Varnish allocates one thread per connection. Even if it supports websockets, it's not going to scale well across tens of thousands of simultaneous persistent connections. The context switch and memory overhead will be considerable.

For now, Java-based servers (using netty) and node.js may be a better idea.

To clarify (and answer @sureshv), Varnish allocates one worker-thread per session (active connection), but those threads are pooled by the managed thread pool @sureshv referred to. It's recommended to leave the thread_pool value at 2 and scale the thread_pool_min and _max values to suit your traffic.

As for the handling of the websockets, setting the pipe_timeout variable in the vcl file would release any persistent, yet silent, connections.

Not only that, but letting all traffic through Varnish is not a good utilization of its resources at all.

The question is, how could I set up multiple servers on the same port? Or what else do I need to put in front of Varnish to route WebSocket connections elsewhere?

I'm starting to think this use case is not easy to solve under one IP address.

Varnish sits in front on port 80 then proxies based on the VCL configuration, you can parse the HTTP headers/path to pass through appropriately.

https://www.varnish-cache.org/docs/trunk/tutorial/websockets...

One of the things I've debated back and forth personally is if it's better to put nginx in front of varnish or vice versa.

There are reasons to do either but I've not come up with a definitive reason to go one way or another.

Node Http Proxy: https://github.com/nodejitsu/node-http-proxy

No need for Varnish for proxying your websockets.

Thanks for the link. This looks like an ideal tool to fulfil the same role as Varnish (in the stack I'd outlined) without losing SSL support or allocating one thread per active connection.

I don't see why Varnish would create one thread per allocation. They are using epoll/kqueue on an accept thread to handle new incoming requests. The requests themselves are handled by worker thread pool.

If you have Varnish then why have nginx? Is there an advantage to having nginx do the request routing?

I would think nginx would be better for holding open long "keep alive" connections than Apache or IIS if you are doing long polling etc.

Of course if you are just forwarding to another backend you may lose this.

Well, the sample is incomplete. Often, you also need a server for serving static files, which Nginx is really good at, but Varnish cannot do.

nginx can compress your HTTP traffic, while Varnish can't. So there are some things you would need nginx for.

However, I really think that nginx should implement proper support for WebSockets by now. I have requested this previously, but the request got unanswered.

FYI, compression was added to Varnish in 3.x:

https://www.varnish-cache.org/docs/3.0/tutorial/compression....

I like this technique! Only caveat is it adds another piece of infrastructure (Varnish) to your stack which while Varnish is very good, some people may not want to. But nice writeup!

this does not address the problem with ssl-traffic. varnish will delegate it to a reverse proxy _in front_ of itself. i usually deploy nginx. looks like a catch-22 for websockets ;).

So how do you handle the case of SSL in front of web traffic and web socket traffic? I need to handle both SSL and non-SSL. Right now I just use another port, but my users behind a firewall can't access the websocket.

usually a different websocket port. not what you wanted to hear i guess :|.

node-http-proxy is one option, but I'm just going to wait for nginx's native support.