Varnish is fully configured through the Custom JSON Server Level Configuration.


To install Varnish, set varnish::ensure to present.


By default, Varnish will listen on the localhost interface. If Varnish has to bind to other addresses, use the address and address6 parameter to specify them.


By default, Varnish will listen on port 8022. If Varnish has to bind to another port, use the port and port6 parameter to specify them.


By default, Varnish will use as backend host and 8080 as backend port. If Varnish has to use another backend, use the backend_host and backend_port parameter to specify them.


With vcl_type, you choose a template which is used by Varnish as default VCL configuration. By now, the following types are available:

  • default: Varnish default configuration which does not very much but is perfectly suitable for your own, custom configuration trough vcl_include

  • typo3: Varnish configuration for the varnish TYPO3 extension (see GitLab)


By default, Varnish uses HTTP headers to decide whether a request should be cached or not. See the chapter The role of HTTP Headers in the official Varnish documentation.

With vcl_include, you can define a full path to an additional configuration file. This file gets included into the Varnish default configuration.


Keep in mind to issue a puppet-agent run after changing the local Varnish configuration. Puppet will copy your local configuration file to a global location and ensure that Varnish is able to read it.

Memory Ratio

By default, a memory_ratio of 2 is used, which means Varnish will take up to 50% of this servers total memory.


Add one or more startup options to the Varnish daemon with daemon_options.

Minimal example

Configuration through Custom JSON Server Level Configuration.

  "varnish::ensure": "present"

Varnish uses the default configurations as described above.

Full example

Configuration through Custom JSON Server Level Configuration.

  "varnish::ensure": "present",
  "varnish::address": "",
  "varnish::port": "80",
  "varnish::address6": "2001:db8::1",
  "varnish::port6": "80",
  "varnish::vcl_type": "default",
  "varnish::vcl_include": "/home/user/cnf/varnish.vcl",
  "varnish::memory_ratio": "4",
  "varnish::daemon_options": "-p vcc_allow_inline_c=on",
  "varnish::backend_host": "",
  "varnish::backend_port": "8080"


Varnish is monitored by Monit, a service which will restart varnish if varnish is not available. To check whether Varnish is available, an HTTP request is sent with _ as host header.

You can test this manually as follows:

curl -I -H "Host: _" -A "Monit/5.27.1"
curl -I -H "Host: _" -A "Monit/5.27.1" http://<address>:<port>/

Please ensure that this request is answered with an HTTP 200. Our standard varnish configuration includes the following snippet. You may need to add this to your own configuration.

if ( ~ "^_" && req.http.User-Agent ~ "(check_http|Monit)") {
  return (synth(200, "Varnish up and running smoothly."));


You can run these tools by login with the devop user (see Generic Admin User).