Varnish Cache is one of the most powerful open-source HTTP accelerators, sitting in front of web servers to cache responses and dramatically reduce origin server load. Capable of delivering 300,000+ requests per second on commodity hardware, Varnish is used by major websites including Wikipedia, The New York Times, and Vimeo. However, Varnish administration has traditionally relied on command-line tools like varnishstat, varnishlog, and varnishadm, which provide powerful but complex terminal-based interfaces.

In this guide, we compare three web-based administration tools that make Varnish Cache management more accessible and efficient for operations teams.

What Is Varnish Cache and Why Does It Need Web Administration?

Varnish Cache is a reverse proxy HTTP accelerator designed for content-heavy websites. Unlike traditional web servers that serve every request from disk or application logic, Varnish caches HTTP responses in memory and serves them directly to subsequent requests. This architecture can reduce origin server load by 80-95% for cacheable content.

Varnish’s power comes from its configuration language, VCL (Varnish Configuration Language), which gives administrators fine-grained control over caching behavior, request routing, header manipulation, and backend selection. However, this flexibility comes with operational complexity:

  • Cache Invalidation: Purging specific URLs or patterns requires precise VCL configuration
  • Backend Health: Monitoring upstream server health and failover status
  • Performance Metrics: Tracking hit rates, response times, and memory allocation across 50+ Varnish counters
  • Ban Management: Creating and monitoring content bans for selective cache invalidation
  • VCL Compilation: Validating and loading VCL configurations without downtime

Web administration tools address these challenges by providing visual dashboards, simplified ban management, real-time metrics, and VCL editing interfaces.

Comparison: Varnish Agent 2 vs Varnish Agent Dashboard vs varnish-interface

FeatureVarnish Agent 2 (vagent2)Varnish Agent Dashboardvarnish-interface
GitHub Stars283+141+Community tool
Primary FocusFull server managementReal-time metrics dashboardBasic web interface
Real-Time MetricsYes (comprehensive)Yes (focused on key metrics)Basic
VCL ManagementYes (edit/reload)NoNo
Ban ManagementYes (create/monitor)NoNo
Backend HealthYesNoNo
Multi-Server SupportYes (agent-based)Single serverSingle server
Docker SupportCommunity imagesManual setupManual setup
TechnologyC/HTTP APINode.js/D3.jsPHP
Varnish Compatibility4.x, 5.x, 6.x, 7.x4.x, 5.x4.x+
AuthenticationAPI keysBasic authBasic auth
REST APIFullRead-only metricsNone

Varnish Agent 2 (vagent2)

Repository: varnish/vagent2 – 283+ stars

Varnish Agent 2 is the most comprehensive web-based management tool for Varnish Cache. Developed with involvement from the Varnish project itself, it provides a REST API and web interface for virtually all Varnish administration tasks.

Key Features

  • VCL Management: Edit, compile, and reload VCL configurations through the web interface
  • Ban Interface: Create and monitor content bans with a visual ban list
  • Backend Management: View backend health status, connection counts, and response times
  • Parameter Tuning: Modify Varnish runtime parameters without restarting the daemon
  • Statistics Dashboard: Access all Varnish counters with filtering and aggregation
  • REST API: Full programmatic access for integration with monitoring and automation systems

Docker Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

version: "3.8"

services:
  varnish:
    image: varnish:7.4-alpine
    container_name: varnish
    command:
      - "-a"
      - ":80"
      - "-T"
      - "localhost:6082"
      - "-f"
      - "/etc/varnish/default.vcl"
      - "-s"
      - "malloc,512m"
    ports:
      - "80:80"
    volumes:
      - ./default.vcl:/etc/varnish/default.vcl
    restart: unless-stopped

  vagent2:
    image: theohbrothers/docker-varnish-agent:latest
    container_name: vagent2
    ports:
      - "8090:8080"
    environment:
      - VARNISH_HOST=varnish
      - VARNISH_PORT=6082
    depends_on:
      - varnish
    restart: unless-stopped

VCL Configuration Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

vcl 4.1;

backend default {
    .host = "10.0.1.50";
    .port = "8080";
    .connect_timeout = 2s;
    .first_byte_timeout = 10s;
    .between_bytes_timeout = 5s;
    .probe = {
        .url = "/health";
        .interval = 10s;
        .timeout = 2s;
        .window = 5;
        .threshold = 3;
    }
}

sub vcl_recv {
    # Normalize the Host header
    if (req.http.host ~ "^(www\.)?example\.com$") {
        set req.http.host = "www.example.com";
    }

    # Bypass cache for authenticated users
    if (req.http.Authorization) {
        return (pass);
    }

    # Cache only GET and HEAD requests
    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }
}

sub vcl_backend_response {
    # Cache static assets for 1 hour
    if (bereq.url ~ "\.(css|js|png|jpg|gif|ico|svg|woff2?)$") {
        set beresp.ttl = 1h;
        set beresp.http.Cache-Control = "public, max-age=3600";
    }

    # Default TTL for HTML pages
    if (bereq.url !~ "\.(css|js|png|jpg|gif|ico|svg|woff2?)$") {
        set beresp.ttl = 5m;
    }
}

Varnish Agent Dashboard

Repository: ITLinuxCL/Varnish-Agent-Dashboard – 141+ stars

The Varnish Agent Dashboard focuses on providing real-time, visually appealing metrics for Varnish Cache performance. Built with Node.js and D3.js, it presents key performance indicators in an easy-to-read format with live-updating charts.

Key Features

  • Live Metrics Dashboard: Real-time charts for hit rates, request rates, and cache efficiency
  • D3.js Visualizations: Beautiful, responsive graphs for Varnish statistics
  • Multiple Server Support: Switch between multiple Varnish instances
  • Lightweight: Minimal resource footprint compared to full monitoring stacks
  • Easy Setup: Simple configuration pointing to Varnish admin interface

Docker Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

version: "3.8"

services:
  varnish:
    image: varnish:7.4-alpine
    container_name: varnish
    command:
      - "-a"
      - ":80"
      - "-T"
      - "localhost:6082"
      - "-f"
      - "/etc/varnish/default.vcl"
      - "-s"
      - "malloc,256m"
    ports:
      - "80:80"
    volumes:
      - ./default.vcl:/etc/varnish/default.vcl
    restart: unless-stopped

  varnish-dashboard:
    build:
      context: ./varnish-dashboard
      dockerfile: Dockerfile
    container_name: varnish-dashboard
    ports:
      - "8091:3000"
    environment:
      - VARNISH_ADMIN_HOST=varnish
      - VARNISH_ADMIN_PORT=6082
    depends_on:
      - varnish
    restart: unless-stopped

1
2
3
4

FROM node:18-alpine
RUN npm install -g varnish-agent-dashboard
EXPOSE 3000
CMD ["varnish-agent-dashboard", "--host", "varnish", "--port", "6082"]

Installation

1
2
3
4
5
6
7

# Install Node.js dependencies
npm install -g varnish-agent-dashboard

# Run the dashboard
varnish-agent-dashboard --host varnish-server --port 6082

# Access the dashboard at http://localhost:3000

varnish-interface: Lightweight Web Interface

Repository: rghose/varnish-interface – Community tool

varnish-interface is a minimal PHP-based web interface that provides basic Varnish management capabilities. It requires only the varnishadm binary to be available on the host system, making it the lightest option of the three.

Key Features

  • Minimal Dependencies: Only requires PHP and the varnishadm binary
  • Basic Stats Display: View key Varnish counters in a web browser
  • Ban Interface: Issue ban commands through a simple web form
  • VCL Status: Check currently loaded VCL configuration status
  • Low Overhead: Negligible resource consumption

Docker Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

version: "3.8"

services:
  varnish:
    image: varnish:7.4-alpine
    container_name: varnish
    command:
      - "-a"
      - ":80"
      - "-T"
      - "0.0.0.0:6082"
      - "-f"
      - "/etc/varnish/default.vcl"
      - "-s"
      - "malloc,256m"
    ports:
      - "80:80"
      - "6082:6082"
    volumes:
      - ./default.vcl:/etc/varnish/default.vcl
    restart: unless-stopped

  varnish-interface:
    image: php:7.4-apache
    container_name: varnish-interface
    ports:
      - "8092:80"
    volumes:
      - ./varnish-interface:/var/www/html
    depends_on:
      - varnish
    restart: unless-stopped

PHP Stats Interface

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

<?php
// varnish-stats.php -- Simple stats viewer
function run_varnishadm($cmd) {
    $output = shell_exec("varnishadm -S /etc/varnish/secret -T localhost:6082 $cmd 2>&1");
    return $output;
}

$stats = run_varnishadm("stats");
$backend = run_varnishadm("backend.list");
$bans = run_varnishadm("ban.list");

echo "<h1>Varnish Cache Status</h1>
";
echo "<pre>" . htmlspecialchars($stats) . "</pre>
";

echo "<h2>Backends</h2>
";
echo "<pre>" . htmlspecialchars($backend) . "</pre>
";

echo "<h2>Active Bans</h2>
";
echo "<pre>" . htmlspecialchars($bans) . "</pre>
";
?>

Choosing the Right Varnish Administration Tool

The choice depends on your operational needs:

Varnish Agent 2 (vagent2) is the production-grade choice. It provides the most comprehensive feature set including VCL management, ban operations, backend health monitoring, and a full REST API. If you manage Varnish in a professional environment and need full administrative control through a web interface, this is the tool to deploy.

Varnish Agent Dashboard excels at monitoring and visibility. Its D3.js-based charts provide the best real-time visualization of Varnish performance metrics. Deploy this alongside your existing VCL management workflow when you need beautiful, live-updating dashboards for your operations team.

varnish-interface is suitable for lightweight deployments where you need basic web access to Varnish status without the complexity of a full management platform. Its minimal dependency footprint (PHP + varnishadm) makes it easy to deploy on existing infrastructure.

Varnish Performance Best Practices

  1. Size Your Cache Appropriately: Use -s malloc,size to allocate memory based on your workload. Start with 1-2GB and adjust based on hit rates
  2. Use ESI for Partial Caching: Edge Side Includes allow caching page fragments independently
  3. Implement Grace Mode: Serve stale content while fetching fresh content from backends
  4. Monitor Hit Rates: A cache hit rate above 80% indicates effective caching; below 60% suggests VCL tuning is needed
  5. Health Probes: Configure backend health checks to automatically route around failed origin servers
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

sub vcl_backend_response {
    # Grace mode: serve stale content for 10 minutes while refreshing
    set beresp.grace = 10m;

    # Mark content as stale but still cacheable
    if (beresp.status >= 500) {
        set beresp.ttl = 0s;
        set beresp.grace = 5m;
        set beresp.uncacheable = true;
    }
}

Why Self-Host Varnish Cache Administration?

HTTP caching is one of the most impactful performance optimizations a web infrastructure team can implement. Varnish Cache routinely reduces origin server load by 80-95%, translating to significant cost savings and improved user experience. Yet managing Varnish effectively requires more than just installing the daemon – administrators need visibility into cache performance, the ability to manage VCL configurations safely, and tools to handle cache invalidation without dropping to the command line.

Self-hosted Varnish administration tools address the gap between Varnish powerful but complex command-line interface and the need for accessible, team-wide operational visibility. Web-based dashboards allow any team member – not just senior sysadmins – to monitor cache hit rates, check backend health, and issue targeted bans when content needs immediate invalidation.

Running these tools on your own infrastructure keeps sensitive operational data private. Varnish statistics reveal detailed information about your traffic patterns, backend performance, and content delivery strategy. Self-hosted administration ensures this data never leaves your network, which is important for competitive and compliance reasons.

The tools compared in this guide are all open source and freely available. There are no per-server licensing fees, no vendor lock-in, and no dependency on third-party SaaS availability. Your caching infrastructure remains fully manageable even during internet outages or SaaS provider disruptions.

For CDN and edge caching strategy, see our CDN edge caching with Varnish, Traffic Server, Squid, and Nginx guide. For load balancer management, check our HAProxy dataplane API and management guide. For reverse proxy GUI options, our Nginx Proxy Manager vs SWAG vs Caddy comparison covers the landscape.

FAQ

What is Varnish Cache and how does it differ from Nginx caching?

Varnish Cache is a dedicated HTTP accelerator designed from the ground up for caching. Nginx can also cache responses, but it is primarily a web server and reverse proxy. Varnish typically delivers higher cache hit throughput because its entire architecture is optimized for caching. Use Varnish when caching is your primary concern; use Nginx when you need a general-purpose web server with optional caching.

How do I purge content from Varnish Cache?

Varnish supports two invalidation methods: ban and purge. A ban marks matching objects as invalid without immediately removing them (they are lazily invalidated on next access). A purge immediately removes the object. In vagent2, you can create bans through the web interface. Via command line: varnishadm ban req.url ^/path/to/purge.

Can Varnish handle HTTPS traffic?

Varnish does not natively support TLS termination. The standard pattern is to place a TLS terminator (like Hitch, Nginx, or HAProxy) in front of Varnish. Hitch, developed by the same team as Varnish, is the recommended TLS terminator as it integrates seamlessly with Varnish’s PROXY protocol support.

What is VCL and why is it important?

VCL (Varnish Configuration Language) is the domain-specific language used to configure Varnish behavior. It defines how requests are handled, what gets cached, how backends are selected, and how responses are modified. VCL compiles to C code for maximum performance. Learning VCL is essential for effective Varnish administration.

How do I monitor Varnish Cache performance?

The key metrics are: cache hit rate (cache_hit / (cache_hit + cache_miss)), backend response time, connection counts, and memory usage. Both vagent2 and Varnish Agent Dashboard display these metrics in real-time. The command-line tools varnishstat and varnishlog provide detailed counter information for troubleshooting.

Can I run Varnish in Docker for production?

Yes, but with caveats. Varnish in Docker requires proper memory allocation (-s malloc,size), correct admin port exposure (-T), and careful network configuration. The shared memory log (VSL) requires either host networking or a shared volume. For production, consider using the official varnish Docker image with appropriate resource limits.

How does Varnish handle cache invalidation for dynamic content?

Varnish provides several invalidation strategies: HTTP PURGE requests (configured in VCL), ban expressions (regex-based content matching), and cache tagging (associating objects with tags for group invalidation). For high-churn content, use shorter TTLs with grace mode rather than aggressive purging.