Reducing the risk of change


All Varnish VCL changes submitted will be validated, and if compilation fails, the changes will be rejected. All running Varnish instances will maintain the last known good configuration. This applies to both in-browser editing and using git push from a local workspace.

In the beginning

The core tenets at are to provide a platform that is open, easy and gives control to the user. All three of these are present in the Varnish Configuration Language editor in our Aperture portal.

We expose the raw VCL, in the browser, for the user to customise, save, and deploy just as the user could if they managed their own Varnish instance. This approach is also key to honouring another mantra - “It’s just Varnish”.

Unfortunately, our original implementation differed from normal Varnish usage in an important way: deploying broken VCL to any typical Varnish instance would be rejected and Varnish would continue to operate with the last known good configuration. However’s Varnish instances would instead lose the last known good configuration and begin serving an error response for all requests.

How did this happen?

This difference in handling broken configurations was a by-product of ensuring that the committed files at tip of the repository branch (eg Production) should represent the active configuration of the reverse-proxies handling live traffic. The intent was to reduce the conceptual complexity that would arise from having the most recent commit show one state whilst needing another branch (or tag) to track the state that was last successfully deployed.

This behaviour, while not helping the chance of breaking your site through web-based VCL editing, has always been mitigated by’s recommended local development experience. In local development, VCL changes can be tested, not only to ensure correct syntax, but also to confirm that the actual impact on your site’s behaviour is what you had intended, and tested against the same Varnish version as used in production.

We have wanted to improve upon this situation for a while, to make even easier and safer to use with confidence. Now we have.

A better experience

The platform now performs Varnish VCL validation when saving changes made in the Aperture portal web-based editor and when pushing commits from your local development git workspace. This means that you cannot save broken configuration to your application repository that might have previously resulted in serving error pages to your visitors.

For those with a technical interest, this validation is implemented by passing your desired configuration changes to a duplicate Docker container of the same Varnish proxy image that is used to handle your live traffic. This provides high confidence that the configuration is valid in the context of your specific Varnish version and its settings and available modules.

While we still strongly encourage implementing and testing changes in a development environment before promoting them through to Production, you can now also make quick changes in the browser without fear of accidentally forgetting a semicolon.

Blog Categories

Interested in articles about a specific topic? Click on a category to see all related content. Sign up

Want to get started improving your website performance, scalability, and security? Sign up for a 14 day free trial of and see what we can do for you!

Get started