Thanks a lot for your suggestion for using HaProxy ;)
My thinking was just: why install another bit of software when apache is
able to do the SSL termination.
But like Andrei said, if traffic spikes hit the apache runaround will
not be the optimal solution.
Do you guys have any recent up-to-date tutorials / howtos on setting up
HaProxy as SSL terminator in front of varnish.
also doing the SSL redirects ...
Did look around for Hitch but wasn't very pleased with the info provided ;(
Any hints are welcome & thanks for your help & replies ;)
Greetings
Becki
On 15.08.2017 22:04, Jan Hugo Prins | BetterBe wrote:
I would not do it like that.
Better is to use something like Hitch or HaProxy (my preference) and
put that in front of Varnish.
Then HaProxy / Hitch can terminate all SSL traffic, and HaProxy can
also do your redirect to SSL if needed.
Then in Varnish you use the Apache server as a backend and let it only
serve what it needs to serve.
Use the ProxyProtocol to send the client information from HaProxy to
Vernish.
In Varnish you need to put the client IP into the X-Forwarded-For header.
In Apache you can then use this header to have the real client IP address.
This way you have the real client IP information on all layers.
Jan Hugo Prins
_______________________________________________
varnish-misc mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
