Start your free trial in minutes

Get full Virtual Registry Premium and Artifact Firewall free for 30 days. Request your license, install Virtual Registry on your platform, and point a client at it to see two things on your own traffic: packages accelerating, and a package blocked by your policy at request time.

01. Request your license

Want to accelerate private packages while preserving your registries' access controls? Need artifacts stored on disk so they survive restarts? Try Virtual Registry Premium and Varnish Artifact Firewall free for 30 days with a self-service trial license.

Enter your details and your 30-day Virtual Registry Premium license file arrives in your inbox. No sales call required.

YOUR 30-DAY TRIAL

One license, two full-featured products

Your trial unlocks Virtual Registry Premium and Varnish Artifact Firewall together: the same layer that accelerates artifact delivery also verifies every package at request time. When the 30 days end, the two behave differently. Virtual Registry keeps running in Free mode with the feature set shown here. Artifact Firewall stops enforcing until it's licensed.

VIRTUAL REGISTRY FEATURES FREE PREMIUM
Public registry cache
End-to-end TLS
In-memory cache
OpenTelemetry metrics
OpenTelemetry tracing -
Private registry caching -
Persistent caching -
Programmability -
Support -

ARTIFACT FIREWALL

Full-featured for 30 days: request-time verification on every registry you enable, nothing extra to install. After the trial, enforcement turns off. Keep it on with a license: talk to an expert.

 

Trialing Artifact Firewall? It's part of the same license: you'll switch it on in step 3.

Next: Install Virtual Registry ↓ | ↑ All Steps

02. Install Virtual Registry

Pick the platform that fits your environment, run the one-line install, and follow the full guide on the documentation site. Each guide also shows how to supply your own configuration file for that platform, which is what you'll do in step 3. No need to wait for your license email: Virtual Registry runs in free mode right away, and step 3 unlocks Premium when your license arrives.

 

Docker

Fastest path

One command, and Virtual Registry is listening on port 80 with the default configuration.

Full Docker installation guide →

docker run -p 80:80 varnish/orca

Kubernetes (Helm)

Deploy to your cluster with the official Helm chart, configured through values.yaml.

helm install varnish-orca oci://docker.io/varnish/orca-chart

Full Kubernetes guide →

Debian / Ubuntu

DEB

Install the varnish-supervisor package from the Varnish package registry.

sudo apt -y install varnish-supervisor

Full Debian / Ubuntu guide →

RHEL / CentOS

RPM

Install the varnish-supervisor package, then enable and start the service.

sudo yum -y install varnish-supervisor

Full RHEL / CentOS guide →

CHECK IT'S RUNNING

Virtual Registry answers 200 OK on its health-check endpoint regardless of host.

Troubleshooting

curl http://localhost/healthz -I

Next: Configure and add your license ↓ | ↑ All Steps

03. Configure and add your license

Create your own config.yaml with the registry to accelerate, and point Virtual Registry at the license file from your trial email to unlock Premium. This example defines a single npm registry; the rest of this guide builds on it. On Docker and Kubernetes, supply this file as your own configuration rather than editing the default shipped with the image: the installation guides in step 2 show how for each platform.

 

# config.yaml
varnish:
  http:
  - port: 80
license:
  file: /app/license.lic
virtual_registry:
  registries:
  - name: npmjs
    default: true
    remotes:
    - url: https://registry.npmjs.org

 

Virtual Registry supports Docker, Go, Helm, and more: see the configuration reference →. On Docker, mount the license file into the container. On Kubernetes, load it as a secret and reference it in values.yaml. On Linux, place it at /etc/varnish-supervisor/license.lic and add the license section to default.yaml. License setup guide →

 

Enable Artifact Firewall

Artifact Firewall runs integrated with Virtual Registry. In the same config.yaml, switch it on for the npmjs registry you just defined with enable_firewall, and point the firewall section at two rulesets: a two-line policy of your own, and the OSV ruleset that blocks known-critical vulnerabilities automatically.

 

virtual_registry:
  registries:
  - name: npmjs
    enable_firewall: true
    remotes:
    - url: https://registry.npmjs.org

firewall:
  default_action: allow
  mode: normal
  rulesets:
  - path: /app/demo-rules.yaml
  - git:
      name: npm-osv-rules
      url: https://github.com/varnish/osv-rules.git
     sub_path: rulesets/npm/all.yaml

 

Save this next to your config as demo-rules.yaml. This is your own policy rule, written in the same format as the OSV ruleset, and your rules can take precedence over OSV's by setting a higher priority. It's the policy you'll see enforced in step 4.

 

# demo-rules.yaml
id: getting-started-demo
rules:
- id: block-demo-package
  match:
  - type: npm
    name: left-pad
  action: deny
 reason: Blocked by your policy

 

This example enforces from the start: mode: normal blocks non-compliant packages at request time, so the verification step in step 4 works out of the box. Prefer to evaluate a ruleset first? Start in mode: report to log its impact in the audit log without blocking anything. Artifact Firewall configuration reference →

 

Next: Point your clients at Virtual Registry ↓ | ↑ All Steps

04. Point your clients at Virtual Registry

Point npm at Virtual Registry and pull through it, no pipeline changes required. These examples assume npmjs.localhost resolves to 127.0.0.1; the subdomain tells Virtual Registry which registry to proxy. Running Virtual Registry remotely? Replace localhost with its address.

 

# Install a package through Virtual Registry
npm install express --registry=http://npmjs.localhost

# Already installed? Bypass npm's local cache so the request reaches Virtual Registry
npm install express --prefer-online --registry=http://npmjs.localhost

# See Artifact Firewall in action: your policy blocks this package at request time
npm install left-pad --registry=http://npmjs.localhost

 

The blocked install fails with a 403 that carries your rule's reason:

 

npm error code E403
npm error 403 403 Forbidden - GET http://npmjs.localhost/left-pad
npm error 403 Blocked by your policy

 

 

 

WHAT JUST HAPPENED

That last install was denied before a single byte reached your client: the demo rule from step 3, enforced at request time. Every package gets the same active verification – no quarantine window to wait out, no after-the-fact scan to catch up – and the OSV ruleset applies it automatically to known-critical vulnerabilities.

 

Artifact Firewall needs no client changes; the same endpoints serve every client. Using Docker, Go, or Helm clients? The tutorials in step 5 cover each one.

 

Next: Follow a tutorial ↓ | ↑ All Steps

Ready to see the acceleration on your own traffic?

Request your 30-day Virtual Registry Premium license and be caching artifacts in minutes. No pipeline changes, no sales calls. Your trial unlocks Varnish Artifact Firewall too.

Request a free trial