varnish ssl

Ashish Nepal aashisn at hotmail.com
Fri May 3 08:55:11 CEST 2013


Hi thanks for your reply, I have started using nginx as SSL termination and now my infra is somewhat changed ... public will hit to DNS - pointed towards varnish+nginx(x2) - now varnish box is also doing loadbalancig - which will send traffic in round roubin fashion to 4 web boxes.

So far everything works and quite reasonable amount of hits however I am getting some kind of inconsistency on varnish response : I randomly get 503 send back even when there is healthy web boxes and I have been following this list where I saw quite a few having similar issue ... I have changed timeout and checking out if that helps.  Secondly can anyone guide me on nginx socket level security tips other than Conn limit. And if there is any additional security tips on varnish layer other than securityvcl?

Thank you

me at ibotty.net wrote:

>hi,
>
>i don't know whether i completely understand what you are trying to do.
>
>i understood, that your load balancer understands https traffic and
>passes cleartext traffic to the webservers. if that is right, instead of
>your proposed stack
>
>> Public => varnish(x2) => loadbalancer => Web servers (x4)
>
>you might do the stack (your notation)
>
>public => loadbalancer => varnish(x2) => web servers (x4)
>
>the load balancer won't do as much work, because varnish will load
>distribute as well. that might or might not work in your case (i'm
>pretty confident it in fact will work).
>
>good luck,
> tobias florek
>
>
>
>_______________________________________________
>varnish-misc mailing list
>varnish-misc at varnish-cache.org
>https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>


More information about the varnish-misc mailing list