I have a droplet with Apache serving up a website on a domain (let us say “something.org”). My DNS “A” records point the domain to the existing droplet (host). Via DigitalOcean Marketplace I have created a new droplet with Varnish and Hitch preinstalled.
In order to pass traffic through Varnish I must presumably replace the “A” records with new ones pointing to this new droplet, but if I do so, my existing droplet is no longer tied to the domain “something.org” and so my SSL certificate won’t be valid.
If I keep the existing “A” records so that I still have a valid certificate, how can traffic be passed through the Varnish server?
If I have “A” records pointing to both droplets, how can I ensure that all traffic is passed to Varnish?
Any help would be much appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi @henryhood,
You can use Varnish infront of your Apache on port 80 on the server where your SSL is installed. That’s how Varnish is meant to work. It works on port 80 and passes data to Apache.
This means that you can install Varnish on the droplet where you have Apache and your website. that what you wouldn’t need to change any DNS records, you’ll just need to configure Varnish to listen on port 80 and Apache on port 8080 for HTTP requests. THe 433 requests you can still leave with Apache I guess.
Regards, KFSys
Hi KFSys, you are no doubt right, and there would be no problem running Varnish and Apache on the 2 processors / 4Gb I had, but since I will also be installing ElasticSearch I have upgraded the droplet to 4 processors / 8Gb. I have done as you suggested but also installed Hitch to do SSL termination. Right now both https and http are accepted, but I will change that to https only. Everything works OK now, except I have a minor problem with MediaWiki’s VisualEditor, which can’t save edits. Thanks for your help!
Thank you, KFSys, I think I’ll do as you suggest. I just hoped I could do it this way as it would be cheaper to add a small droplet than to upgrade my existing one, which I will probably then need.