Join Log in
Score:0
Riad Reza Shuvo avatar Server

Configure Cloudflare with varnish

cn flag
Riad Reza Shuvo

We want to configure the varnish in the following way:

Local IP --> Varnish --> Cloudflare --> AWS

Is it possible?

206
1 + 0
Score:0
Thijs Feryn avatar Server
in flag
Thijs Feryn

It is technically possible to combine Varnish & Cloudflare. However, they have the same role: they both are responsible for caching the AWS output.

My advice is to use either Varnish or Cloudflare. But if you're certain you need both, I would suggest the following setup:

Client -> Hitch TLS Proxy -> Varnish -> Cloudflare -> AWS

The reason why Hitch is added to the flow is because Varnish doesn't support TLS natively and requires a TLS proxy. This also means that the connection between Varnish & Cloudflare will be over plain HTTP.

PROXY protocol to facilitate communication between multiple proxies

I would recommend connecting the different proxies using the PROXY protocol. This allows the original client information to be transported end-to-end. See https://www.varnish-software.com/developers/tutorials/proxy-protocol-varnish/ for more information about the PROXY protocol.

If your Cloudflare plan supports the PROXY protocol, have a look at https://developers.cloudflare.com/spectrum/how-to/enable-proxy-protocol/ how to enable it.

If you manage to configure your Cloudflare with PROXY support, you should also enable it in your VCL backend definition by adding the .proxy_header = 2; attribute

Installation guides

See https://www.varnish-software.com/developers/tutorials/#installations for an overview of Varnish installation guides.

See https://www.varnish-software.com/developers/tutorials/terminate-tls-varnish-hitch/ to learn how to install & configure Hitch.

+ 4
Riad Reza Shuvo avatar
cn flag
Riad Reza Shuvo
We have a website xyz.com. it is hosted in AWS. For DNS and CDN we have used Cloudflare. We want to cache that server locally. I have tested the scenario using nginx + varnish. That is working. When I was trying to use the xyz.com domain in the backend function of the VCL file. It is getting the error. I am not understanding, how we will configure the VCL file.
0
Reply
Riad Reza Shuvo avatar
cn flag
Riad Reza Shuvo
My configuration: backend default { .host = "xyz.com"; .port = "80"; } sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. } sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. } sub vcl_deliver { }
0
Reply
Thijs Feryn avatar
in flag
Thijs Feryn
@RiadRezaShuvo can you add your suggested VCL file to the original question. It's a lot easier to read than through unformatted comments. Please also mention the (redacted) host names you want to use for the various components. I'd like to understand how you are currently planning this from a DNS point of view.
0
Reply
Riad Reza Shuvo avatar
cn flag
Riad Reza Shuvo
https://serverfault.com/q/1130250/595083
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.