Varnish plus LetsEncrypt


#1

I want to run LetsEncrypt on a RHEL server for SSL. My concern is configuring Varnish to work with SSL without running into issues. I have found conflicting articles online about Varnish completely not working with SSL at all to others saying that it can be done but there is a lot of configuration and you need an aditional proxy service such as Hitch to make it work (https://fnord.no/posts/2015-11/letsencrypt/).

Has anyone tried to integrate LetsEncrypt with Varnish and have you had success doing so?


#2

Read: "Why no SSL?"
https://www.varnish-cache.org/docs/trunk/phk/ssl.html
(via www_dot_version2_dot_dk_slash_comment_slash_166590#comment-166590 - in danish )

Maybe you shold use a TLS/SSL termination proxy?

In that wikipedia article you will find:

  • TLS termination proxies are used to reduce the load on the main servers by offloading the cryptographic processing to another machine, and to support servers that do not support TLS, like Varnish.
  • Wikipedia uses Nginx as its TLS termination proxy.

#3

Thanks! I’ll look into that, I read somewhere about something called hitch that is a termination proxy that could be used. I didn’t know if it was an unnecessary extra step though.