Are you wondering how to configure Apache2 for SSL Termination With Varnish? Our experts have put together this guide to help you out. Our Server Management Support team is here to lend a hand with your queries and issues.
How to set up Apache2 for SSL Termination With Varnish
Currently, HTTPS has started becoming mandatory. While this improves security drastically, it makes it difficult to deploy a Varnish caching server.
This is due to the fact that Varnish does not support HTTPS. In other words, we cannot configure Varnish to listen for incoming HTTPS connections on the external IP on port 443.
This is where we need an intermediary program to accept, decrypt and hand off the HTTPS connections as HTTP requests to Varnish. Additionally, it also re-encrypts them on the way out. This intermediary program is called an SSL terminator.
Some of the popular SSL terminators include Nginx, Pound, and so on. However, our experts would like to point out that we do not have to install an SSL terminator as Apache can do its job. Today, we will see how we can use Apache2 as an SSL terminator and content server with Varnish acting as the caching server.
Prerequisites
- Install Apache and Varnish
apt-get update
apt-get upgrade
apt-get install varnish apache2 - Load Apache modules with these commands:
a2enmod ssl
a2enmod proxy
a2enmod proxy_balancer
a2enmod proxy_httpThen, restart with this command:
systemctl restart apache2.service
Generate a Let’s Encrypt SSL Certificate
Now, we have to install the Certbot client package in order to download Let’s Encrypt free SSL to set up Apache2 for SSL Termination With Varnish. Then run the following command to download the Let’s Encrypt SSL certificates:
certbot --apache -d mydomain.com
At this point, we have to enter our email address and accept the terms of service.
The next step is to select whether we prefer to redirect HTTP traffic to HTTPS. Then enter 1 to download the Let’s Encrypt SSL for the website.
How to enable SSL Support on Apache
Now we are going to configure the Apache server to use the Let’s Encrypt certificates from the previous section.
nano /etc/apache2/sites-available/000-default.conf
Then, add these lines to the end of the file:
<VirtualHost *:443> RequestHeader set X-Forwarded-Proto "https" ServerName mydomain.com SSLEngine On SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem ProxyPreserveHost On ProxyPass / http://127.0.0.1:80/ ProxyPassReverse / http://127.0.0.1:80/ </VirtualHost>
Then we have to save and close the file. Next, we will restart the Apache service.
Finally, it is time to test Varnish with either of the following commands:
curl -I https://domainname.com
or
curl -I http://domainname.com
Furthermore, we can test the varnish cache with the varnishlog command.
By this point, we have successfully installed and configured Apache2 for SSL Termination With Varnish. Let us know in the comments if you need any further help.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
To conclude, our Support Engineers demonstrated how to configure Apache2 for SSL Termination With Varnish.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
0 Comments