First off, as I understand it, Varnish Cache is only a HTTP accelerator, and thus does not support client-side or server-side (backend) connections over HTTPS, despite the existence of this whitepaper. If this is not the case, and Varnish does, in fact, support client-side HTTPS requests, then my question would instead be: how do I set this up?
Okay, so my setup is currently just a LEMP stack on a single VPS serving webpages over HTTPS; HTTP requests are 301-redirected to HTTPS, and HSTS is employed. Any relevant comments on scalability would also be appreciated, as the site averages around 7000 sessions per day. Given what I've read, the best way to go about using Varnish with this setup is to have Nginx serve as an SSL/TLS terminator, forward requests to Varnish, which would in turn forward uncached requests back to Nginx for handling. Let's call the client-side SSL/TLS terminating-instance of Nginx "Nginx A" and the instance of Nginx that handles uncached requests "Nginx B" (despite the fact that they may be the same installed instance, just handled by different virtual server blocks):
+---------------+
+----------+ HTTPS | Nginx A | HTTP +---------+
| Internet | <-----> | (SSL/TLS | <----> | |
+----------+ | terminator) | | |
+---------------+ | Varnish |
| Nginx B | | |
| (for uncached | <----> | |
| requests) | HTTP +---------+
+---------------+
My question is as follows: Is this setup any better than just having my current LEMP stack, with no Varnish, and with Nginx caching requests? Varnish is, of course, a much better cache than Nginx, but my thought would be that in the new setup, Nginx A would serve as a significant bottleneck, since any cached requests served by Varnish would have to be processed by it, and uncached requests would be served even more slowly than they are currently, since Nginx B has to push them through Nginx A before they get sent over the Internet.
