├── .github
└── workflows
│ └── build.yml
├── .gitignore
├── .idea
├── docker-varnish.iml
├── encodings.xml
├── inspectionProfiles
│ └── Project_Default.xml
├── misc.xml
├── modules.xml
└── vcs.xml
├── 6.0
├── Dockerfile
└── init.sh
├── 7.6
├── Dockerfile
└── init.sh
├── 7.7
├── Dockerfile
└── init.sh
├── CHANGELOG.md
├── LICENSE
├── README.md
└── test
├── 6.0.vcl
├── 7.6.vcl
└── 7.7.vcl
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
1 | name: build
2 |
3 | on:
4 | push:
5 | tags:
6 | - 20*
7 | workflow_dispatch:
8 |
9 | env:
10 | GHCR_IMAGE: ghcr.io/emgag/varnish
11 | GHCR_USER: emgag-service
12 | CONTAINER_PLATFORMS: "linux/amd64,linux/arm64"
13 |
14 | jobs:
15 | build:
16 | strategy:
17 | matrix:
18 | version: ["6.0", "7.6", "7.7"]
19 | include:
20 | - version: "6.0"
21 | tag: "6.0.13-1"
22 | - version: "7.6"
23 | tag: "7.6.2"
24 | - version: "7.7"
25 | tag: "7.7.0"
26 |
27 | runs-on: ubuntu-latest
28 | steps:
29 | - name: Checkout
30 | uses: actions/checkout@v4
31 |
32 | # https://github.com/docker/setup-qemu-action
33 | - name: Set up QEMU
34 | uses: docker/setup-qemu-action@v3
35 |
36 | # https://github.com/docker/setup-buildx-action
37 | - name: Set up Docker Buildx
38 | uses: docker/setup-buildx-action@v3
39 |
40 | - name: Login to GitHub Container Registry
41 | uses: docker/login-action@v3
42 | with:
43 | registry: ghcr.io
44 | username: ${{ github.actor }}
45 | password: ${{ secrets.GITHUB_TOKEN }}
46 |
47 | - name: Build varnish {{ matrix.version }}
48 | run: >
49 | docker buildx build --pull --push
50 | -t ${{ env.GHCR_IMAGE }}:${{ matrix.tag }}
51 | --platform ${{ env.CONTAINER_PLATFORMS }}
52 | ${{ matrix.version }}
53 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .envrc
2 | geoip
3 |
4 | # Created by .ignore support plugin (hsz.mobi)
5 | ### JetBrains template
6 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
7 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
8 |
9 | # User-specific stuff:
10 | .idea/**/workspace.xml
11 | .idea/**/tasks.xml
12 | .idea/dictionaries
13 |
14 | # Sensitive or high-churn files:
15 | .idea/**/dataSources/
16 | .idea/**/dataSources.ids
17 | .idea/**/dataSources.xml
18 | .idea/**/dataSources.local.xml
19 | .idea/**/sqlDataSources.xml
20 | .idea/**/dynamic.xml
21 | .idea/**/uiDesigner.xml
22 |
23 | # Gradle:
24 | .idea/**/gradle.xml
25 | .idea/**/libraries
26 |
27 | # Mongo Explorer plugin:
28 | .idea/**/mongoSettings.xml
29 |
30 | ## File-based project format:
31 | *.iws
32 |
33 | ## Plugin-specific files:
34 |
35 | # IntelliJ
36 | /out/
37 |
38 | # mpeltonen/sbt-idea plugin
39 | .idea_modules/
40 |
41 | # JIRA plugin
42 | atlassian-ide-plugin.xml
43 |
44 | # Crashlytics plugin (for Android Studio and IntelliJ)
45 | com_crashlytics_export_strings.xml
46 | crashlytics.properties
47 | crashlytics-build.properties
48 | fabric.properties
49 |
50 |
--------------------------------------------------------------------------------
/.idea/docker-varnish.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/inspectionProfiles/Project_Default.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/6.0/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM debian:bookworm-slim
2 | LABEL org.opencontainers.image.source = "https://github.com/emgag/docker-varnish"
3 |
4 | #
5 | # install varnish build deps
6 | #
7 | RUN apt-get update \
8 | && apt-get install -y --no-install-recommends \
9 | automake \
10 | autotools-dev \
11 | build-essential \
12 | ca-certificates \
13 | curl \
14 | git \
15 | libedit-dev \
16 | libjemalloc-dev \
17 | libmhash-dev \
18 | libncurses-dev \
19 | libpcre3-dev \
20 | libtool \
21 | pkg-config \
22 | python-is-python3 \
23 | python3 \
24 | python3-docutils \
25 | python3-sphinx \
26 | && apt-get clean \
27 | && apt-get autoremove -y \
28 | && rm -rf /var/lib/apt/lists/*
29 |
30 | #
31 | # install varnish
32 | #
33 | ENV VARNISH_VERSION=6.0.13
34 | ENV VARNISH_SHA256SUM=0dca6295f9c69d47a7208598c415385c590c66863ebd42bfeb08a367b788a9ba
35 |
36 | RUN mkdir -p /usr/local/src && \
37 | cd /usr/local/src && \
38 | curl -sfLO https://varnish-cache.org/_downloads/varnish-${VARNISH_VERSION}.tgz && \
39 | echo "${VARNISH_SHA256SUM} varnish-${VARNISH_VERSION}.tgz" | sha256sum -c - && \
40 | tar -xzf varnish-${VARNISH_VERSION}.tgz && \
41 | rm varnish-${VARNISH_VERSION}.tgz && \
42 | cd varnish-${VARNISH_VERSION} && \
43 | ./autogen.sh && \
44 | ./configure && \
45 | make install
46 |
47 | #
48 | # install stock varnish module library
49 | #
50 | ENV VARNISHMODULES_BRANCH=6.0-lts
51 | ENV VARNISHMODULES_COMMIT=d472c29300ffa1ea5d0916125d449ba43a64f1bd
52 |
53 | RUN cd /usr/local/src/ && \
54 | git clone -b ${VARNISHMODULES_BRANCH} https://github.com/varnish/varnish-modules.git && \
55 | cd varnish-modules && \
56 | git reset --hard ${VARNISHMODULES_COMMIT} && \
57 | ./bootstrap && \
58 | ./configure && \
59 | make install && \
60 | cd /usr/local/src && \
61 | rm -rf varnish-modules && \
62 | ldconfig
63 |
64 |
65 | #
66 | # install libvmod-dynamic
67 | #
68 | ENV LIBVMOD_DYNAMIC_BRANCH=6.0
69 | ENV LIBVMOD_DYNAMIC_COMMIT=17c1fea935a2e2bc51c323069c66a77b6529d6ef
70 |
71 | RUN cd /usr/local/src/ && \
72 | git clone -b ${LIBVMOD_DYNAMIC_BRANCH} https://github.com/nigoroll/libvmod-dynamic.git && \
73 | cd libvmod-dynamic && \
74 | git reset --hard ${LIBVMOD_DYNAMIC_COMMIT} && \
75 | ./autogen.sh && \
76 | ./configure && \
77 | make install && \
78 | cd /usr/local/src && \
79 | rm -rf libvmod-dynamic && \
80 | ldconfig
81 |
82 | #
83 | # install libvmod-digest
84 | #
85 | ENV LIBVMOD_DIGEST_VERSION=1.0.3
86 | ENV LIBVMOD_DIGEST_SHA256SUM=872fd18aa672609195c0dc128ca29e1a1b3a11924c71a34ed7fd956f9177111c
87 |
88 | RUN cd /usr/local/src/ && \
89 | curl -sfLO https://github.com/varnish/libvmod-digest/archive/libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz && \
90 | echo "${LIBVMOD_DIGEST_SHA256SUM} libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz" | sha256sum -c - && \
91 | tar -xzf libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz && \
92 | cd libvmod-digest-libvmod-digest-${LIBVMOD_DIGEST_VERSION} && \
93 | ./autogen.sh && \
94 | ./configure && \
95 | make install && \
96 | cd /usr/local/src && \
97 | rm -rf libvmod-digest* && \
98 | ldconfig
99 |
100 | #
101 | # install libvmod-querystring
102 | #
103 | ENV LIBVMOD_QUERYSTRING_VERSION=2.0.4
104 | ENV LIBVMOD_QUERYSTRING_SHA256SUM=965cd64edcb1c46dd88573b6e5da52b93cf21bbf0e482acff72f47d82bf866ed
105 |
106 | RUN cd /usr/local/src/ && \
107 | curl -sfLO https://git.sr.ht/~dridi/vmod-querystring/refs/download/vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}/vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz && \
108 | echo "${LIBVMOD_QUERYSTRING_SHA256SUM} vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz" | sha256sum -c - && \
109 | tar -xzf vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz && \
110 | cd vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION} && \
111 | ./configure && \
112 | make install && \
113 | cd /usr/local/src && \
114 | rm -rf vmod-querystring* && \
115 | ldconfig
116 |
117 | # init
118 | COPY init.sh /init.sh
119 |
120 | RUN useradd -r -s /bin/false vcache
121 | RUN mkdir /etc/varnish
122 |
123 | ENV VARNISH_CONFIG /etc/varnish/default.vcl
124 | ENV VARNISH_STORAGE malloc,100m
125 | ENV VARNISH_LISTEN :80
126 | ENV VARNISH_MANAGEMENT_LISTEN 127.0.0.1:6082
127 |
128 | EXPOSE 80
129 | EXPOSE 6082
130 |
131 | CMD ["/init.sh"]
132 |
--------------------------------------------------------------------------------
/6.0/init.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | exec varnishd \
3 | -j unix,user=vcache \
4 | -F \
5 | -f ${VARNISH_CONFIG} \
6 | -s ${VARNISH_STORAGE} \
7 | -a ${VARNISH_LISTEN} \
8 | -T ${VARNISH_MANAGEMENT_LISTEN} \
9 | ${VARNISH_DAEMON_OPTS}
10 |
--------------------------------------------------------------------------------
/7.6/Dockerfile:
--------------------------------------------------------------------------------
1 | # syntax=docker/dockerfile:experimental
2 | FROM debian:bookworm-slim
3 | LABEL org.opencontainers.image.source = "https://github.com/emgag/docker-varnish"
4 |
5 | #
6 | # install varnish build deps
7 | #
8 | RUN apt-get update \
9 | && apt-get install -y --no-install-recommends \
10 | autoconf-archive \
11 | automake \
12 | autotools-dev \
13 | build-essential \
14 | ca-certificates \
15 | curl \
16 | git \
17 | libedit-dev \
18 | libgetdns-dev \
19 | libjemalloc-dev \
20 | libmhash-dev \
21 | libncurses-dev \
22 | libpcre2-8-0 \
23 | libpcre2-dev \
24 | libpcre3-dev \
25 | libreadline-dev \
26 | libtool \
27 | liburing-dev \
28 | libxxhash-dev \
29 | pkg-config \
30 | python3 \
31 | python3-docutils \
32 | python3-sphinx \
33 | && apt-get autoremove -y
34 |
35 | #
36 | # install varnish
37 | #
38 | ENV VARNISH_VERSION=7.6.2
39 | ENV VARNISH_SHA256SUM=385c610ecc63dcfeb53d76f47cc465e89ebe27da2c09226f9861c4fa8e9d2c9a
40 | ENV VARNISHSRC=/usr/local/src/varnish-${VARNISH_VERSION}
41 |
42 | RUN mkdir -p /usr/local/src && \
43 | cd /usr/local/src && \
44 | curl -sfLO https://varnish-cache.org/_downloads/varnish-${VARNISH_VERSION}.tgz && \
45 | echo "${VARNISH_SHA256SUM} varnish-${VARNISH_VERSION}.tgz" | sha256sum -c - && \
46 | tar -xzf varnish-${VARNISH_VERSION}.tgz && \
47 | rm varnish-${VARNISH_VERSION}.tgz && \
48 | cd varnish-${VARNISH_VERSION} && \
49 | ./autogen.sh && \
50 | ./configure && \
51 | make install
52 |
53 | #
54 | # install stock varnish module library
55 | #
56 | ENV VARNISHMODULES_VERSION=0.25.0
57 | ENV VARNISHMODULES_SHA256SUM=5112835be86f2cfc0eebd718326a9aef49bd6aadf6f7ed43690fd99cd0d31996
58 |
59 | RUN cd /usr/local/src/ && \
60 | curl -sfLO https://github.com/varnish/varnish-modules/archive/${VARNISHMODULES_VERSION}.tar.gz && \
61 | echo "${VARNISHMODULES_SHA256SUM} ${VARNISHMODULES_VERSION}.tar.gz" | sha256sum -c - && \
62 | tar -xzf ${VARNISHMODULES_VERSION}.tar.gz && \
63 | cd varnish-modules-${VARNISHMODULES_VERSION} && \
64 | ./bootstrap && \
65 | ./configure && \
66 | make install && \
67 | cd /usr/local/src && \
68 | rm ${VARNISHMODULES_VERSION}.tar.gz \
69 | rm -rf varnish-modules-${VARNISHMODULES_VERSION} && \
70 | ldconfig
71 |
72 | #
73 | # install libvmod-dynamic
74 | #
75 | ENV LIBVMOD_DYNAMIC_BRANCH=master
76 | ENV LIBVMOD_DYNAMIC_COMMIT=740f5aa499a67112639d3c2d11fe44e26d0d4437
77 |
78 | RUN cd /usr/local/src/ && \
79 | git clone -b ${LIBVMOD_DYNAMIC_BRANCH} https://github.com/nigoroll/libvmod-dynamic.git && \
80 | cd libvmod-dynamic && \
81 | git reset --hard ${LIBVMOD_DYNAMIC_COMMIT} && \
82 | ./autogen.sh && \
83 | ./configure && \
84 | make install && \
85 | cd /usr/local/src && \
86 | rm -rf libvmod-dynamic && \
87 | ldconfig
88 |
89 | #
90 | # install libvmod-digest
91 | #
92 | ENV LIBVMOD_DIGEST_VERSION=1.0.3
93 | ENV LIBVMOD_DIGEST_SHA256SUM=872fd18aa672609195c0dc128ca29e1a1b3a11924c71a34ed7fd956f9177111c
94 |
95 | RUN cd /usr/local/src/ && \
96 | curl -sfLO https://github.com/varnish/libvmod-digest/archive/libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz && \
97 | echo "${LIBVMOD_DIGEST_SHA256SUM} libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz" | sha256sum -c - && \
98 | tar -xzf libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz && \
99 | cd libvmod-digest-libvmod-digest-${LIBVMOD_DIGEST_VERSION} && \
100 | ./autogen.sh && \
101 | ./configure && \
102 | make install && \
103 | cd /usr/local/src && \
104 | rm -rf libvmod-digest* && \
105 | ldconfig
106 |
107 | #
108 | # install libvmod-querystring
109 | #
110 | ENV LIBVMOD_QUERYSTRING_VERSION=2.0.4
111 | ENV LIBVMOD_QUERYSTRING_SHA256SUM=965cd64edcb1c46dd88573b6e5da52b93cf21bbf0e482acff72f47d82bf866ed
112 |
113 | RUN cd /usr/local/src/ && \
114 | curl -sfLO https://git.sr.ht/~dridi/vmod-querystring/refs/download/vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}/vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz && \
115 | echo "${LIBVMOD_QUERYSTRING_SHA256SUM} vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz" | sha256sum -c - && \
116 | tar -xzf vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz && \
117 | cd vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION} && \
118 | ./configure && \
119 | make install && \
120 | cd /usr/local/src && \
121 | rm -rf vmod-querystring* && \
122 | ldconfig
123 |
124 | #
125 | # install slash storage engines
126 | #
127 | #ENV SLASH_BRANCH=master
128 | #ENV SLASH_COMMIT=c250c9cd3cbb9b751aa230ca6b72c2937b5ff656
129 | #
130 | #RUN cd /usr/local/src/ && \
131 | # git clone -b ${SLASH_BRANCH} https://gitlab.com/uplex/varnish/slash.git && \
132 | # cd slash && \
133 | # git reset --hard ${SLASH_COMMIT} && \
134 | # ./bootstrap && \
135 | # make check && \
136 | # make install && \
137 | # cd /usr/local/src && \
138 | # rm -rf slash && \
139 | # ldconfig
140 |
141 | # init
142 | COPY init.sh /init.sh
143 |
144 | RUN useradd -r -s /bin/false vcache
145 | RUN mkdir /etc/varnish
146 |
147 | ENV VARNISH_CONFIG /etc/varnish/default.vcl
148 | ENV VARNISH_STORAGE malloc,100m
149 | ENV VARNISH_LISTEN :80
150 | ENV VARNISH_MANAGEMENT_LISTEN 127.0.0.1:6082
151 |
152 | EXPOSE 80
153 | EXPOSE 6082
154 |
155 | CMD ["/init.sh"]
156 |
--------------------------------------------------------------------------------
/7.6/init.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | exec varnishd \
3 | -j unix,user=vcache \
4 | -F \
5 | -f ${VARNISH_CONFIG} \
6 | -s ${VARNISH_STORAGE} \
7 | -a ${VARNISH_LISTEN} \
8 | -T ${VARNISH_MANAGEMENT_LISTEN} \
9 | ${VARNISH_DAEMON_OPTS}
10 |
--------------------------------------------------------------------------------
/7.7/Dockerfile:
--------------------------------------------------------------------------------
1 | # syntax=docker/dockerfile:experimental
2 | FROM debian:bookworm-slim
3 | LABEL org.opencontainers.image.source = "https://github.com/emgag/docker-varnish"
4 |
5 | #
6 | # install varnish build deps
7 | #
8 | RUN apt-get update \
9 | && apt-get install -y --no-install-recommends \
10 | autoconf-archive \
11 | automake \
12 | autotools-dev \
13 | build-essential \
14 | ca-certificates \
15 | curl \
16 | git \
17 | libedit-dev \
18 | libgetdns-dev \
19 | libjemalloc-dev \
20 | libmhash-dev \
21 | libncurses-dev \
22 | libpcre2-8-0 \
23 | libpcre2-dev \
24 | libpcre3-dev \
25 | libreadline-dev \
26 | libtool \
27 | liburing-dev \
28 | libxxhash-dev \
29 | pkg-config \
30 | python3 \
31 | python3-docutils \
32 | python3-sphinx \
33 | && apt-get autoremove -y
34 |
35 | #
36 | # install varnish
37 | #
38 | ENV VARNISH_VERSION=7.7.0
39 | ENV VARNISH_SHA256SUM=69948f21511f81ce78f09a9715d9a8750e8111619bd6055a3c861315a210b4e4
40 | ENV VARNISHSRC=/usr/local/src/varnish-${VARNISH_VERSION}
41 |
42 | RUN mkdir -p /usr/local/src && \
43 | cd /usr/local/src && \
44 | curl -sfLO https://varnish-cache.org/_downloads/varnish-${VARNISH_VERSION}.tgz && \
45 | echo "${VARNISH_SHA256SUM} varnish-${VARNISH_VERSION}.tgz" | sha256sum -c - && \
46 | tar -xzf varnish-${VARNISH_VERSION}.tgz && \
47 | rm varnish-${VARNISH_VERSION}.tgz && \
48 | cd varnish-${VARNISH_VERSION} && \
49 | ./autogen.sh && \
50 | ./configure && \
51 | make install
52 |
53 | #
54 | # install stock varnish module library
55 | #
56 | ENV VARNISHMODULES_VERSION=0.26.0
57 | ENV VARNISHMODULES_SHA256SUM=6002cf401bf5dc9e636b15b8e95ac6ba25b6404ee427f7f246a067bad1884eea
58 |
59 | RUN cd /usr/local/src/ && \
60 | curl -sfLO https://github.com/varnish/varnish-modules/archive/${VARNISHMODULES_VERSION}.tar.gz && \
61 | echo "${VARNISHMODULES_SHA256SUM} ${VARNISHMODULES_VERSION}.tar.gz" | sha256sum -c - && \
62 | tar -xzf ${VARNISHMODULES_VERSION}.tar.gz && \
63 | cd varnish-modules-${VARNISHMODULES_VERSION} && \
64 | ./bootstrap && \
65 | ./configure && \
66 | make install && \
67 | cd /usr/local/src && \
68 | rm ${VARNISHMODULES_VERSION}.tar.gz \
69 | rm -rf varnish-modules-${VARNISHMODULES_VERSION} && \
70 | ldconfig
71 |
72 | #
73 | # install libvmod-dynamic
74 | #
75 | ENV LIBVMOD_DYNAMIC_BRANCH=master
76 | ENV LIBVMOD_DYNAMIC_COMMIT=740f5aa499a67112639d3c2d11fe44e26d0d4437
77 |
78 | RUN cd /usr/local/src/ && \
79 | git clone -b ${LIBVMOD_DYNAMIC_BRANCH} https://github.com/nigoroll/libvmod-dynamic.git && \
80 | cd libvmod-dynamic && \
81 | git reset --hard ${LIBVMOD_DYNAMIC_COMMIT} && \
82 | ./autogen.sh && \
83 | ./configure && \
84 | make install && \
85 | cd /usr/local/src && \
86 | rm -rf libvmod-dynamic && \
87 | ldconfig
88 |
89 | #
90 | # install libvmod-digest
91 | #
92 | ENV LIBVMOD_DIGEST_VERSION=1.0.3
93 | ENV LIBVMOD_DIGEST_SHA256SUM=872fd18aa672609195c0dc128ca29e1a1b3a11924c71a34ed7fd956f9177111c
94 |
95 | RUN cd /usr/local/src/ && \
96 | curl -sfLO https://github.com/varnish/libvmod-digest/archive/libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz && \
97 | echo "${LIBVMOD_DIGEST_SHA256SUM} libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz" | sha256sum -c - && \
98 | tar -xzf libvmod-digest-${LIBVMOD_DIGEST_VERSION}.tar.gz && \
99 | cd libvmod-digest-libvmod-digest-${LIBVMOD_DIGEST_VERSION} && \
100 | ./autogen.sh && \
101 | ./configure && \
102 | make install && \
103 | cd /usr/local/src && \
104 | rm -rf libvmod-digest* && \
105 | ldconfig
106 |
107 | #
108 | # install libvmod-querystring
109 | #
110 | ENV LIBVMOD_QUERYSTRING_VERSION=2.0.4
111 | ENV LIBVMOD_QUERYSTRING_SHA256SUM=965cd64edcb1c46dd88573b6e5da52b93cf21bbf0e482acff72f47d82bf866ed
112 |
113 | RUN cd /usr/local/src/ && \
114 | curl -sfLO https://git.sr.ht/~dridi/vmod-querystring/refs/download/vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}/vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz && \
115 | echo "${LIBVMOD_QUERYSTRING_SHA256SUM} vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz" | sha256sum -c - && \
116 | tar -xzf vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION}.tar.gz && \
117 | cd vmod-querystring-${LIBVMOD_QUERYSTRING_VERSION} && \
118 | ./configure && \
119 | make install && \
120 | cd /usr/local/src && \
121 | rm -rf vmod-querystring* && \
122 | ldconfig
123 |
124 | #
125 | # install slash storage engines
126 | #
127 | #ENV SLASH_BRANCH=master
128 | #ENV SLASH_COMMIT=c250c9cd3cbb9b751aa230ca6b72c2937b5ff656
129 | #
130 | #RUN cd /usr/local/src/ && \
131 | # git clone -b ${SLASH_BRANCH} https://gitlab.com/uplex/varnish/slash.git && \
132 | # cd slash && \
133 | # git reset --hard ${SLASH_COMMIT} && \
134 | # ./bootstrap && \
135 | # make check && \
136 | # make install && \
137 | # cd /usr/local/src && \
138 | # rm -rf slash && \
139 | # ldconfig
140 |
141 | # init
142 | COPY init.sh /init.sh
143 |
144 | RUN useradd -r -s /bin/false vcache
145 | RUN mkdir /etc/varnish
146 |
147 | ENV VARNISH_CONFIG /etc/varnish/default.vcl
148 | ENV VARNISH_STORAGE malloc,100m
149 | ENV VARNISH_LISTEN :80
150 | ENV VARNISH_MANAGEMENT_LISTEN 127.0.0.1:6082
151 |
152 | EXPOSE 80
153 | EXPOSE 6082
154 |
155 | CMD ["/init.sh"]
156 |
--------------------------------------------------------------------------------
/7.7/init.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | exec varnishd \
3 | -j unix,user=vcache \
4 | -F \
5 | -f ${VARNISH_CONFIG} \
6 | -s ${VARNISH_STORAGE} \
7 | -a ${VARNISH_LISTEN} \
8 | -T ${VARNISH_MANAGEMENT_LISTEN} \
9 | ${VARNISH_DAEMON_OPTS}
10 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 2025-04-05
2 |
3 | * Return from hiatus.
4 | * Bump [vmod-querystring](https://git.sr.ht/~dridi/vmod-querystring) to 2.0.4 and use updated location.
5 | * Add 6.0.13-1 tag with updated vmod-querystring.
6 | * Add [7.6](https://varnish-cache.org/releases/rel7.6.2.html) release.
7 | * Add [7.7](https://varnish-cache.org/releases/rel7.7.0.html) release.
8 | * EOL'd version 7.3, 7.4 and 7.3.
9 |
10 | ## 2024-05-30
11 |
12 | * Add [7.5](https://varnish-cache.org/releases/rel7.5.0.html) release.
13 | * Update to 6.0.13, 7.3.2, 7.4.3 and 7.5 to address [VSV00014 Varnish HTTP/2 Broke Window Attack](https://varnish-cache.org/security/VSV00014.html#vsv00014).
14 |
15 | ## 2023-12-28
16 |
17 | * Add [7.4](https://varnish-cache.org/releases/rel7.4.0.html#rel7-4-0) release.
18 | * Update to 6.0.12, 7.3.1 and 7.4.2 to address [VSV00013 Varnish HTTP/2 Rapid Reset Attack](https://varnish-cache.org/security/VSV00013.html#vsv00013).
19 | * Switch base images to debian:bookworm-slim.
20 | * EOL'd version 7.2.
21 |
22 | ## 2023-08-18
23 |
24 | * Update [vmod-digest](https://github.com/varnish/libvmod-digest) to address [VSV00012 Base64 decoding vulnerability in vmod-digest](https://varnish-cache.org/security/VSV00012.html), updated images are 7.3.0-1, 7.2.1-1 and 6.0.11-1.
25 | * Switch 6.0 image to debian:buster-slim because Debian Stretch is EOL'd now.
26 |
27 | ## 2023-03-24
28 |
29 | * Add [7.3.0](https://varnish-cache.org/releases/rel7.3.0.html#rel7-3-0)
30 | * Keep built varnish source directory in image to allow building vmods which require it to be around
31 | * Remove dockerhub image builds
32 | * EOL'd version 7.1.
33 |
34 | ## 2022-11-10
35 |
36 | * Update to 6.0.11, 7.1.2 and 7.2.1 to address [VSV00010 Varnish Request Smuggling Vulnerability](https://varnish-cache.org/security/VSV00010.html#vsv00010) and [VSV00011 Varnish HTTP/2 Request Forgery Vulnerability](https://varnish-cache.org/security/VSV00011.html#vsv00011)
37 |
38 | ## 2022-09-16
39 |
40 | * Add [7.2.0](https://varnish-cache.org/releases/rel7.2.0.html#rel7-2-0)
41 | * EOL'd version 7.0.
42 |
43 | ## 2022-09-06
44 |
45 | * Update to 7.0.3 and 7.1.1 to address [VSV00009 Varnish Denial of Service Vulnerability](https://varnish-cache.org/security/VSV00009.html#vsv00009)
46 |
47 | ## 2022-03-15
48 |
49 | * Add [7.1.0](https://varnish-cache.org/releases/rel7.1.0.html#rel7-1-0)
50 | * EOL'd version 6.6.
51 |
52 | ## 2022-01-27
53 |
54 | * Update to 7.0.2, 6.6.2 and 6.0.10 to address [VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability](https://varnish-cache.org/security/VSV00008.html)
55 |
56 | ## 2021-11-26
57 |
58 | * Bump [6.0 to 6.0.9](https://varnish-cache.org/releases/rel6.0.9.html#rel6-0-9)
59 | * Bump [7.0 to 7.0.1](https://varnish-cache.org/releases/rel7.0.1.html#rel7-0-1)
60 | * Bump [libvmod-querystring to 2.0.3](https://github.com/Dridi/libvmod-querystring/releases/tag/v2.0.3)
61 | * Rebuild 6.6 (6.6.1-2) to bump libvmod-querystring
62 |
63 | ## 2021-10-01
64 |
65 | * Build container images for multiple architectures (Thanks to @danielcompton):
66 | * linux/amd64
67 | * linux/arm64 (untested)
68 | * Add 7.0.0.
69 | * Add rebuilds for older versions (6.0.8-1, 6.6.1-1).
70 | * EOL'd version 6.5.
71 |
72 | ## 2021-07-13
73 |
74 | * Update to 6.6.1, 6.5.2 and 6.0.8 to address [VSV00007 Varnish HTTP/2 Request Smuggling Attack](http://varnish-cache.org/security/VSV00007.html)
75 |
76 | ## 2021-03-17
77 |
78 | * Add 6.6.0
79 | * Switch back to [official varnish-modules release](https://github.com/varnish/varnish-modules) again for 6.5.1-1 ([0.17.1](https://github.com/varnish/varnish-modules/releases/tag/0.17.1)) and 6.6.0 ([0.18.0](https://github.com/varnish/varnish-modules/releases/tag/0.18.0)). This also addresses [VSV00006 varnish-modules Denial of Service](https://varnish-cache.org/security/VSV00006.html).
80 | * Bump libvmod-dynamic version for 6.5.1-1
81 | * EOL'd version 6.4.
82 |
83 | ## 2021-01-04
84 |
85 | * Update to 6.5.1 and 6.0.7
86 |
87 | ## 2020-09-22
88 |
89 | * Add 6.5.0 build
90 | * Switch to [nigoroll/varnish-modules](https://github.com/nigoroll/varnish-modules) varnish-modules fork
91 | * Removed vmod softpurge
92 | * EOL'd version 6.3
93 |
94 | ## 2020-09-06
95 |
96 | * Upload new images to Github Container Registry as well
97 |
98 | ## 2020-03-18
99 |
100 | * Add 6.4.0 build
101 | * Drop 6.2 support as it's no longer supported by varnish
102 |
103 | ## 2020-02-05
104 |
105 | * Update to 6.3.2, 6.2.3 and 6.0.6 to address [VSV00005 Varnish HTTP Proxy Protocol V2 Denial of Service](https://varnish-cache.org/security/VSV00005.html)
106 |
107 | ## 2019-10-21
108 |
109 | * Update to 6.3.1, 6.2.2 and 6.0.5 to address [VSV00004 (Workspace information leak)](http://varnish-cache.org/security/VSV00004.html#vsv00004)
110 |
111 | ## 2019-10-10
112 |
113 | * Final update for 4.1 branch with working builds for 4.1.x, 5.0.x, 5.1.x and 5.2.x and reupload latest image for each release (but w/o shipped geoip databases)
114 | * Clarify documentation about available tags
115 |
116 | ## 2019-10-09
117 |
118 | * Initial support for 6.3.0
119 | * Add libgetdns for advanced DNS features in vmod-dynamic (6.3)
120 | * Remove deprecated and unmaintained tags from docker hub (6, 6.0, 4.\*, 5.\*, latest, testing), reuploaded latest 4.1 image (4.1.11)
121 | * Add CHANGELOG
122 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2017 Entertainment Media Group AG
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # emgag/varnish
2 |
3 | 
4 | 
5 |
6 | **WARNING:** Dockerhub images are no longer maintained. Please use ghcr.io!
7 |
8 | [Varnish](http://varnish-cache.org/) container image used within EMGAG environments. Originally based on [newsdev/docker-varnish](https://github.com/newsdev) (not available anymore), but updated to recent varnish versions (6.0, 7.6 and 7.7), shipped with some additional [vmods](http://varnish-cache.org/vmods/#vmods), better support for custom configuration and built for multiple architectures.
9 |
10 | Shipped VMODs:
11 | * [libvmod-digest](https://github.com/varnish/libvmod-digest): HMAC, hash and base64 functions
12 | * [libvmod-dynamic](https://github.com/nigoroll/libvmod-dynamic): Dynamic backend director
13 | * [libvmod-querystring](https://github.com/Dridi/libvmod-querystring): Advanced query-string filtering.
14 | * [varnish-modules](https://github.com/varnish/varnish-modules): Official varnish vmod collection (tcp, vsthrottle, xkey, saintmode, bodyaccess, header, var)
15 |
16 | ## Registries
17 |
18 | * Github Container Registry: [ghcr.io/emgag/varnish](https://github.com/orgs/emgag/packages/container/varnish) (Images starting from 6.4.0, 6.3.2 and 6.0.6)
19 | * Dockerhub: [emgag/varnish](https://hub.docker.com/r/emgag/varnish) (Archive only, no longer updated!)
20 |
21 | ## Supported tags and respective `Dockerfile` links
22 |
23 | * [`7.7.0` (*7.7.0/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/7.5/Dockerfile), based on debian:bookworm-slim.
24 | * linux/amd64
25 | * linux/arm64
26 | * [`7.6.2` (*7.6.0/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/7.5/Dockerfile), based on debian:bookworm-slim.
27 | * linux/amd64
28 | * linux/arm64
29 | * [`6.0.13` (*6.0.13/Dockerfile*)](https://github.com/emgag/docker-varnish/blob/master/6.0/Dockerfile), based on debian:bookworm-slim.
30 | * linux/amd64
31 | * linux/arm64
32 |
33 | **Notes:**
34 | * This repository does **not contain shorthand tags** (e.g. latest, 6, 6.1, etc.), just fully qualified versions corresponding to shipped varnish version and occasionally an additional package version (e.g. 6.0.3-1) if something in the image changed within a varnish release. This is because it might happen that a specific vmod stopped being supported for whatever reason and removing it will break future releases, which is outside of our control (e.g. old releases contained libvmod-geoip, which isn't supported anymore).
35 | * **Only 7.7, 7.6 and 6.0** are [versions supported by varnish](https://varnish-cache.org/releases/index.html) and maintained in this repo.
36 |
37 | ## Varnish
38 |
39 | From [varnish-cache.org](https://varnish-cache.org/intro/index.html): _Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture._
40 |
41 | ## How to use this image.
42 |
43 | By default, varnish reads `/etc/varnish/default.vcl` on startup. Either copy your VCL file in your Dockerfile
44 |
45 | ```
46 | FROM ghcr.io/emgag/varnish:7.7.0
47 | COPY default.vcl /etc/varnish/default.vcl
48 | ```
49 |
50 | or mount a volume containing the varnish configuration to `/etc/varnish`, e.g with a docker-compose file:
51 |
52 | ```
53 | version: '3'
54 | services:
55 | varnish:
56 | image: ghcr.io/emgag/varnish:7.7.0
57 | volumes:
58 | - ./varnish:/etc/varnish
59 | ports:
60 | - "80:80"
61 | ```
62 |
63 | Following environment variables can be used to customize the behaviour of the container:
64 | * VARNISH_CONFIG (default: `/etc/varnish/default.vcl`): The VCL file read on startup.
65 | * VARNISH_DAEMON_OPTS: Additional command line arguments for `varnishd`.
66 | * VARNISH_LISTEN (default: `:80`): The TCP port to listen for incoming client connections. Make sure to also expose the new port if this value is modified.
67 | * VARNISH_MANAGEMENT_LISTEN (default: `127.0.0.1:6082`): The TCP port to listen for management connections. See varnish documentation about [management interface authentication](https://varnish-cache.org/docs/trunk/users-guide/run_security.html) to setup a PSK.
68 | * VARNISH_STORAGE (default: `malloc,100m`): The cache backend and its configuration
69 |
70 | # License
71 |
72 | View [license information](https://github.com/emgag/docker-varnish/blob/master/LICENSE) for the software contained in this image.
73 |
74 | ## Issues
75 |
76 | If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/emgag/docker-varnish/issues).
77 |
78 | ## Contributing
79 |
80 | You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.
81 |
82 | Before you start to code, we recommend discussing your plans through a [GitHub issue](https://github.com/emgag/docker-varnish/issues), especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.
83 |
--------------------------------------------------------------------------------
/test/6.0.vcl:
--------------------------------------------------------------------------------
1 | vcl 4.0;
2 |
3 | import cookie;
4 | import digest;
5 | import directors;
6 | import dynamic;
7 | import header;
8 | import saintmode;
9 | import purge;
10 | import querystring;
11 | import std;
12 | import tcp;
13 | import var;
14 | import vsthrottle;
15 | import xkey;
16 |
17 | backend default {
18 | .host = "127.0.0.1";
19 | .port = "8080";
20 | }
21 |
22 | sub vcl_recv {
23 | std.log("you can't stop the signal!");
24 | }
--------------------------------------------------------------------------------
/test/7.6.vcl:
--------------------------------------------------------------------------------
1 | vcl 4.0;
2 |
3 | import blob;
4 | import bodyaccess;
5 | import cookie;
6 | import debug;
7 | import digest;
8 | import directors;
9 | import dynamic;
10 | import header;
11 | import proxy;
12 | import purge;
13 | import querystring;
14 | import saintmode;
15 | import std;
16 | import tcp;
17 | import unix;
18 | import var;
19 | import vsthrottle;
20 | import vtc;
21 | import xkey;
22 |
23 | backend default {
24 | .host = "127.0.0.1";
25 | .port = "8080";
26 | }
27 |
28 | sub vcl_recv {
29 | std.log("you can't stop the signal!");
30 | }
31 |
--------------------------------------------------------------------------------
/test/7.7.vcl:
--------------------------------------------------------------------------------
1 | vcl 4.0;
2 |
3 | import blob;
4 | import bodyaccess;
5 | import cookie;
6 | import debug;
7 | import digest;
8 | import directors;
9 | import dynamic;
10 | import header;
11 | import proxy;
12 | import purge;
13 | import querystring;
14 | import saintmode;
15 | import std;
16 | import tcp;
17 | import unix;
18 | import var;
19 | import vsthrottle;
20 | import vtc;
21 | import xkey;
22 |
23 | backend default {
24 | .host = "127.0.0.1";
25 | .port = "8080";
26 | }
27 |
28 | sub vcl_recv {
29 | std.log("you can't stop the signal!");
30 | }
31 |
--------------------------------------------------------------------------------