Configuring a HTTP and HTTPS web accelerator using Varnish

Question

I have installed and configured varnish on my new server. The server is currently working for http traffic.

I would like to also forward SSL traffic to my webserver. It is not necessary to cache this traffic at this time.

Any suggestions? Thank you!

Welcome to Ask Ubuntu! If I understand your question correctly, you want to handle the SSL layer at your webserver behind Varnish, right? Why would want a caching server to only forward traffic? You can use plain firewall (iptables) rules or have your webserver connected directly at port 443 for this without the need for traffic to pass Varnish. — gertvdijk, Jan 29 '13 at 21:09
Those are great suggestions. I have decided to just forward HTTPS traffic from the firewall to the webserver bypassing the Varnish cache. — Dgahagan, Jan 31 '13 at 15:23
Your information about the iptables was very helpful since I was not sure if I would be able to get the requested changes in place at the firewall. If I was not able to change the firewall from forwarding all traffic to the cache, I would have tried to use the iptables to pass the HTTPS traffic along to the webserver. (I think we both agree that is a bit silly, but if I were unable to make the firewall change)
Note: Our firewall, cache, and web server are all separate devices. — Dgahagan, Jan 31 '13 at 15:26

score 1 · Accepted Answer · edited Apr 13 '17 at 12:23

1

After reading the comment by gertvdijk, I have decided that the best strategy is to forward HTTPS traffic from the firewall directly to the web server, bypassing the Varanish proxy (as I don't need it to cache this traffic).

If I understand your question correctly, you want to handle the SSL layer at your webserver behind Varnish, right? Why would want a caching server to only forward traffic? You can use plain firewall (iptables) rules or have your webserver connected directly at port 443 for this without the need for traffic to pass Varnish.

edited Apr 13 '17 at 12:23

Community

1

answered Jan 31 '13 at 15:31

Dgahagan

11

If you mark this as the answer, it will be removed from the "Unanswered questions" queue. – Grizly Feb 26 '13 at 09:11
Thanks, I was not sure if I should mark my own summary of another users comment as the answer. – Dgahagan Feb 26 '13 at 19:41
yeah, I checked on meta as unanswered questions were getting me down. – Grizly Feb 26 '13 at 21:54

score 0 · Answer 2 · edited Jun 18 '14 at 00:14

0

I don't think varnish support caching for https, if you want caching with ssl, nginx might be a better choice for you

edited Jun 18 '14 at 00:14

Seth

59,442
44
149
201

answered May 26 '14 at 23:20

Blanca Higgins

1

Configuring a HTTP and HTTPS web accelerator using Varnish

2 Answers2