SSL and Varnish
Cosimo Streppone
cosimo at streppone.it
Tue Sep 7 15:34:48 CEST 2010
On Tue, 07 Sep 2010 13:27:35 +0200, Rob S <rtshilston at gmail.com> wrote:
> If you've used SSL with varnish in production, can you share any
> wisdom on your configuration and approaches?
>
> We've been happily using Varnish in production for just over a year, and
> now want to use it for an SSL site so that we can use ESI, load
> balancing and other such facilities offered by Varnish. I've searched
> over the Varnish website, and can't see any examples of a recommended
> SSL configuration.
We setup all varnish boxes where we need SSL with
nginx on :443 and varnishd on :80.
The local nginx server proxy-passes everything to localhost:80,
with the following config bit:
server {
ssl on;
ssl_certificate /etc/ssl/certs/your.crt;
ssl_certificate_key /etc/ssl/private/your.key;
listen 443 default ssl;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Proxy any requests to the local varnish instance
location / {
proxy_set_header "Host:" $host;
proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
proxy_pass http://localhost:80;
}
}
> I'll happily consolidate the answers into a coherent document for the
> website so that others can benefit in future.
Would be nice!
--
Cosimo
More information about the varnish-misc
mailing list