Skip to main content

Caching Laravel with Varnish


PHP Framework popularity as at 2013 - Sitepoint
After having a very good experience with using Varnish to cache a Wordpress site we decided to look at caching Laravel.

Laravel always generates cookies regardless of whether a person is logged in or not.  This interferes with Varnish which by default will pass all requests with a cookie to the backend and skip the cache.

In our particular case our site supported the ability for users to login and would then present them with custom content.  This means that cookies are not restricted to a particular path so we can't discard cookies based on the request as we did for Wordpress when discarding everything except /wp-admin/* requests.

My solution was to use a package called session-monster ( Packagist ) which sets a response header if the data in the Laravel session can be ignored.  Varnish can detect this header and prevent the cookie from being set since we don't really need it.  This together with the varnish config below handily caches pages for all the users who are not logged in.

Unfortunately we're doing this as an afterthought to add value to a client and caching was not part of our original project design.  This means that there is not development time available to make use of edge side includes which would allow caching the parts of a page that are static even for logged in users.  Early proof of concept tests show that implementing ESI is not particularly difficult.  Here's a useful looking blog post on how to implement it.  Luckily in our case we don't expect there to be many logged in users compared to non.

So assuming that you've gotten your nginx, hhvm, and varnish up and running here is an example configuration file:

 backend default {  
  .host = "127.0.0.1";  
  .port = "8080";  
 }  
 acl purge {  
  "127.0.0.1";  
  "localhost";  
 }  
 sub vcl_recv {  
   # handle purge requests  
   if (req.request == "PURGE") {  
     if (!client.ip ~ purge) {  
       error 405 "Not allowed.";  
     }  
     ban("req.url ~ "+req.url+" && req.http.host == "+req.http.host);  
     error 200 "OK";  
   }  
   if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {  
     return(lookup);  
   }
    # the cookie will persist until it expires (see your laravel session config)
    if (req.http.Cookie ~ "laravel_session") {
     return(pass);
    }   
    # else ok to fetch a cached page  
   return (lookup);  
 }  
 sub vcl_fetch {  
   # strip the cookie before the static file is inserted into cache.  
   if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {  
     unset beresp.http.set-cookie;  
   }  
   # remove some headers we never want to see  
   unset beresp.http.Server;  
   unset beresp.http.X-Powered-By;  
   unset beresp.http.X-Pingback;  
   set beresp.do_esi = true; /* Do ESI processing */  
   set beresp.ttl = 10m;  
   # don't cache response to posted requests or those with basic auth  
   if ( req.request == "POST" || req.http.Authorization ) {  
      return (hit_for_pass);  
   }  
   # Laravel always adds a session cookie - we remove it with session monster and check it here  
   # Do this before checking the page state but after post  
   if (beresp.http.X-No-Session ~ "yeah") {  
     unset beresp.http.set-cookie;  
   }  
   else
   {
       # do not cache responses which are for logged in users
       return (hit_for_pass);
   }
   # only cache status ok  
   if ( beresp.status != 200 ) {  
     return (hit_for_pass);  
   }  
   # else ok to cache the response  
   return (deliver);  
 }  
 sub vcl_deliver {  
   if (obj.hits > 0) {  
     set resp.http.X-Cache = "HIT";  
   }  
   else {  
     set resp.http.X-Cache = "MISS";  
   }  
   unset resp.http.Via;  
   unset resp.http.X-Varnish;  
 }  
 sub vcl_hit {  
  if (req.request == "PURGE") {  
   purge;  
   error 200 "OK";  
  }  
 }  
 sub vcl_miss {  
  if (req.request == "PURGE") {  
   purge;  
   error 404 "Not cached";  
  }  
 }

Installing the Laravel side of things is simple:
  1. Add a require for session monster to your composer file ( "haifanghui/session-monster": "dev-master" )
  2. Edit your application config and include the provider as in the snippet below
  3. Edit app/config/session.php and set the session lifetime to a number you feel comfortable with
   'providers' => array(  
     'HaiFangHui\SessionMonster\SessionMonsterServiceProvider'  
   ),
You need to set the session timeout so that the cookie expires sometime after the user logs out.  Even though Laravel will stop emitting the cookie when the user logs out the browser will keep sending it and breaking the cache.  
Labels:

Comments

  1. Phoenix18 October 2015 at 10:46

    Great post!! It helps alot, could you please though post a config (vcl) for Varnish 4?

    ReplyDelete
  2. oliver25 March 2019 at 12:58

    I am using both Memcached and Varnish with my Laravel (https://www.cloudways.com/blog/integrate-laravel-cache/ ) website. However, instead of manually configuring varnish, I used a package to do it. Memcached was easier to configure than varnish.

    ReplyDelete

Post a Comment

Popular posts from this blog

Separating business logic from persistence layer in Laravel

There are several reasons to separate business logic from your persistence layer.  Perhaps the biggest advantage is that the parts of your application which are unique are not coupled to how data are persisted.  This makes the code easier to port and maintain. I'm going to use Doctrine to replace the Eloquent ORM in Laravel.  A thorough comparison of the patterns is available  here . By using Doctrine I am also hoping to mitigate the risk of a major version upgrade on the underlying framework.  It can be expected for the ORM to change between major versions of a framework and upgrading to a new release can be quite costly. Another advantage to this approach is to limit the access that objects have to the database.  Unless a developer is aware of the business rules in place on an Eloquent model there is a chance they will mistakenly ignore them by calling the ActiveRecord save method directly. I'm not implementing the repository pattern in all its ...
Post a Comment
Read more

"Word of the Day" PHP script (with word list)

I was looking around for a way to generate a word of the day on the web and didn't find anything. So I coded a quick and dirty script to do it. Just in case anybody does a Google search and manages to find my blog: here is my Word of the Day PHP script : Copy this code snippet into a wordoftheday.php file: $file = fopen("interesting_words.txt","r"); $raw_string = fread($file,filesize("interesting_words.txt")); fclose($file); $words_array = explode("|",$raw_string); echo $words_array[array_rand($words_array)]; Of course the real issue I had was finding a list of interesting words in the right format. Here is the list of interesting words that I used: Copy this into a file called interesting_words.txt : ubiquitous : being or seeming to be everywhere at the same time; omnipresent| ecdysiast : a striptease artist| eleemosynary : of, relating to, or dependent on charity| gregious : c...
Post a Comment
Read more

Solving Doctrine - A new entity was found through the relationship

There are so many different problems that people have with the Doctrine error message: exception 'Doctrine\ORM\ORMInvalidArgumentException' with message 'A new entity was found through the relationship 'App\Lib\Domain\Datalayer\UnicodeLookups#lookupStatus' that was not configured to cascade persist operations for entity: Searching through the various online sources was a bit of a nightmare.  The best documentation I found was at  http://www.krueckeberg.org/  where there were a number of clearly explained examples of various associations. More useful information about association ownership was in the Doctrine manual , but I found a more succinct explanation in the answer to this question on StackOverflow . Now I understood better about associations and ownership and was able to identify exactly what sort I was using and the syntax that was required. I was implementing a uni-directional many to one relationship, which is supposedly one of the most simpl...
Post a Comment
Read more