Using Varnish with SSL

Mattias Geniar mattias at
Tue Mar 22 10:01:45 CET 2011

Hi Per,

> > What I'd like to know is the best way to configure this (and if its
> actually). I very much need to keep SSL access open, I realise that I
could just
> run apache 'native' on :443, but I'd be a lot happier if I can push it
> Varnish.
> and are running a
> hidden apache (w/PHP) behind Varnish. On port 443 there is a
> minimalistic nginx which does the SSL stuff and connects to Varnish.
> It works well.

So you're routing all SSL (port 443) via Nginx- > to Varnish -> to
Apache? Meaning your nginx is covering the SSL certificates, and your
backend is only getting "normal" unencrypted hits?
How does that translate to performance? Are you losing a lot by passing
it all via nginx first?

It's an interesting discussion, I'd love to hear more on the "best
practice" implementation of this to get the most performance gain.


More information about the varnish-misc mailing list