New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HTTPS Caching
punkstar69
Member
in Help
Heyo.
We use a LNMP with Varnish listening on :80 and nginx on :8080.
There is also APC cache running in the background for us, trying to maximize wordpress speed.
Since we need to force all http:// to https:// using SSL, we are looking for a solution that will provide efficient caching like Varnish did.
Actually, do we need varnish anymore, when redirecting http to https? I guess only for the static files caching, but nginx can also do good work on this.
Any advises are much appreciated (stunnel guides etc)
Comments
nginx -> varnish -> backend
try mod_spdy https://code.google.com/p/mod-spdy/
there's a module for nginx as well.
What even?
Surely you mean Varnish -> Nginx -> Backend ?
You can configure nginx yo cache content in in memory.
Setup HTTPS in NGINX. Do a reverse proxy to Varnish, which is already caching the HTTP version of the site
Profit.
Note that some things work oddly through varnish, such as WebDav and HTTP Auth (I couldn't get either of those working when setting up owncloud with cached HTTPS, and subsequently the owncloud client could not log in)
Varnish does not support https, does it?
thats what im thinking too
Well it doesnt. The only solution (at least known for me) is to use stunnel for https, but im trying to avoid this :-)
No, it doesnt - thats why you use the solution mentioned above. Nginx handles the HTTPS, and passes it onto Varnish instead.
^ This is the solution.
Varnish should not handle connection directly. Varnish does one job and it does very well, which is http caching. Nginx is to handle https connections.
+1 SPDY, but the latest package randomly broke PHP for me. I would wait until after it comes out of beta for production sites.
Varnish cannot see the SSL connections to proxy (since the data is encrypted), there are ways to decrypt the SSL stream before Varnish and re-encrypt after Varnish - or like everyone is saying only handle encryption at the network edge.
Not everyone can use Nginx to handle all SSL connections at the edge though, for example in Java EE servers the Java server must perform the encryption (on par with the standard).