How to Setup SSL in Varnish Cache

February 19, 2020 10 min read 6244 views

I don't think it is necessary to explain what a Varnish Cache is and how it affects the load speed of the site. At least not in this post. If you are here, I suppose that you want to know how to setup SSL in Varnish.

Flash
Flash

In fact, the developer of Varnish finds it a bad idea to implement SSL support. But there are still several ways to tackle this issue.

Option 1

First, you need to understand whether it is possible to handle SSL with another service and leave communication with the server on which Varnish is installed at the default port.

Example: DigitalOcean offers Fully Managed SSL Certificates. In other words, you can create a Load Balancer and configure SSL.

Then, create a droplet on the internal network (without access from the outside), raise the environment (Varnish and other software), and attach it to the Load Balancer.

But before you start, I want to highlight that you should make sure that your hosting provider offers some solutions (Cloud Flare, etc).

Option 2

Let's imagine that we have to raise the environment to implement the API (monolith) on Laravel Framework, and we have our own VPS with root access.

The process looks like this:

Nginx handles the 443 port, handles static assets and proxy other requests to another Varnish Cache:6081.
Varnish checks the cache, and if not then proxy request to the backend (Nginx: 81, why Nginx and not PHP I will write below), gets the result, caches, and gives Nginx.
Nginx: 81 handle requests and run PHP on 9000 port or a socket.
PHP launches Laravel... It's no longer interesting to us, we've known it for a long time.

So the scheme in short:

Nninx: 443 -> Varnish: 6081 -> Nginx: 81 -> PHP: 9000

Why doesn't Varnish apply directly to PHP? Because PHP-FPM does not understand Varnish requests, and you will most likely get a 503 error.

Laravel, by the way, is a good solution since they “play nice together.”

I will skip boring guides on installing LEMP and concentrate your attention on configs.

Virtualhost for Nginx: /etc/nginx/conf.d/api.myserver.com.conf

server {

    listen 443;

    server_name www.api.myserver.com api.myserver.com;
    
    access_log   /var/log/nginx/access.log;
    error_log    /var/log/nginx/error.log;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    location / {
        proxy_pass http://127.0.0.1:6081;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header HTTPS "on";
    }

   location ~ /\.ht {
       deny all;
   }

   location ~ /.well-known {
       allow all;
   }

    # I used letsencrypt service )

    ssl_certificate /etc/letsencrypt/live/myserver.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/myserver.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {

    listen 80;

    server_name  www.api.myserver.com api.myserver.com;

    return 301 https://www.$host$request_uri;

}

server {

    listen 81;

    server_name api.myserver.com www.api.myserver.com;

    root /var/www/api/public;

    index index.php;

    access_log   /var/log/nginx/access.log;
    error_log    /var/log/nginx/error.log;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ .php$ {
	    include snippets/fastcgi-php.conf;
        fastcgi_param HTTPS on;
        fastcgi_pass   127.0.0.1:9000; # OR unix:/var/run/php7.4-fpm.sock;
    }
}

I used this template. You just have to modify the backend port.

# /etc/varnish/default.vcl
...

backend server1 { # Define one backend
  .host = "127.0.0.1";    # IP or Hostname of backend
  .port = "81";           # Port Nginx or whatever is listening
  .max_connections = 300; # That's it

...

/etc/default/varnish

...

DAEMON_OPTS="-a :6081 \ # input
             -T localhost:6082 \ # admin
             -f /etc/varnish/default.vcl \ # proxy conf
             -S /etc/varnish/secret \ # secret conf
             -s malloc,256m" 

...

That's all. Those simple maneuvers can significantly accelerate a project. I hope this little guide will help you save your time and reduce your suffering.

POSTED IN:

How about to rate this article?

August 10, 2022 4 min read
Healthcare Management System (HMS): Features and Benefits
- technologies
- web development
November 26, 2020 10 min read
Best Laravel Based CMS That You Should Know
August 18, 2022
Vue.js and SEO — Your Steps To Take To Become More SEO Friendly

Explore all articles Explore all articles

let`s get in touch!

Name Email Phone number How can we help?

Your budget How did you learn about us?

By submitting this form I consent to processing my personal data as described in the Privacy Policy

Send me NDA

Success!
Thanks for your message.

While we are processing your request, don’t hesitate and follow us on social networks! Send more letter

OTAKOYI’s developers have helped the client see a 40% MoM growth with their retention metrics aligned with global firms. Their team showcases impressive energy, flexibility, and problem-solving skills. They also genuinely care about the project and pay attention to detail, timelines, and costs.

Michael Askew

CEO, ASKWHO

They have a huge amount of talent and depth technical knowledge. With OTAKOYI’s support, the client successfully launched the website with visible improvements like an increase in the number of new account sign-ups. The team adjusted their workflow and communication based on what the client wanted.

Simon Nilsson

Co-CEO, Work-Wide Group

OTAKOYI has delivered a high-quality application within the client’s timeline, scope, and budget. They’ve been a professional, transparent partner who has swiftly resolved issues and maintained constant communication with the client via Signal. The client has enjoyed working with them.

Dr. Arne-Rasmus Draeger

Executive, ACARiS

From planning to deployment, OTAKOYI were always responsive to our needs and went above and beyond for us.
Based on their level of quality – we were expecting the budget need to be much higher for what we were asking, but they came in much lower than competitors of really high quality.

Samuel Bleakly

Marketing Director, Coto World

OTAKOYI's work has led to higher retention of customers due to increased functionality and better UX/UI. Their developers have been knowledgeable and extremely proficient. They're also capable of thinking outside of the box — they not only listen to instructions but also provide improved solutions.

Philip Ly

CEO, LES Automotive

OTAKOYI's development work has improved productivity. We've also happy with their positive attitude and engineering excellence - their suggestions significantly improve the products we ask them to build.

Vance Heron

CTO, PeteHealth

External clients are highly satisfied. OTAKOYI’s effective project management and communication have reduced the oversight burden on their client. They work hard to meet deadlines and resolve issues, taking ownership of the work.

Tobias Sturesson

CEO, Fervent

All internal and external feedback has been positive. OTAKOYI’s skilled team is dedicated and hardworking. Their agility spurred continued engagement. Customers can expect a flexible and cooperative team while working with OTAKOYI.

Alex Reizer

Product Manager, Kadabra

Client feedback has been overwhelmingly positive. OTAKOYI’s ability to adapt to and communicate about project specifications were hallmarks of their work. They're quick to iterate and always willing to go the extra step to accommodate a client.

Shlomie Singer

Co-Founder & Owner at uBranded

OTAKOYI applied their design expertise and worked diligently at all times. They were receptive to feedback and implemented changes quickly, but can improve their QA process. The result is a streamlined, beautiful website that is admired by customers.

Artyom Popov

Co-Founder at Escape Room

OTAKOYI’s platform has allowed the business to effectively display its content. By adapting to the clients’ needs, they provided excellent project management and high-quality deliverables.

Michal Nowakowski

Founder in a Castles.today

OTAKOYI’s team is focused and able to handle a wide variety of different projects. Their project management system is well organized, and they have maintained excellent relations with the clients that were outsourced to them.

Alex Ostroverkh

CEO at PettersonApps

Their web design is fantastic, and the site didn’t have any bugs. They’re communicative and strive to meet expectations. The new site has brought in lots of new organic traffic and looks good

Mariya Osnovina

Brand Manager – Intersono IVF clinic

The team at OTAKOYI integrates seamlessly with internal resources and has become a valuable partner in determining best practices. Their user experience design skills have helped define meaningful user journeys.

Waleed Kharma

Managing Director, Foxtrapp

The software met expectations and is used daily by the business. The multiyear engagement proves OTAKOYI’s dedication to the work as they continue to be effective, smart, and skilled. As a partner, they’re responsive and available, delivering on each task assigned to them.

Pavlo Lysy

CEO & Founder, Panem

How to Setup SSL in Varnish Cache

Table of contents

Option 1

Option 2

How about to rate this article?

RELATED ARTICLES

let`s get in touch!

Success!
Thanks for your message.

How to Setup SSL in Varnish Cache

Table of contents

Option 1

Option 2

How about to rate this article?

RELATED ARTICLES

let`s get in touch!

Success!Thanks for your message.

Success!
Thanks for your message.