SSL and Varnish

Cosimo Streppone cosimo at
Tue Sep 7 15:34:48 CEST 2010

On Tue, 07 Sep 2010 13:27:35 +0200, Rob S <rtshilston at> wrote:

>   If you've used SSL with varnish in production, can you share any  
> wisdom on your configuration and approaches?
> We've been happily using Varnish in production for just over a year, and  
> now want to use it for an SSL site so that we can use ESI, load  
> balancing and other such facilities offered by Varnish. I've searched  
> over the Varnish website, and can't see any examples of a recommended  
> SSL configuration.

We setup all varnish boxes where we need SSL with
nginx on :443 and varnishd on :80.

The local nginx server proxy-passes everything to localhost:80,
with the following config bit:

   server {
       ssl on;
       ssl_certificate      /etc/ssl/certs/your.crt;
       ssl_certificate_key  /etc/ssl/private/your.key;
       listen 443 default ssl;

       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;

       # Proxy any requests to the local varnish instance
       location / {
             proxy_set_header "Host:" $host;
             proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
             proxy_pass http://localhost:80;

> I'll happily consolidate the answers into a coherent document for the  
> website so that others can benefit in future.

Would be nice!


More information about the varnish-misc mailing list