I'm not "refusing to add TLS support" I insist that the certificate is safely isolated in a separate process for security reasons. There are many ways to skin that cat.
the whole point of varnish software keeping a public version of "vinyl cache" as "varnish cache" with TLS is to give people a way to access a FOSS version with native TLS.
I think TLS is table-stakes now, and has been for the last 10 years, at least.
I'm not "refusing to add TLS support" I insist that the certificate is safely isolated in a separate process for security reasons. There are many ways to skin that cat.
Aside: Loved your bit talking about money and varnish in Gift Community[1]. And thanks for the Beerware License, I've started using it!
[1]: https://www.youtube.com/watch?v=tOn-L3tGKw0
Varnish Enterprise has https support.
the whole point of varnish software keeping a public version of "vinyl cache" as "varnish cache" with TLS is to give people a way to access a FOSS version with native TLS.
I think TLS is table-stakes now, and has been for the last 10 years, at least.
just use the tool that does the job.
TLS in -> hitch or caddy Cache -> varnish/vinyl TLS out -> haproxy
Connect them up with Unix sockets, if you like.
14 replies →
Terminate tls and you have your cache.