Varnish Cache and HTTPS

varnish-cache-httpsOne hurdle of Varnish Cache is that it is designed to accelerate HTTP, not the secure HTTPS protocol.

As more and more websites are moving all of their pages to HTTPS for better protection against attacks, this has become something many Varnish Cache users have to work around. To enforce HTTPS with Varnish Cache you will need to put an SSL/TLS terminator in front of Varnish Cache to convert HTTPS to HTTP.

One way to do this is by using Nginx as the SSL/TLS terminator. Nginx is another reverse proxy that is sometimes used to cache content, but Varnish Cache is much faster. Because Nginx allows for HTTPS traffic, you can install Nginx in front of Varnish Cache to perform the HTTPS to HTTP conversion. You should also install Nginx behind Varnish Cache to fetch content from your origin over HTTPS.

In the picture above, the TLS/SSL terminator (such as Nginx) is sitting both in front of Varnish Cache to intercept HTTPS traffic before it gets to Varnish Cache, and behind Varnish Cache so that requests are converted back to HTTPS before going to your origin. As shown by steps 7 and 8, if Varnish Cache already has an item or full page in its cache it will serve the content directly through the first Nginx instance and will not need to request via HTTPS back to the origin.

For detailed instructions on setting up Varnish Cache with HTTPS read this handy Digital Ocean tutorial.

If you are deploying Varnish Cache via a paid service or content delivery solution they may be able to handle this for you.

Section provides free SSL/TLS certificates for users and handles the SSL/TLS termination so users do not need to configure it separately.

Please contact us if you would like to know more about Section and how we provide full automated TLS/SSL for our users.

Get Started Today

Similar Articles