February 1, 2024
5 min read time

Varnish Controller 6.0 Makes Varnish Easier Than Ever

Varnish Controller 6.0 Makes Varnish Easier Than Ever

Varnish Controller 6.0 is here! This represents a milestone for Varnish Software and the evolution of Controller, our UI-based Varnish management and configuration platform. From the initial release of Controller, it has been dedicated to streamlining Varnish tasks, automating actions, and enabling easier management of even the most complex caching setups.

In Controller 6.0, we’re taking this further and integrating more tasks into the dashboard, for frictionless caching operations managed at the click of a button. Controller 6.0 includes the following notable features:

  • Full TLS certificate handling
  • API / UI configurable components
  • Sub-decisions for tag-based routing
  • Agent and router transfer
  • Varnish Traffic draining
  • Authentication support for OpenID connect
  • Performance improvements

All of these changes are included in the API and CLI as well as the user interface. We go through the new features in more detail below, and you can also watch Varnish’s own Technical Evangelist Thijs Feryn take a look at Controller 6.0 here:


Full TLS Certificate handling for Varnish and Traffic Router

This update enables full handling of Transport Layer Security (TLS) certificates. These certificates consist of a public and private key. During the TLS handshake, the website server shares its TLS certificate with the client, which recognizes it and ensures that it is up-to-date and trustworthy. The client then returns a session key which the server decrypts using its private key. Finally, the server sends back an encrypted confirmation with a key to begin a secure session that protects server integrity and privacy. Now you can configure and handle your TLS certificate information on the fly, from within the Controller dashboard. Certificates can be assigned to Varnish servers and Domains, which enables TLS certificates to be dynamically loaded and unloaded. The dashboard shows information about each certificate; expiration dates, serial numbers, and which servers are using them. Certificates no longer need to be manually updated, but can be configured right in the interface, which will store and maintain database and file system-stored TLS certificates and keys. Also, now Varnish doesn’t need to be restarted manually when updating TLS certificates; this will happen automatically according to the parameters you set.

Full support for TLS certificate handling for Varnish Traffic Router is also included.

The certificate overview window.

The certificate overview window.

Configurable Components

Within the UI, users can now quickly configure many more components, with a focus on the kinds of things you want to modify in runtime. By being able to change statistics filters and log levels off-the-cuff, without needing to restart, you’re able to debug, visualize, and inspect operations much more easily



Random and Least utilized added as a sub-decision for tag-based routing (Traffic Router)

Traffic Router, Controller’s integrated request routing tool, allows you to set custom routing rules and parameters and optimize how your Varnish setup handles traffic. One of these routing rules is for tag-based routing. Previously, if the tag rule was activated, but there were multiple servers with the same tag, Traffic Router would choose the first healthy node. Now, in Controller 6.0, there are sub-decisions available within tag-based routing. If the same tag is found for multiple nodes, you can now decide to choose between these nodes using Random or Least Utilized routing rules to choose the first healthy random or least utilized node; a more efficient way of balancing traffic while enjoying the easier tag-based management of your caching services.

Cross-Organization Agent Router Transfer

With the Controller’s versatile multi-tenant access, a system administrator now has the ability to manage and transfer Controller Agents and Traffic Router components to/from and between business units without handing out access to admin configurations or having to perform a restart in between actions. This enables easier management when increasing resources in a specific business area, for purposes of handling higher load or conducting testing. The Configurable Components capability, mentioned above, and this Agent Router Transfer feature share similarities in that it’s about removing the need to restart any servers to do configuration management; you’re able to do this directly without touching the actual server.

Traffic Draining from Specific Varnish Servers

When you have a Varnish cache server that you want to take offline for whatever reason but it’s currently handling live traffic, there is now an easy way to decommission it without disrupting any processes. Traffic Router in Controller v6.0 has a simple tool for draining traffic from specific servers. The server stays up and running with the traffic it’s currently handling, but Traffic Router won’t direct any new traffic its way - instead, it seamlessly routes it to other available servers. After all the traffic is drained from the server, it can be taken offline, ready for maintenance or re-configuration. Then, at the click of a button, it can be added back into the live system ready to receive new traffic.


Draining traffic and agent router transfer are simple processes

Draining traffic and agent router transfer are simple processes

Support for OpenID Connect

The UI now supports the OpenID Connect authentication protocol, so users can securely log in to Varnish Controller using their company’s sign-on e.g. Google, Azure, Active Directory. This is a convenient way to access Controller using your organization’s existing Identity Provider. One of the advantages of OpenID is its convenience and portability. By having to remember multiple sets of login credentials, OpenID allows you to rely on a single identity provider for authentication. 

View the whole range of performance improvements, and fixes in Controller 6.0 on the changelog here. To get hands-on with Controller 6.0, why not take our demo environment for a spin? Sign up here to get credentials for the demo environment right away. After you’ve had a look at the full range of Controller and Traffic Router features, our team will be happy to walk through the dashboard and demonstrate the full power of Controller and how it can reduce friction, save time, and make cache management simple.