On Tue, 07 Sep 2010 13:27:35 +0200, Rob S <[email protected]> wrote:
If you've used SSL with varnish in production, can you share any
wisdom on your configuration and approaches?
We've been happily using Varnish in production for just over a year, and
now want to use it for an SSL site so that we can use ESI, load
balancing and other such facilities offered by Varnish. I've searched
over the Varnish website, and can't see any examples of a recommended
SSL configuration.
We setup all varnish boxes where we need SSL with
nginx on :443 and varnishd on :80.
The local nginx server proxy-passes everything to localhost:80,
with the following config bit:
server {
ssl on;
ssl_certificate /etc/ssl/certs/your.crt;
ssl_certificate_key /etc/ssl/private/your.key;
listen 443 default ssl;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Proxy any requests to the local varnish instance
location / {
proxy_set_header "Host:" $host;
proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
proxy_pass http://localhost:80;
}
}
I'll happily consolidate the answers into a coherent document for the
website so that others can benefit in future.
Would be nice!
--
Cosimo
_______________________________________________
varnish-misc mailing list
[email protected]
http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
