Varnish does not natively support SSL. However, it is a simple matter to put a lightweight SSL reverse proxy in front of Varnish to reap the benefits of both SSL and a robust caching proxy. You can use a dedicated proxy like pound to handle your SSL. You can use apache to avoid adding another application to your technology stack. After some consideration, I selected to use nginx, which I already used to serve static files.
The nginx SSL reverse proxy configuration is pretty trivial:
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
# For heavy loads, experiment for the best timeout based on performance
ssl_session_timeout 5m;
location / {
# Optional: Varnish does not inherently require this
proxy_set_header "Host:" $host;
# Optional: Your application does not inherently respect this header
proxy_set_header X-Forwarded-For $remote_addr;
# Match this to the specific IP, hostname and/or port for varnish
# From the local machine, you should be able to curl this URL and hit varnish
proxy_pass http://127.0.0.1:80;
}
}