Using Varnish with SSL

Mattias Geniar mattias at nucleus.be
Tue Mar 22 10:01:45 CET 2011


Hi Per,

> > What I'd like to know is the best way to configure this (and if its
possible
> actually). I very much need to keep SSL access open, I realise that I
could just
> run apache 'native' on :443, but I'd be a lot happier if I can push it
through
> Varnish.
> 
> www.varnish-cache.org and www.varnish-software.com are running a
> hidden apache (w/PHP) behind Varnish. On port 443 there is a
> minimalistic nginx which does the SSL stuff and connects to Varnish.
> It works well.

So you're routing all SSL (port 443) via Nginx- > to Varnish -> to
Apache? Meaning your nginx is covering the SSL certificates, and your
backend is only getting "normal" unencrypted hits?
How does that translate to performance? Are you losing a lot by passing
it all via nginx first?

It's an interesting discussion, I'd love to hear more on the "best
practice" implementation of this to get the most performance gain.

Regards,
Mattias




More information about the varnish-misc mailing list