using http/2 with varnish

Guillaume Quintard guillaume at varnish-software.com
Mon Dec 28 09:48:33 CET 2015


Hi,

For a more detailed answer : we don't support H/2 in varnish yet (working
on it!). So, if you really really want H/2, having nginx in front of
varnish can be a solution.

If you are only interested in https, however, varnish 4.1 and onward
supports the proxy protocol. It will allow to use and SSL/TLS terminator
such as hitch or haproxy that will handle the encryption for you.

The advantage to using the proxy protocol is that varnish is aware of it.
If you use nginx to proxy the requests, varnish will only see one client:
nginx. This means you'll have to do some gymnastics with XFF headers if you
want to filter by ip address for example. Plus, nginx is a bit overkill in
terms of resources to just be a tls terminator.

Migrating to varnish 4 requires a bit of work (not that much, really), but
it's worth it, especially considering v3 is EOL.

-- 
Guillaume Quintard

On Sun, Dec 27, 2015 at 9:27 PM, Mattias Geniar <mattias at nucleus.be> wrote:

> > Can anyone point us on the right direction here?
>
> What you need is a reverse proxy in front of your Varnish instances:
> consider running a tool like Nginx (which has HTTP/2 support in its
> mainline repositories) that does all your TLS connections and proxies the
> request on to Varnish, to keep optimising the cache.
>
> Mattias
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20151228/4118bc97/attachment.html>


More information about the varnish-misc mailing list