[personZ]

The biggest impact of these sorts of changes are future users who are trying to get their first configuration going, following various web tutorials. Many of those tutorials are now misleading, but via the nature of accumulated web content it won't be changed any time soon.

Varnish is a nice project, but the lack of SSL significantly restricts its usefulness, especially in the "SSL everywhere" era. I've simply resorted to using nginx' proxy pass as the cache/load balancer.

[X-Istence]

The Varnish authors have specifically stated they didn't want to introduce SSL into their process because of the added attack surface that adds. [0]

If you want SSL for Varnish, use something like Pound [1], stunnel [2], or HAProxy [3] to do the SSL termination and pass it off to Varnish...

I'm partial to Pound because it is lightweight and doesn't try to do any caching, it simply terminates the SSL and passes the request on.

[0] https://www.varnish-cache.org/docs/trunk/phk/ssl.html

[1] http://www.apsis.ch/pound

[2] https://www.stunnel.org/index.html

[3] http://haproxy.1wt.eu

[jimktrains2]

Re: HAProxy

from http://haproxy.1wt.eu : Update [2012/09/11] : native SSL support was implemented in 1.5-dev12. The points above about CPU usage are still valid though.

Wow, I've been out of the loop for a while then. Last time I used HAProxy I was using stud (https://github.com/bumptech/stud) to terminate.

[ruben_varnish]

Well, SSL is there, but it is still under development and has yet to hit a stable HAProxy release.

[feld]

Stunnel has been around doing this job for quite some time as well

[ruben_varnish]

It's not either or.

We see lots of our users and customers adopt nginx for SSL termination and as their webserver, but still use Varnish for HTTP caching and/or routing.

The power and flexibility that VCL offers is pretty much unmatched. Specially with the ability to extend the language through Varnish Modules (VMODs). You can see the VMOD directory on our site: https://www.varnish-cache.org/vmods.

Even better, in Varnish 4.0 all Directors are VMODS and they can be nested, basically allowing for dynamic backends and all kind of Layer 7 load balancing you can dream of.

[kitsune_]

A lot of the technical tutorials (that also get posted here) are frankly, absolutely terrible.

Tutorials that do not state the required levels of expertise?

Tutorials without version numbers of the components that are described in it?

Tutorials for absolute beginners that feature commands like

  echo 'something' | sudo ...

without explaining them?

Tutorials about using debian-installer without explaining whether locale=en_US will set the system locale during installation to en_US.UTF8 or simply en_US?

In the same vein, tutorials about the installation of Postgres that do not mention that your system locale will impact the encoding / locale of your databases?

Check, check, check, check and check.

Something like RapGenius for technical tutorials might be useful here.