Search
Varnish Administration Console
Overview Installation Concepts Setting up SSL/TLS FAQ Advanced configuration Changelog Varnish Agent About Changelog Api reference Parameters API Reference Introduction Cache (Varnish instance) Group VCL Parameters Ban User Message Snippet VAC related Super Fast Purger Introduction Setup and Security How to use

Setting up SSL/TLS

Install Hitch

First, install Hitch. This is done via the varnish-plus-addon-ssl package. For RHEL and CentOS:

sudo yum install varnish-plus-addon-ssl

For Debian and Ubuntu:

sudo apt-get install varnish-plus-addon-ssl

Configure Hitch

Update the following settings in /etc/hitch/hitch.conf:

# Listen on 443
frontend = {
    host = "*"
    port = "443"
}

# Forward to VAC on port 80
backend = "[127.0.0.1]:80"

# Use this cert
pem-file = "/etc/hitch/vac.pem"

# Disable proxy protocol
write-proxy-v2 = off

Leave any other settings to their default values.

To create a pem file, concatenate your private key, domain certificate, and optionally your CA certificate into a single pem file.

Enable and Start Hitch

Run the following commands:

sudo systemctl enable hitch
sudo systemctl start hitch

Setup the Varnish Agent to register over SSL/TLS

To register over SSL/TLS, change the -z parameter from http:// to https://.

Setup the Varnish Agent to listen on SSL/TLS

The Varnish Agent will still listen for its commands over plaintext. To upgrade to SSL/TLS, add the -crt and -key parameters to its service file:

ExecStart=/usr/bin/varnish-agent -z https://[vac]/api/rest/register -crt /path/to/server.crt -key /path/to/private.key
Manuals
Varnish Live
Varnish Cloud
Varnish Cache Plus
Varnish High Availability
Varnish Administration Console
Varnish Custom Statistics
Varnish Broadcaster
Varnish WAF
Varnish Controller
News
Varnish HTTP/2 Request Smuggling
Varnish Broadcaster 1.5.2
Varnish Controller 2.0.3
Varnish Cache Plus 6.0.8r3
Varnish Cache Plus 6.0.8r2
News archive