Skip to content

Added instructions on how to combine varnish with basic-auth #2526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 29, 2024
Merged

Added instructions on how to combine varnish with basic-auth #2526

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8171be8
Added instructions on how to combine varnish with basic-auth
vidarl Oct 24, 2024
107c43a
fixup! Added instructions on how to combine varnish with basic-auth
vidarl Oct 25, 2024
951382a
Apply suggestions from code review
vidarl Oct 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions docs/infrastructure_and_maintenance/cache/http_cache/reverse_proxy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,27 @@
purge_servers: [http://my.varnish.server:8081]
```

#### Varnish and Basic Auth

If purge requests to Varnish is protected by Basic Auth, the Basic Auth credentials can be specified with the
`purge_servers` setting using the format:

``` yaml
http_cache:
purge_servers: [http://myuser:[email protected]:8081]
Copy link
Contributor

@mnocon mnocon Oct 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
purge_servers: [http://myuser:[email protected]:8081]
purge_servers: [https://myuser:[email protected]:8081]

Can we suggest using HTTPS by default, for everything?

Copy link
Contributor Author

@vidarl vidarl Oct 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we can do that. But open source version of Varnish do not support HTTPS termiation, so I think it makes more sense to always use HTTP for varnish purge servers in or docs.

Copy link
Contributor

@mnocon mnocon Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! My mind always goes to "HTTPS links everywhere", but it makes sense to make an exception when it's expected to see HTTP.

```

Varnish is enabled by default when using [[= product_name_cloud =]]. There is no need to specify `purge_servers` as this is detected
automatically. When enabling Basic Auth on [[= product_name_cloud =]] when using Varnish, you do however need to specify the credentials
using the following environment variables in order for purging to work:

```

Check failure on line 159 in docs/infrastructure_and_maintenance/cache/http_cache/reverse_proxy.md

View workflow job for this annotation

GitHub Actions / vale

[vale] docs/infrastructure_and_maintenance/cache/http_cache/reverse_proxy.md#L159 

[Ibexa.CodeBlockLanguages] Always provide a language with a code block.
Raw output 
{"message": "[Ibexa.CodeBlockLanguages] Always provide a language with a code block.", "location": {"path": "docs/infrastructure_and_maintenance/cache/http_cache/reverse_proxy.md", "range": {"start": {"line": 159, "column": 1}}}, "severity": "ERROR"}
env:HTTPCACHE_USERNAME=myuser
env:HTTPCACHE_PASSWORD=mypasswd
```

If you want to use Basic Auth with Fastly on [[= product_name_cloud =]], please see [Enable basic-auth on Fastly](...)

!!! note "Invalidating Varnish cache using tokens"

In setups where the Varnish server IP can change (for example, on [[= product_name_cloud =]]),
Expand Down
Loading