.
  - captn3m02 days ago
    Aside: Loved your bit talking about money and varnish in Gift Community[1]. And thanks for the Beerware License, I've started using it!
    [1]: https://www.youtube.com/watch?v=tOn-L3tGKw0
- lofaszvanitt2 days ago
  Varnish Enterprise has https support.
  - perbu2 days ago
    the whole point of varnish software keeping a public version of "vinyl cache" as "varnish cache" with TLS is to give people a way to access a FOSS version with native TLS.
    I think TLS is table-stakes now, and has been for the last 10 years, at least.
    time4tea2 days ago
    just use the tool that does the job.
    TLS in -> hitch or caddy Cache -> varnish/vinyl TLS out -> haproxy
    Connect them up with Unix sockets, if you like.
    slink_vinyl2 days ago
    because the topic keeps coming up, I now wrote the tutorial which we should have had years ago: https://vinyl-cache.org/tutorials/tls_haproxy.html
    time4tea20 hours ago
    Thanks for this. You dont mention hitch though. Is that now deprecated/discouraged?
    It hasn't seen much action in a while, but maybe thats cos it works?
    perbu14 hours ago
    fwiw; Varnish Software still maintains and supports hitch, but we can't say we see a bright future for it. Both the ergonomics and the performance of not being integrated into Varnish are pretty bad. It was the crutch we leaned as it was the best thing we could make available.
    I would recommend migrating off within a year or two.
    time4tea13 hours ago
    Thanks for the info, but I'm a bit confused, sorry.
    The reason for hitch was that tls and caching are a different concern, and the current recommendation is to use haproxy, which also isnt integrated into varnish/vinyl.
    But you say that the reason to migrate off hitch is that its not integrated?
    But what happend to separation of concerns, then? Is the plan to integrate tls termination into vinyl? Is this a change of policy/outlook?
    Thanks!
    perbu11 hours ago
    Varnish Software released hitch to facilitate TLS for varnish-cache.
    Now that Varnish has been renamed, Varnish Software will keep what has been referred to as a downstream version or a fork, which has TLS built in, basically taking the TLS support from Varnish Enterprise.
    This makes Hitch a moot point. So, I assume it'll receive security updates, but not much more.
    Wrt. separation of concerns. Varnish with in-core TLS can push terabits per second (synthetic load, but still). Sure, for my blog, that isn't gonna matter, but having a single component to run/update is still valuable.
    In particular using hitch/haproxy/nginx for backend is cumbersome.
    TLS is a primary concern on the internet today.
    time4tea11 hours ago
    Totally agree. But, if i may, the docs on varnish and tls are hella confusing. I just re-read the varnish v9 docs, and its not clear at all that/if it supports tls termination.
    Literally every doc, from the install guide to the "beef in the sandwich" talks about it NOT supporting tls termination... then one teeny para in "extra features in v9.0" mentions 'use -A flag'...
    This is cool! But also, worth mentioning. Sure I know its an open source project so you don't owe anyone anything, but also one with a huge company behind it - and this is a huge change of stance and also, sounds cool.
    perbu2 minutes ago
    we're not at all a huge company. we're 80 people with a lot on our plates trying to juggle this on top of everything else.
    but I truly appreciate the feedback. I'll reach our to the team working on this and see if I can make this a bit clearer.
    time4tea13 hours ago
    I initially read this as "we" being "Varnish Software", but maybe that was wrong.
    perbua day ago
    in my experience this has a lot more moving parts than it should.
    lofaszvanitt2 days ago
    Terminate tls and you have your cache.