[Cialug] Web caches and SSL

Matthew Nuzum newz at bearfruit.org
Tue Aug 25 11:29:56 CDT 2015 

I was looking into that and I'd love to hear more about how it helped you.
The reason I use Varnish is because I tend to use very low cost web
servers, for example the $5 droplet at Digital Ocean. These servers work
just fine 99% of the time, but if there's a sudden spike they fall over.

Varnish helps in two ways: It serves spikes from cache, which is the number
one reason I use it, and it also helps the site feel generally more snappy
even when not loaded.

My fear is/was that having an extra web server end point in the mix, too
much of the server's resources would go towards proxying rather than
serving the content.

Frankly, I haven't tested this, so I'm just being lazy, but do you think
this scenario would work in a low-mem (512MB for example) environment?

On Tue, Aug 25, 2015 at 10:08 AM, Daniel A. Ramaley <
daniel.ramaley at drake.edu> wrote:

> Multiple proxy layers can work. At one time i had Varnish -> Nginx ->
> Apache. I saw a 3 orders of magnitude performance improvement over
> Apache alone for the particular application (WordPress). It is more
> complicated to have multiple layers though; eventually i removed Varnish
> from my stack because Nginx alone added sufficient performance for our
> needs and each layer does add more troubleshooting overhead when
> something goes wrong.
>
> On 2015-08-25 at 09:54:05 Matthew Nuzum wrote:
> > I saw this in RH's OpenSource.com newsletter today: Why every website
> > should switch to HTTPS
> > http://opensource.com/business/15/8/interview-daniel-roesler-utilityap
> > i?sc_cid=70160000000x3vkAAA
> >
> > Last year I started switching all my sites over to SSL. A few of my
> > sites were using a Varnish web cache to speed them up. Since Varnish
> > doesn't terminal SSL I have been taking it out of the stack.
> >
> > I miss it, though. It helped a lot, even if it did make some things
> > more complicated. Are the days of using a web cache in this way gone?
> >
> > I know I could use a web server to terminate SSL, then proxy to
> > Varnish which would then proxy to the backend web server. This seems
> > like a lot of proxying, which is why I'm not doing it. Is there an
> > easier/better way that I should consider?
> __
> Daniel A. Ramaley  |  Network Engineer 2
> Drake Technology Services (DTS) | Drake University
>
> T: +1 515 271-4540
> F: +1 515 271-1938
> E: daniel.ramaley at drake.edu
>
>


-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫

More information about the Cialug mailing list