Full VCL / Magento / Web Apps

Varnish 4.x VCL for Magento 2

by , , revisited on

We have by far the largest RPM repository with dynamic stable NGINX modules and VMODs for Varnish 4.1 and 6.0 LTS. If you want to install NGINX, Varnish, and lots of useful modules for them, this is your one-stop repository to get all performance-related software.
You have to maintain an active subscription in order to be able to use the repository!

Use our up-to-date, bug-free, time tested, and proactively developed version of Varnish VCL for Magento 2.


Varnish 4.x

The supported Varnish version is 4.x.

SSL offload header

Magento 2 changed the default SSL offload header. Version 2.0 used SSL_OFFLOADED while the latter use X-Forwarded-Proto.
If you were upgrading versions, you might still have the old value. To ensure the correct value, set it via CLI:

bin/magento config:set --lock-config web/secure/offloader_header X-Forwarded-Proto

This will preserve the correct value in the file app/etc/config.php as opposed to the database.

The Key differences from default Magento VCL

  • Microcache for search results
  • Clearing cache for a specific store (you need to amend changes to core as per this ticket for this)

  1. Tontsa

    Does this configuration already have all traffic re-directed to our SSL-termination proxy?

    I have previously used this kind of redirecting rules in my configuration:

    sub vcl_recv {
        if ( (req.http.host ~ "^(?i)www.example.com" || req.http.host ~ "^(?i)example.com")
          && req.http.X-Forwarded-Proto !~ "(?i)https") {
            return (synth(750, ""));
    sub vcl_synth {
        if (resp.status == 750) {
          set resp.status = 301;
          set resp.http.Location = "https://www.example.com" + req.url;

    Do I need to add this to the file, or does it have something similar already implemented?

    • Danila Vershinin

      Hi Tontsa,

      Yes, you would still need to add code similar to the one you posted for SSL redirects.
      However, it is not needed if you set Magento base URLs to start with https://. In that case Magento will do the redirects and Varnish will cache them.

  2. DD Bear

    What are the differences/advantages between this VCL and the one that is generated from the Magento 2.1 Admin?

    • Danila Vershinin

      The VCL here will cache search results for 30 minutes whereas default Magento VCL will not.

  3. Hubertus

    Hello Danila,
    i have a question regarding magento 2 and varrnish caching:
    I configured it and it works fine so far.
    Now we know that google wants to have us website owners to deliver the whole website in secure https to get better ranking (and in general its a good idea 🙂 ) .

    Is then the whole varnish cache ineffective because all of the data stream is secure and not directed to the varnish cache but to hitch?

    • Danila Vershinin

      Hi Hubertus,

      Varnish will stay effective in a Hitch + Varnish setup.
      As long as you configure things in a way that traffic flows through Varnish – you are fine.

      In a typical setup, that is the case. Example :
      * An SSL terminator (be it Hitch, or nginx, or anything else) at port 443, “forwarding” (proxying) traffic to Varnish at port 80
      * Varnish listening at port 80, forwarding traffic to backend at e.g. port 8080
      * The backend (Apache, nginx, whatever) at port 8080.

  4. Hubertus

    Ok, thank you!

  5. Odz

    I am getting 502 Gateway time out error, while using this vcl, Can you please guide me what I did wrong?

    • Danila Vershinin

      That error is coming from NGINX. So you should be checking its error log. Gateway timeout likely means that PHP processing is too slow.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.