[Cialug] Web caches and SSL

Jeffrey Ollie jeff at ocjtech.us
Tue Aug 25 11:37:01 CDT 2015 

Personally, I've switched over to nginx.  It works great as a SSL proxy in
front of a dynamic web service.  It especially is nice if you can configure
things so that nginx serves the static content directly from disk instead
of going through the dynamic back end to grab that content.

On Tue, Aug 25, 2015 at 11:29 AM, Matthew Nuzum <newz at bearfruit.org> wrote:

> I was looking into that and I'd love to hear more about how it helped you.
> The reason I use Varnish is because I tend to use very low cost web
> servers, for example the $5 droplet at Digital Ocean. These servers work
> just fine 99% of the time, but if there's a sudden spike they fall over.
>
> Varnish helps in two ways: It serves spikes from cache, which is the number
> one reason I use it, and it also helps the site feel generally more snappy
> even when not loaded.
>
> My fear is/was that having an extra web server end point in the mix, too
> much of the server's resources would go towards proxying rather than
> serving the content.
>
> Frankly, I haven't tested this, so I'm just being lazy, but do you think
> this scenario would work in a low-mem (512MB for example) environment?
>
> On Tue, Aug 25, 2015 at 10:08 AM, Daniel A. Ramaley <
> daniel.ramaley at drake.edu> wrote:
>
> > Multiple proxy layers can work. At one time i had Varnish -> Nginx ->
> > Apache. I saw a 3 orders of magnitude performance improvement over
> > Apache alone for the particular application (WordPress). It is more
> > complicated to have multiple layers though; eventually i removed Varnish
> > from my stack because Nginx alone added sufficient performance for our
> > needs and each layer does add more troubleshooting overhead when
> > something goes wrong.
> >
> > On 2015-08-25 at 09:54:05 Matthew Nuzum wrote:
> > > I saw this in RH's OpenSource.com newsletter today: Why every website
> > > should switch to HTTPS
> > > http://opensource.com/business/15/8/interview-daniel-roesler-utilityap
> > > i?sc_cid=70160000000x3vkAAA
> > >
> > > Last year I started switching all my sites over to SSL. A few of my
> > > sites were using a Varnish web cache to speed them up. Since Varnish
> > > doesn't terminal SSL I have been taking it out of the stack.
> > >
> > > I miss it, though. It helped a lot, even if it did make some things
> > > more complicated. Are the days of using a web cache in this way gone?
> > >
> > > I know I could use a web server to terminate SSL, then proxy to
> > > Varnish which would then proxy to the backend web server. This seems
> > > like a lot of proxying, which is why I'm not doing it. Is there an
> > > easier/better way that I should consider?
> > __
> > Daniel A. Ramaley  |  Network Engineer 2
> > Drake Technology Services (DTS) | Drake University
> >
> > T: +1 515 271-4540
> > F: +1 515 271-1938
> > E: daniel.ramaley at drake.edu
> >
> >
>
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin and twitter
>
> ♫ You're never fully dressed without a smile! ♫
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Jeff Ollie

More information about the Cialug mailing list