First, install Hitch. This is done via the varnish-plus-addon-ssl
package.
For RHEL and CentOS:
sudo yum install varnish-plus-addon-ssl
For Debian and Ubuntu:
sudo apt-get install varnish-plus-addon-ssl
Update the following settings in /etc/hitch/hitch.conf
:
# Listen on 443
frontend = {
host = "*"
port = "443"
}
# Forward to VAC on port 80
backend = "[127.0.0.1]:80"
# Use this cert
pem-file = "/etc/hitch/vac.pem"
# Disable proxy protocol
write-proxy-v2 = off
Leave any other settings to their default values.
To create a pem file, concatenate your private key, domain certificate, and optionally your CA certificate into a single pem file.
Run the following commands:
sudo systemctl enable hitch
sudo systemctl start hitch
To register over SSL/TLS, change the -z
parameter from http://
to https://
.
The Varnish Agent will still listen for its commands over plaintext. To upgrade to SSL/TLS,
add the -crt
and -key
parameters to its service file:
ExecStart=/usr/bin/varnish-agent -z https://[vac]/api/rest/register -crt /path/to/server.crt -key /path/to/private.key