Full VCL / Magento / Web Apps

Varnish 4.x VCL for Magento 2

by , , revisited on

We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

Use our up-to-date, bug-free, time tested, and proactively developed version of Varnish VCL for Magento 2.


Varnish 4.x

The supported Varnish version is 4.x.

SSL offload header

Magento 2 changed the default SSL offload header. Version 2.0 used SSL_OFFLOADED while the latter use X-Forwarded-Proto.
If you were upgrading versions, you might still have the old value. To ensure the correct value, set it via CLI:

bin/magento config:set --lock-config web/secure/offloader_header X-Forwarded-Proto

This will preserve the correct value in the file app/etc/config.php as opposed to the database.

Correct Magento/NGINX configuration

Magento must be configured with pub directory of your Magento as the root directive in NGINX.


root /srv/www/example.com;


root /srv/www/example.com/pub;

Subsequently, the base URL should not include /pub/ at all.
This is the most secure setup, as only files under pub will be web-accessible.

The key differences from the default Magento VCL:

  • Microcache for search results
  • Clearing cache for a specific store (you need to amend changes to the core as per this ticket for this)
  • Proper health check URI (deals with a stupid issue that was, of course, never dealt with by Magento team)

  1. Tontsa

    Does this configuration already have all traffic re-directed to our SSL-termination proxy?

    I have previously used this kind of redirecting rules in my configuration:

    sub vcl_recv {
        if ( (req.http.host ~ "^(?i)www.example.com" || req.http.host ~ "^(?i)example.com")
          && req.http.X-Forwarded-Proto !~ "(?i)https") {
            return (synth(750, ""));
    sub vcl_synth {
        if (resp.status == 750) {
          set resp.status = 301;
          set resp.http.Location = "https://www.example.com" + req.url;

    Do I need to add this to the file, or does it have something similar already implemented?

    • Danila Vershinin

      Hi Tontsa,

      Yes, you would still need to add code similar to the one you posted for SSL redirects.
      However, it is not needed if you set Magento base URLs to start with https://. In that case Magento will do the redirects and Varnish will cache them.

  2. DD Bear

    What are the differences/advantages between this VCL and the one that is generated from the Magento 2.1 Admin?

    • Danila Vershinin

      The VCL here will cache search results for 30 minutes whereas default Magento VCL will not.

  3. Hubertus

    Hello Danila,
    i have a question regarding magento 2 and varrnish caching:
    I configured it and it works fine so far.
    Now we know that google wants to have us website owners to deliver the whole website in secure https to get better ranking (and in general its a good idea 🙂 ) .

    Is then the whole varnish cache ineffective because all of the data stream is secure and not directed to the varnish cache but to hitch?

    • Danila Vershinin

      Hi Hubertus,

      Varnish will stay effective in a Hitch + Varnish setup.
      As long as you configure things in a way that traffic flows through Varnish – you are fine.

      In a typical setup, that is the case. Example :
      * An SSL terminator (be it Hitch, or nginx, or anything else) at port 443, “forwarding” (proxying) traffic to Varnish at port 80
      * Varnish listening at port 80, forwarding traffic to backend at e.g. port 8080
      * The backend (Apache, nginx, whatever) at port 8080.

  4. Hubertus

    Ok, thank you!

  5. Odz

    I am getting 502 Gateway time out error, while using this vcl, Can you please guide me what I did wrong?

    • Danila Vershinin

      That error is coming from NGINX. So you should be checking its error log. Gateway timeout likely means that PHP processing is too slow.

  6. code_bucket

    Hi, while using this VCL, my page content doesn’t display correctly. I only get the full page after refreshing the page 4-5 time. Do you have any clue on what’s happening here? Once I turn off Varnish, the site works fine.

  7. Figo

    Is the above vcl templates still valide for varnish6, generated from magento 2.4? If no, could the above be upgraded please.

  8. secaliskan

    Hi Danila, I guess you are very busy but can you please rearrange the VCL for Varnish 6.X? Since varnish 4.X is quite old we can not install

  9. Danila Vershinin

    Guys, don’t know your specific reason for using Varnish 6, but Varnish 4 isn’t “dead” to me yet.
    Sure, Varnish 4 is EOL but some features has been made commercial in Varnish 6 (example Varnish Agent),
    and Magento 2 never dropped support for Varnish 4 even in its VCL generation code.
    And if they ever do, it doesn’t matter – all it needs is for a caching proxy cache that supports ESI (Varnish just happens to be one that is well known).

    As far as Varnish 6 config, the standard one can be generated through the command line via bin/magento varnish:vcl:generate.
    And the better plan for the improved config above (for both Varnish 4 and 6) would be developing a new command that generates VCL in a similar fashion but the resulting VCL will have the right stuff / fixes above.

    Anyone wishing this to happen, vote/comment on a ticket on the extras n98-magerun2 commands repo. This would help to set priorities.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: