varnish with ssl

Ken Brownfield kb+varnish at
Thu Apr 8 02:05:35 CEST 2010

> On Wed, Apr 7, 2010 at 2:30 PM, Poul-Henning Kamp <phk at> wrote:
>>> (1) stunnel doesn't scale particularly well, and can't scale across
>>> multiple CPUs in any event;
>> There are other SSL proxies than stunnel.
> I'm not aware of any that both do what stunnel does and is more
> scalable.  Any examples?

Pound.  Maybe eventually in haproxy.  Plus a half dozen or so smaller projects that aren't likely production-ready.  Plus various commercial solutions.

You could drop Apache+mod_ssl+mod_proxy in front of Varnish.  You can even choose between prefork or worker.  Of course, it would be painful to set up and diagnose, and it scales poorly compared to the single-process model.  But your ps output will be longer.

The single-process model as regards scalability is a red herring.

More information about the varnish-misc mailing list