Bobcares

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL

*The maximum is $4000 in credits, Offer valid till December 6th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL

*The maximum is $4000 in credits, Offer valid till December 6th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

Apache2 for SSL Termination With Varnish | Set-up Guide

by | Dec 18, 2022

Are you wondering how to configure Apache2 for SSL Termination With Varnish? Our experts have put together this guide to help you out. Our Server Management Support team is here to lend a hand with your queries and issues.

How to set up Apache2 for SSL Termination With Varnish

Currently, HTTPS has started becoming mandatory. While this improves security drastically, it makes it difficult to deploy a Varnish caching server.

Apache2 for SSL Termination With Varnish

This is due to the fact that Varnish does not support HTTPS. In other words, we cannot configure Varnish to listen for incoming HTTPS connections on the external IP on port 443.

This is where we need an intermediary program to accept, decrypt and hand off the HTTPS connections as HTTP requests to Varnish. Additionally, it also re-encrypts them on the way out. This intermediary program is called an SSL terminator.

Some of the popular SSL terminators include Nginx, Pound, and so on. However, our experts would like to point out that we do not have to install an SSL terminator as Apache can do its job. Today, we will see how we can use Apache2 as an SSL terminator and content server with Varnish acting as the caching server.

Prerequisites

  • Install Apache and Varnish

    apt-get update
    apt-get upgrade
    apt-get install varnish apache2

  • Load Apache modules with these commands:

    a2enmod ssl
    a2enmod proxy
    a2enmod proxy_balancer
    a2enmod proxy_http

    Then, restart with this command:

    systemctl restart apache2.service

Generate a Let’s Encrypt SSL Certificate

Now, we have to install the Certbot client package in order to download Let’s Encrypt free SSL to set up Apache2 for SSL Termination With Varnish. Then run the following command to download the Let’s Encrypt SSL certificates:

certbot --apache -d mydomain.com

At this point, we have to enter our email address and accept the terms of service.

The next step is to select whether we prefer to redirect HTTP traffic to HTTPS. Then enter 1 to download the Let’s Encrypt SSL for the website.

How to enable SSL Support on Apache

Now we are going to configure the Apache server to use the Let’s Encrypt certificates from the previous section.

nano /etc/apache2/sites-available/000-default.conf

Then, add these lines to the end of the file:

<VirtualHost *:443> RequestHeader set X-Forwarded-Proto "https" ServerName mydomain.com SSLEngine On SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem ProxyPreserveHost On ProxyPass / http://127.0.0.1:80/ ProxyPassReverse / http://127.0.0.1:80/ </VirtualHost>

Then we have to save and close the file. Next, we will restart the Apache service.
Finally, it is time to test Varnish with either of the following commands:

curl -I https://domainname.com

or

curl -I http://domainname.com

Furthermore, we can test the varnish cache with the varnishlog command.

By this point, we have successfully installed and configured Apache2 for SSL Termination With Varnish. Let us know in the comments if you need any further help.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

To conclude, our Support Engineers demonstrated how to configure Apache2 for SSL Termination With Varnish.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.