DigitalOcean

Report this

What is the reason for this report?
Question

How to configure Ssl termination with HAProxy when using varnish + apache?

Posted on December 31, 2015
Apache
Configuration Management
LAMP Stack
WordPress
Caching
Ubuntu
arjon

By arjon

I have varnish + apache on my ubuntu vps. I want to enable ssl certificates on my server but i don’t want to remove varnish. How do i configure that haproxy terminates ssl connections and forward the real visitor ip to apache? I want:

Client => Haproxy => Varnish => Apache

I would like that all requests get redirected to HTTPS.

Thank you and happy holidays. Arjon



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
vegardx
vegardx
December 31, 2015

You set the X-Forwarded-For headers in HAProxy. If there is already set an X-Forwarded-For header other reverse proxies will always just add their own to it, the left-most or first address is the source address. You don’t have to think about that, anything that reads and uses X-Forwarded-For headers will sort that out automagically.

You also want to set the X-Forwarded-Proto so you can do all sorts of magic in Varnish, like redirecting traffic not using TLS without hitting your backend servers and separate the caches, as Varnish doesn’t talk TLS, which can lead to some interesting results, like images not being served up because they are requested over HTTP when the page is served over HTTPS.

Side question, are you using HAProxy to actually load balance between multiple backends? If not, why not just terminate the TLS connection in Apache, send that to Varnish and then back to Apache again?

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.