Search
Overview Installation Concepts Setting up SSL/TLS FAQ Advanced configuration Changelog Varnish Agent About Changelog Api reference Parameters API Reference Introduction Cache (Varnish instance) Group VCL Parameters Ban User Message Snippet VAC related Super Fast Purger Introduction Setup and Security How to use

Setting up SSL/TLS

Install Hitch

First, install Hitch. This is done via the varnish-plus-addon-ssl package. For RHEL and CentOS:

sudo yum install varnish-plus-addon-ssl

For Debian and Ubuntu:

sudo apt-get install varnish-plus-addon-ssl

Configure Hitch

Update the following settings in /etc/hitch/hitch.conf:

# Listen on 443
frontend = {
    host = "*"
    port = "443"
}

# Forward to VAC on port 80
backend = "[127.0.0.1]:80"

# Use this cert
pem-file = "/etc/hitch/vac.pem"

# Disable proxy protocol
write-proxy-v2 = off

Leave any other settings to their default values.

To create a pem file, concatenate your private key, domain certificate, and optionally your CA certificate into a single pem file.

Enable and Start Hitch

Run the following commands:

sudo systemctl enable hitch
sudo systemctl start hitch

Setup the Varnish Agent to register over SSL/TLS

To register over SSL/TLS, change the -z parameter from http:// to https://.

Setup the Varnish Agent to listen on SSL/TLS

The Varnish Agent will still listen for its commands over plaintext. To upgrade to SSL/TLS, add the -crt and -key parameters to its service file:

ExecStart=/usr/bin/varnish-agent -z https://[vac]/api/rest/register -crt /path/to/server.crt -key /path/to/private.key
Manuals
Varnish Cache Plus
Varnish Cloud
Varnish Live
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
News
Varnish Cache Plus 6.0.10r5
Varnish Administration Console - End of Life notice
Container images updated to Debian bullseye
Varnish Cache Plus 6.0.10r4
Varnish HTTP/2 Request Forgery
News archive