[Users] New Wiki Server, please change your Hosts file
Malte S. Stretz
mss at msquadrat.de
Sat Sep 30 13:40:10 CEST 2017
Hi David,
On 29.09.2017 23:01, David Sommerseth wrote:
> On 27/09/17 14:52, Malte S. Stretz wrote:
>> thanks for the heads up. Running Varnish with HTTPS in front shouldn't
>> be a problem either,
> Does Varnish support SSL/TLS these days? Last time I checked (in the
> 3.x generation), it was generally frown upon by the upstream developers
> and claiming it was pointless. I've moved over to nginx with caching
> instead; not as well performing as a well tuned Varnish server can be
> but more than reasonable enough.
Nope, Varnish doesn't support HTTPS natively yet and never will even
though Varnish 5.0 supports HTTP/2 by now: You generally run it in a
sandwich configuration like the one Jorge implemented now
(nginx->varnish->apache) where the front facing service terminates the
actual TLS and passes all required information down the line. The
officially recommended software to terminate TLS is hitch. We tend to
either use haproxy or use the same service which handles the actual
backend traffic. When running on AWS I'd use their ELB to terminate TLS.
Often simple caching as done by nginx (or Apache) is really enough and
simpler to maintain than throwing Varnish into the mix. There are still
cases for Varnish though, especially when working around a badly written
backend which isn't really cache friendly.
Cheers,
Malte
More information about the Users
mailing list