How to use HTTPS with Varnish?

As you know, Varnish does not directly support SSL/TLS. However, in the process of using and researching, I have found a way to use HTTPS with Varnish, which is using the SSL Termination Proxy model.

How the SSL Termination Proxy works using Nginx in conjunction with Varnish:

  1. A user accesses the website through the HTTPS protocol (port 443).
  2. The SSL Termination Proxy (Nginx) forwards that request to the Cache Proxy (Varnish), which currently serves the HTTP protocol (port 80). If Varnish has a cache content, it immediately responds without step 5.
  3. Cache Proxy (Varnish) requires content from the backend server (Nginx) and cached if not already.
  4. Backend server (Nginx) responds to the required data.
  5. Cache Proxy (Varnish) transfers data to SSL Termination Proxy (Nginx).
  6. SSL Termination Proxy (Nginx) encrypts the data and sends it to the end user.

The backend server can be one or more servers. Of course, you can use the same Nginx server as a proxy and backend.

To install, configure and use, I have described in detail in the Varnish series. Suppose you have a server that works normally with Nginx and Varnish.

1. Add the Nginx configuration code as an SSL Proxy

You need to edit the corresponding domain configuration file in the directory /etc/nginx/conf.d/

The #SSL fragment you remember replaced with the corresponding certificate of Let’s Encrypt or Comodo with corresponding server_name.

Reload Nginx configuration:

2. Configure Varnish redirect to HTTPS

Still let Varnish listen port 80, add the following redirect code (for Varnish 4) to the /etc/varnish/default.vcl configuration file.

At this time, all HTTP request will be Varnish redirected to HTTPS.

Reload Varnish configuration:

If you use WordPress, you may need to add the following code to your wp-config.php file for WordPress to enable HTTPS:

So it’s done, simple.

Good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *