Unfortunately due to strict security requirements we are not able to offload SSL onto the load balancer/cache it has to go to apache.
Can you clarify this?
In this scenario you can't even use anything besides a tcp balancer since you can't simply put a plain http cache/proxy like nginx or varnish between as it needs to read (and alter) the http headers which would beat all the ssl/encryption purpose ("man in the middle").
Of course nginx can proxy also https traffic (like proxy_pass https://yoursite;) to backends but it would still need the SSL certificates for the https to function on client side.
This is why usually the SSL offloading is done on the top level (in your case it would be nginx which then passes the X-Forwarded-For header to varnish which further passes it to apache and apache converts it to client ip).
rr
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
