I'm running a fresh Varnish 7.5 install together with Hitch as a proxy for a remote server. It works great. But I'm trying to port in a little bit of inline C from my old install and I can't for the life of me get Varnish to allow it. The system is Debian 11 and Varnish was installed from the official packagecloud repo via their official install script.
Varnishadm tells me this:
Varnish> param.show vcc_feature 200
vcc_feature Value is: none,+err_unref,+allow_inline_c,+unsafe_path Default is: none,+err_unref,+unsafe_path
And my systemd execstart for varnish tells me this:
/usr/sbin/varnishd -a :80 -a localhost:8443,PROXY -p feature=+http2 -p vcc_feature=+allow_inline_c -f /etc/varnish/default.vcl -s file,/var/lib/varnish/varnish_storage.bin,32G -p nuke_limit=999
Which is also what shows in 'systemctl status varnish'
But VCC tells me this:
Message from VCC-compiler:
Inline-C not allowed
('/etc/varnish/widget.vcl' Line 5 Pos 5)
C{
----##
Running VCC-compiler failed, exited with 2
VCL compilation failed
I've tried using param.set from varnishadm but it makes no difference. I've altered and reverted the systemd service file a dozen times, trying the old syntaxes for enabling it. My only real guess at this point is that because the first param set for vcc_feature is "none" that it overrides and disables all further parameters? The docs don't really explain anything and the context is muddy. I've played with it for several hours off and on, tried daemon-reload and full reboot (and crushed my backend media server for a minute thereby).
How in the heck do I get inline C working here? I can't even begin porting and adjusting my modules because I can't get permission from the compiler to try.
Edit 1: Following Mr Feryn's example I added a simple include to the top of default.vcl just so see if it maybe didn't like it being added from a different file. It now looks like:
vcl 4.1;
#Import optional Varnish Modules
import std;
import bodyaccess;
import vsthrottle;
import cookie;
import directors;
import proxy;
import geoip2;
C{
#include <stdio.h>
}C
#Import Access Control Lists and special modules.
#ACL of known TOR exit nodes (updated by root cron 4/day)
#include "/etc/varnish/tornodes.vcl";
#ACL of known public VPN nodes and subnets (updated by root cron 1/week) EMERGENCY USE ONLY
#include "/etc/varnish/VPNs.vcl";
# Default backend definition. Set this to point to your content server.
backend default {
But running "sudo varnishd -C -f /etc/varnish/default.vcl" just returns:
> Message from VCC-compiler:
Inline-C not allowed
('/etc/varnish/default.vcl' Line 27 Pos 1)
C{
##
I believe I figured it out. When running varnishd -C to test vcl compiling it doesn't read any of the set parameters in varnishadm or treat them as generic daemon settings like I was assuming they would. I had to explicitly enable inline c in the varnishd test compile in the same same way that Mr. Faryn launched his varnish daemon in his example.
sudo varnishd -C -f default.vcl -p vcc_feature=+allow_inline_c
And now it tells me that the code is good. This seems like a very minor but potentially frustrating usability oversight that should really be in the docs somewhere. I would have assumed that a param set via varnishadm would be persistent in every invocation of the daemon without the need to set explicit flags. Anyway thank you very much for the help!