Best practice for SSL passthrough?
mattias at nucleus.be
Fri Jun 17 14:36:19 CEST 2011
> We're building a varnish cache to put on a separate machine in front
of a site that uses both http and https.
> Varnish is of course only supposed to cache http requests, but what is
the best practice to
> pass https through to the backend? I'm thinking about putting a
separate varnish instance
> up on port 443 that does a pipe on all requests.
We're actually a pretty big fan of running Nginx on port 443 for our SSL
(so let Nginx encrypt all traffic), and let it talk to the backend port
80 (your varnish) as a proxy configuration.
If I'm not mistaken, that's how varnish-cache.org works as well.
With Nginx you can pass some extra headers to your backend as well, so
you can differentiate between HTTP and HTTPs traffic.
More information about the varnish-misc