Hi, For a more detailed answer : we don't support H/2 in varnish yet (working on it!). So, if you really really want H/2, having nginx in front of varnish can be a solution.
If you are only interested in https, however, varnish 4.1 and onward supports the proxy protocol. It will allow to use and SSL/TLS terminator such as hitch or haproxy that will handle the encryption for you. The advantage to using the proxy protocol is that varnish is aware of it. If you use nginx to proxy the requests, varnish will only see one client: nginx. This means you'll have to do some gymnastics with XFF headers if you want to filter by ip address for example. Plus, nginx is a bit overkill in terms of resources to just be a tls terminator. Migrating to varnish 4 requires a bit of work (not that much, really), but it's worth it, especially considering v3 is EOL. -- Guillaume Quintard On Sun, Dec 27, 2015 at 9:27 PM, Mattias Geniar <[email protected]> wrote: > > Can anyone point us on the right direction here? > > What you need is a reverse proxy in front of your Varnish instances: > consider running a tool like Nginx (which has HTTP/2 support in its > mainline repositories) that does all your TLS connections and proxies the > request on to Varnish, to keep optimising the cache. > > Mattias > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
