Skip to main content

Varnish and Drupal

Varnish is front-end web proxy that I've been using with my Drupal sites for 18 months now. I talked about it in a presentation at Drupal camp with Khalid.

A front-end web proxy means that instead of visitors directly accessing the Drupal site, they go through a caching layer. I like to think of varnish as a protective bubble around Drupal.

Using Varnish has a number of benefits, and in my presentation I was particularly interested in demonstrating how it enables a site to survive huge spikes of sudden traffic, beyond what a web server would normally be able to handle. So that's one of the benefits.

Another important benefit is to reduce the load on the server, enabling better response. Or more cynically, it would enable you to pile more sites onto your server. But to explore this more closely: by moving most of your 'easy' page loads out of the php/apache stack, you can tune your stack better to what it's got to do - and you're not wasting 128Mb or more of RAM when serving an image, which is what happens by default on a server with apache and mod_php.

But even if you've got a pretty ordinary site and no server load issues, here's a reason why Varnish benefits you: your visitors' experience of speed. The key is that the traffic that is most sensitive to the load speed of your site is anonymous traffic to your front page. That's because new visitors (who usually end up first on your front page) are the ones you have to engage immediately or they go away (technically known as a "bounce"). A typical site might have a bounce rate of 50%, so any slowness in loading that front page by anonymous visitors is going to make a difference to whether that visitor continues to explore the site, or just leaves out of the tedium of waiting (who wants to wade through a slow loading site?). And here's why Varnish is the perfect solution: it does its best caching of your most visited pages to anonymous visitors!

And finally, some numbers. I was curious just how much traffic varnish might divert from a 'regular' drupal site, and haven't found anybody else's numbers.  Here are my last 2 months on one of my servers. The short answer is: about 30% of the visits go entirely to Varnish, more than half the hits (mainly because varnish caches images/css/js files for up to 2 weeks, even for logged-in users), and about half the total bandwidth.

Anybody got any comparable statistics?


MonthUnique visitorsNumber of visitsPagesHits
Feb 2012471448530546285476603111.79 GB
Mar 2012399636941748503083841612.76 GB


MonthUnique visitorsNumber of visitsPagesHits
Feb 201260082118672449906226430724.89 GB
Mar 20125171397369452394211089024.44 GB

Popular posts from this blog

IATS and CiviCRM

Update, Nov 2009: I've just discovered and fixed a bug I introduced in the 2.2 branch for the IATS plugin. The bug was introduced when i updated the API files from IATS and failed to notice that the legacy method for C$ one-time donations was no longer supported.
If you're using a version greater than or equal to 2.2.7, and are using IATS for C$, non-recurring donations, then you're affected.
To fix it edit the file : CRM/Core/Payment/IATS.php, and remove the line that looks like this:

$canDollar = ($params['currencyID'] == 'CAD'); //define currency type The full fix removes a conditional branch based on that value a little further on, but by removing this line, it'll never actually use that branch. Drop me a line if you have any questions.
Update, May 2009: This post is still getting quite a bit of traffic, which is great. Here are a few important things to note:
The IATS plugin code is in CiviCRM, you don't need to add any code.You do still …

Me and varnish win against a DDOS attack.

This past month one of my servers experienced her first DDOS - a distributed denial of service attack. A denial of service attack (or DOS) just means an attempt to shut down an internet-based service by overwhelming it with requests. A simple DOS attack is usually relatively easy to deal with using the standard linux firewall called iptables.  The way iptables works is by filtering the traffic based on the incoming request source (i.e., the IP of the attacking machine). The attacking machine's IP can be added into your custom ip tables 'blacklist' to block all traffic from it, and it's quite scalable so the only thing that can be overwhelmed is your actual internet connection, which is hard to do.

The reason a distributed DOS is harder is because the attack is distributed from multiple machines. I first noticed an increase in my traffic about a day after it had started - it wasn't slowing down my machine, but it did show up as a spike in traffic. I quickly saw that…

Confused by online payment processing? You're not alone.

In the old days during "polite" conversation, it was considered rude to talk about sex, politics, religion and money. You might think we're done with taboos, we're not (and I'll leave Steven Pinker to make the general argument about that, as he does so well in The Better Angels of Our Nature).

The taboo I'm wrestling with is about money - not how much you make, but about online payment processing, how it works, and what it costs. In this case, I think the taboo exists mainly because of the stakes at hand (i.e. lots of money) and the fact that most of those who are involved don't get much out of explaining how it really works - i.e. the more nuanced communications are overwhelmed by sales-driven messaging, and the nuanced stuff is either proprietary secrets or likely to get slapped down by the sales department.

In other words, if you want to really understand about online payment processing because you want to decide between one system and another, you'…