[英]Why run Varnish on port 80 for an HTTPS only setup?
In nearly every example I've seen for setting up Varnish with nginx and SSL support, the setup is Varnish running on port 80, nginx on port 443 for SSL termination and nginx running on another port doing the actual work communicating with the backend.在我见过的几乎所有使用 nginx 和 SSL 支持设置 Varnish 的示例中,设置是 Varnish 在端口 80 上运行,nginx 在端口 443 上运行用于 SSL 终止,而 nginx 运行在另一个端口上执行与后端通信的实际工作。
Given most websites now redirect port 80 to 443, what advantage is there in having Varnish running on port 80?鉴于现在大多数网站都将端口 80 重定向到 443,那么在端口 80 上运行 Varnish 有什么优势?
Why wouldn't you have nginx running on port 80, doing the 301 to the HTTPS version, nginx running on port 443 doing the SSL termination and proxying to Varnish, which is running on a different port, with nginx again running on another port doing the actual work?为什么不让 nginx 在端口 80 上运行,对 HTTPS 版本执行 301,在端口 443 上运行的 nginx 执行 SSL 终止并代理到在不同端口上运行的 Varnish,而 nginx 再次在另一个端口上运行实际工作?
HTTP: nginx [80] (301) HTTP:nginx [80] (301)
HTTPS: nginx [443] <> Varnish [6081] <> nginx [8080] <> backend HTTPS:nginx [443] <> Varnish [6081] <> nginx [8080] <> 后端
I really can't see any merit in having Varnish on port 80 front of house just to do a redirect.我真的看不出在房子前面的端口 80 上使用 Varnish 只是为了进行重定向有什么好处。 Unless, there's some problem with redirects and the unwanted addition of port numbers to URLs?
除非,重定向和将端口号添加到 URL 存在一些问题? Maybe adding 3 nginx server blocks is adding "more" work to the setup, but then having to configure Varnish to redirect port 80, unless it's internal, seems like "more" work.
也许添加 3 个 nginx 服务器块会为设置添加“更多”工作,但是必须配置 Varnish 以重定向端口 80,除非它是内部的,这似乎是“更多”工作。
Bonus question: Why is Apache added to the mix in most of these setups when nginx is already in use and visa-versa?额外问题:当 nginx 已经在使用中时,为什么在大多数这些设置中添加 Apache,反之亦然? They can both handle SSL termination and proxying.
它们都可以处理 SSL 终止和代理。
I agree with "why not":我同意“为什么不”:
HTTP: nginx [80] (301)
HTTP:nginx [80] (301)
HTTPS: nginx [443] <> Varnish [6081] <> nginx [8080] <> backend
HTTPS:nginx [443] <> Varnish [6081] <> nginx [8080] <> 后端
As to why:至于为什么:
HTTP: Varnish [80] (conditional 301, using VCL)
HTTPS: nginx [443] <> Varnish [80] <> nginx [8080] <> backend
The answer is:答案是:
I think we can simplify a bit: HTTPS: nginx [443] <> Varnish [6081]<> backend我想我们可以简化一下:HTTPS: nginx [443] <> Varnish [6081]<> backend
Let Varnish do the caching and avoid the extra Nginx layer.让 Varnish 进行缓存并避免额外的 Nginx 层。
More simplification: hitch [443] <> Varnish [6081]<> backend更简化:hitch [443] <> Varnish [6081]<> 后端
Hitch: https://hitch-tls.org/搭便车: https : //hitch-tls.org/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.