堆栈内存溢出
  简体   繁体   English

我可以将https和Varnish Cache一起使用吗

[英]Can I use https with Varnish Cache

 原文  2015-03-04 03:19:35       https/ varnish

问题描述

Can I use varnish cache with https or will this have little to no performance gain? 我可以将清漆缓存与https一起使用,还是性能提升很少甚至没有? What are the pros and cons? 优缺点都有什么? I've set up my vcl for http only. 我只为http设置了vcl。 I want to try this with https now. 我现在想用https尝试一下。

I've read this but it's from 2011: https://www.varnish-cache.org/docs/trunk/phk/ssl.html 我读过这篇文章,但来自2011年: https//www.varnish-cache.org/docs/trunk/phk/ssl.html

2 个解决方案

解决方案1
 3 已采纳  2015-03-04 13:55:13

Varnish in itself does not support SSL and is very unlikely to do so in the overseeable future. Varnish本身不支持SSL,并且在可预见的将来不太可能支持SSL。

To use SSL and still be able to cache with varnish you have to terminate the SSL before the request is sent to varnish. 要使用SSL并仍然能够使用清漆进行缓存,您必须在将请求发送到清漆之前终止SSL。 This can be done efficiently by for instance HAProxy or Nginx. 例如,可以通过HAProxy或Nginx有效地完成此操作。

To find out exactly how to configure this; 找出确切的配置方法; a simple google search for ssl termination haproxy/nginx will yield more than enough results- 一个简单的谷歌搜索ssl termination haproxy/nginx会产生足够多的结果-

解决方案2
 0  2018-06-18 03:44:25

You set the X-Forwarded-For headers in HAProxy. 您在HAProxy中设置X-Forwarded-For标头。 If there is already set an X-Forwarded-For header other reverse proxies will always just add their own to it, the left-most or first address is the source address. 如果已经设置了X-Forwarded-For标头,则其他反向代理将始终只添加自己的标头,最左边或第一个地址是源地址。 You don't have to think about that, anything that reads and uses X-Forwarded-For headers will sort that out automagically. 您不必考虑这一点,任何读取和使用X-Forwarded-For标头的东西都会自动将其分类。

You also want to set the X-Forwarded-Proto so you can do all sorts of magic in Varnish, like redirecting traffic not using TLS without hitting your backend servers and separate the caches, as Varnish doesn't talk TLS, which can lead to some interesting results, like images not being served up because they are requested over HTTP when the page is served over HTTPS. 您还希望设置X-Forwarded-Proto,以便您可以在Varnish中进行各种处理,例如不使用TLS重定向流量而无需访问后端服务器并分离缓存,因为Varnish不使用TLS,这可能导致一些有趣的结果,例如由于通过HTTPS提供页面时通过HTTP请求图像而无法提供图像。

Side question, are you using HAProxy to actually load balance between multiple backends? 附带的问题是,您是否使用HAProxy在多个后端之间进行实际负载平衡? If not, why not just terminate the TLS connection in Apache, send that to Varnish and then back to Apache again? 如果不是,为什么不终止Apache中的TLS连接,将其发送给Varnish,然后再次返回给Apache?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 HTTPS 配置带有清漆缓存的 Magento 2 - How can configure the Magento 2 With Varnish Cache with HTTPS 我可以在浏览器中缓存https资源吗? - can I cache https resources in browser? 我可以使用 https:127.0.0.1 吗? - Can I use https:127.0.0.1? 在多域Varnish上重定向HTTPS - Redirect HTTPS on multidomain Varnish 用于 https 的清漆 - Varnish to be used for https 我可以将 https 用于常规画布 URL 吗? - Can I use https for the regular canvas URL? 如何在 AngularJS 中使用 HTTPS? - How can I use HTTPS in AngularJS? 如何使用LuaSec发送HTTPS - How can i use LuaSec for sending in HTTPS 我可以对HTTPS请求使用boost asio吗 - Can I use boost asio for HTTPS requests 清漆 x Apache CDN & HTTPs - Varnish x Apache CDN & HTTPs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM