Learn about Centmin Mod LEMP Stack today
Register Now

Varnish - Official SSL support ?

Discussion in 'Other Centmin Mod Installed software' started by Jota, Sep 17, 2017.

  1. Jota

    Jota Member

    77
    18
    8
    Oct 9, 2014
    Barcelona
    Ratings:
    +20
    Local Time:
    12:34 PM
    Are the latest versions of varnish supporting SSL officially ?

    I have one cpanel box with Litespeed and Varnish (cachewall plugin) and is fully supporting SSL sites, but don't know if is this applicable in a centmin mod box like this:

    Varnish + Nginx + PHP-FPM.

    Also, if implementing Varnish, how would we create WP vhosts ? I mean, option 22 of centmin menu wouldn't work, right ?

    Thanks ;)
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    read official site's release notes from varnish cache 5.1+ there's start of HTTP/2 HTTPS support but it isn't complete https://varnish-cache.org/docs/5.2/whats-new/changes-5.1.html#progress-on-http-2-support and looks like your need a SSL proxy in front of Varnish Cache servers too ! hmmm SSL Proxy > Varnish Cache > Nginx

    Varnish cache install and configuration is left to end user though and still works with any Centmin Mod created vhosts just you need to edit nginx vhost to properly support Varnish i.e. change listening port from 80 or 443 to a different port so that Varnish Cache listens on 80 and a SSL proxy on 443 instead. You would have to do these changes each time you create a new Centmin Mod Nginx vhost.

    Probably easier to just use Wordpress with KeyCDN Cache Enabler for static html caching of WP pages + Cloudflare caching in front.
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    oh thinking about it one thing that won't work would be Centmin Mod's letsencrypt integration as each vhost you create would listen on incorrect ports for the 1st time i.e. 443 so letsencrypt validation would fail as Varnish Cache would redirect HTTP port 80 to HTTPS port 443 = SSL proxy would then listen on port 443 forwarding traffic to Varnish Cache server and when it looks for appropriate backend for site it wouldn't exist as you wouldn't have added it to Varnish Cache config and still need Centmin Mod nginx's vhost listen port to be manually changed.
     
    • Like Like x 1
  4. bassie

    bassie Active Member

    535
    116
    43
    Apr 29, 2016
    Ratings:
    +348
    Local Time:
    11:34 AM
    Varnish + Nginx is not worth it.
    My opinion of course but for lets say a few percent performance improvement, you need to learn -it, maintain and debug another extra web server if anything goes wrong.

    Varnish is really impressive if all goes right.
    But very annoying if it goes wrong.
     
    • Agree Agree x 2
    • Like Like x 1
  5. Jota

    Jota Member

    77
    18
    8
    Oct 9, 2014
    Barcelona
    Ratings:
    +20
    Local Time:
    12:34 PM
    Hmmm ... I guess I got the idea.

    Well, the point is that, for a medium woocommerce store, on that box we were getting about 60% of traffic server by varnish cache, so store was really fast, the most impressive point was the poor load of SQL. Now moved store to a centmin box and SQL load is quite hard, and there's the bottleneck, that's why I was thinking about thias possibility.

    Thanks mates !
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    That's why WP caching is partially for, KeyCDN Cache enabler for static wordpress page caching.

    Varnish Cache isn't the only way to cache. Nginx has native proxy_cache for static caching and fastcgi_cache for dynamic php file caching too. Of course like Varnish Cache it's something you'd need to learn and test yourself. But if you had to learn one or the other, I'd invest time in Nginx proxy_cache + fastcgi_cache instead of Varnish Cache + SSL Proxy (Hitch) setups. For one thing the HTTP/2 HTTPS implementation is much more mature in Nginx than current Varnish Cache's implementation i.e. H/2 thread starvation deadlock · Issue #2418 · varnishcache/varnish-cache · GitHub. So definitely agree with @bassie
    http/2 traffic stopping with hitch/varnish 5.2.0 · Issue #2431 · varnishcache/varnish-cache · GitHub

    Though probably still be easier with Cloudflare and a few Cloudflare page rules to fine tune things. Quick google Caching Static HTML with WordPress/WooCommerce but some are Business Plan only features.

    And Using Cloudflare with WordPress
     
    Last edited: Sep 19, 2017