Robert Shilston rtshilston at
Mon Mar 14 09:22:02 CET 2011

On 14 Mar 2011, at 08:14, Poul-Henning Kamp wrote:

> In message <AANLkTiny7-wR9kfVWJ8-bh8NOAuQ=p1N+PHPQTKZss7H at>, Per 
> Buer writes:
>> Yes. If we use the patched stunnel version that haproxy also uses. It
>> requires Varnish to understand the protocol however, as the address of the
>> client is sent at the beginning of the conversation in binary form.
> I would say  "Use a more intelligent SSL proxy" then...

We're using Varnish successfully with nginx.  The config looks like:

worker_processes  1;

error_log  /var/log/nginx/global-error.log;

pid        /var/run/;

events {
   worker_connections  1024;

http {

   include       mime.types;
   default_type  application/octet-stream;

   sendfile        on;

   keepalive_timeout  65;

   server {
       ssl on;
       ssl_certificate      /etc/ssl/;
       ssl_certificate_key  /etc/ssl/;
       listen a.b.c.4 default ssl;

       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;

       # Proxy any requests to the local varnish instance
       location / {
           proxy_set_header "Host" $host;
           proxy_set_header "X-Forwarded-By" "Nginx-a.b.c.4";
           proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
           proxy_pass a.b.c.5;

More information about the varnish-misc mailing list