Hacker News new | ask | show | jobs
by sandGorgon 4269 days ago
Does anyone have a fairly basic varnish config that deals with a) non-www to www redirects, b) works with https certificates (with the Cloudfare config) , , c) allows CORS for fonts on cloudfront and d) switches off caching for all /admin pages?

Varnish has proven to be very hard to use with nginx in the above setup. Especially, trying to understand the ssl bit is getting to be really hard.

Can it also work with spdy?
3 comments
kawsper 4269 days ago
> d) switches off caching for all /admin pages?

Just get your /admin-system to send the correct Cache-Control headers, Varnish will respect the headers, and serve it correctly.

link
megaman821 4269 days ago
a) I just let Nginx do the redirect. Varnish can cache 302's so after the first one it won't hit Nginx again until the cache times out.

b) You have to terminate SSL connections before hitting Varnish. There is very little chance SSL termination will ever be part of Varnish. On AWS you can terminate with ELB.

c) Varnish can add HTTP headers and it will respect the headers your backend sets.

d) Varnish can disable caching for a specific path or again it will respect the No-Cache headers a backend sets.

link
sandGorgon 4269 days ago
for b), we dont use AWS - we are hosted on Softlayer cloud. Does that mean that - if you use Varnish with SSL, then you NEED to use HaProxy ?

Or is it nginx (SSL termination) -> varnish -> nginx (server) -> Rails

link
megaman821 4269 days ago
Yes, I usually set up Nginx just to listen to port 443 and forward to Varnish on the same machine. You could do the same with HaProxy.

It is not as bad it seems since using Nginx to terminate SSL and forward is just a really simple config file. If you have a lot of cached resources then the path is mostly Nginx -> Varnish. Varnish is probably over 100 times faster than Rails at serving anything cacheable.

link
Shish2k 4269 days ago
Not generating the www redirect (IMO that's more of a web server / application layer job than a cache job); but you can make varnish cache www and non-www objects together:

    if (req.http.host == "www.foo.net") {
        set req.http.host = "foo.net";
    }
link
harshreality 4269 days ago
Is this ever a good idea? Doesn't making www.foo.net and foo.net separate but identical cause an indexing split (and index ranking split) at search engines? Why would you ever want that split for the same pages at two different domains, unless they're serving different content?
link
Shish2k 4269 days ago
Now that you mention it, I forget why that specific snippet is in my config... it is part of a block of similar-but-more-useful things (specifically, having multiple caches serving the same static content from a variety of different domain names)
link
sandGorgon 4269 days ago
so, what's the answer - this is why Varnish is so confusing. I have my non-www to www redirects working perfectly on nginx.

should I do anything special in varnish, or should I trust it to cache the nginx redirect headers by itself ?

link
Shish2k 4261 days ago
The answer is have nginx do the redirect, varnish will handle it correctly
link