I have a website on my server and install Varnish , all right . Now I'm going to install the SSL certificates and I read that Varnish does not support SSL, I have to install Nginx to operate the certificates. Anyway , just be installing Nginx and my question is whether the SSL pages will have the benefit of the cache? Or the SSL pages, will not have cache.
Forgive me if my question is very simple, it is that I'm new at this and do not know much about web servers.
You can set up NGINX to take care of SSL termination. If you do so, you still have caching for SSL. Take a look at SSL termination article for more detail.
Related
Setting up a public Wildfly (9.0.2.Final) server, I'm figuring out the
alternatives for doing this with or without Apache as a front towards
Internet. I'd prefer to use Apache as this solves other problems for
me.
I should say: I need to use SSL for securing the data traffic.
I've set up SSL for both Wildfly and Apache.
Looking through blogs and tutorials, I haven't found an alternative
that performs SSL between Apache and Wildfly. That would seem to be a
preferred choice for me, where there one.
I've tried and configured
Configuring Apache using mod_proxy_ajp. This prohibits me from
using SSL between Apache and Wildfly but allow me to close the
firewall for 8080 and 8443.
Configuring Apache using mod_proxy_http. This gets me the
Exception of no secure port to forward to on the Wildfly side
which seems not to have any solution.
Open up the Wildfly ports 8080 and 8443 and letting requsts go
directly to a publicly exposed Wildfly, ehich I hear is not
recommended.
Since all three alternatives have their drawbacks, I got to ask: How are people usually doing this?
If I got a signed certificate from letsencrypt.org and baked it into my nginx web server, does that mean I still need to configure express.js to use https?
As in nginx serves me a secure webpage, and I see the https lock on the top left, but do I need to do any extra configuration with express at all??
No node/express does not need to handle ssl - you can have a separate service for node/express and have nginx act as a reverse proxy and do ssl offloading.
Under this configuration, browsers will first hit your nginx web server over HTTPS, nginx will handle the ssl decryption and forward the decrypted HTTP request to your node process.
Your node process doesn't have to know HTTPS is happening at all.
Digital Ocean really has the best docs for setting this up on linux with systemd.
The first link is a clear tutorial on setting up a an nginx reverse proxy to node
The second link shows configuring SSL in nginx w/ a simple reverse proxy (in this specific example - its not a node server on the receiving end but the concepts are the same) to accomplish the SSL termination
I just installed the latest version of mod_spdy for apache. I have several vhosts running off of that server, all of which utilize SSL. Unfortunately, only about half of the sites indicate that spdy is working when using chrome://net-internals/#spdy. What's interesting is that the sites that work utilize self-signed certs. Any site with a CA issued cert does not appear to take advantage of spdy. There are no errors in the httpd log, so it may just be a coincidence that only the self-signed certs work.
I'm new to spdy and have never implemented it before. I simply installed the rpm and restarted apache.
For reference, I'm running CemtOS 6.5 with Apache 2.2.15. Any help would be greatly appreciated.
Thanks!
I have made reverse connection to one of web servers on which is SSL applied and the the content is in dir (http://webserver.com/directory) ,so i had to use rewrite rule and that works well.
The thing is that nginx can't pass SSL from backend webserver and i get error on silverlight application..
Could someone advise me on what to do ? Config is very basic as only rewrite is added additionally.
Looking forward for suggestions,ideas,answers.
Best regards.
Edit: pastebin.com/SnyHaUL4
As far as i know, you could say that "it's not a bug, it's a feature", one of the features of SSL that it prevents Man in the middle attacks, if you want to use SSL then nginx it self should have an SSL key and allow https connection, otherwise the user will see the well known yellow warning page about untrusted SSL,
If you implement the SSL for nginx, then the connection would be like this
client -> nginx ssl -> nginx -> server ssl -> server
The connection will be encrypted and decrypted twice on the way to the server, the client wont see the server SSL and will only see the nginx SSL.
If you don't have or don't want to use SSL on your nginx, then you need to make the connection to it unsecured, then the warning won't appear and every thing would work fine.
While not entirely programming related. I recently purchased a SSL certificate, and during the configuration I need to generate as CSR.
I am running Tomcat behind Apache via mod_jk. I see two options for generating the CSR one for Apache and one for Java based servers. My question is which do i use? At the moment the site needing the SSL is configured to have all requests forwared straight to Tomcat for processing. This however may change to only certain pages. Does it make a difference?
Thanks in advance.
If you are going to use mod_jk then the SSL cert should be generated for apache. mod_jk connects to tomcat over the APR protocol (default 8009) so all SSL handling is done by Apache. This works nice since, in the future, you may only want to proxy dynamic content with mod_jk, assigning the cert to Apache will allow you to proxy static content using HTTPS.
Fyi, the thread you referenced only discussed whether you had to generate the keypair and cert request on the same machine and is not related to running tomcat + apache + SSL. That thread is not relevant to your question.