Saturday, January 29, 2011

Nginx, Varnish, ESI - Will that work?

I've serveral backends (one is nginx+passenger) to combine via ESI. Since I don't want to go without gzip/deflate and SSL varnish can't do the job out of the box. So I thought about the following setup:

http://img693.imageshack.us/img693/38/esinginx.png

What do you think? overkill?

From serverfault Roland

  • Based on the diagram, I'm not sure exactly what what you're trying to do (what is ESI?). However, there's a small, fast load-balancing front-end server called "pound" and it will handle the SSL layer for you. It could sit alongside Varnish on the front end on port 443 (I assume you have Varnish on port 80?) and pass the SSL traffic directly to nginx (SSL can't be cached anyway, so no point in going through Varnish). Normal, unencrypted traffic would go to Varnish as expected.

    ms : +1 for pointing, that SSL encrypted traffic could be cached properly, because it is encrypted using different keys per connection. Varnish should be placed between nginx frontend server and reverse proxy, where SSL is terminated. But this architecture is more complicated.
    From Geoff Fritz

  • Do you need varnish at all?

    1. nginx can cache results on disk or in memcached
    2. nginx has SSI
    3. nginx has fair load balancer or ey-balancer
    4. Best practice says that HAProxy before nginx is good move.

    Don't forget about KISS - more components your system has - less stable it becomes.

    From SaveTheRbtz

  • While I haven't personally used it, Nginx does have an ESI plugin:

    http://github.com/taf2/nginx-esi

    From $pageUsers[$post.author].name

  • If ESI is an absolute must I'd recommend the following set up

    User -> Nginx (gzip+proxy+ssl termination) -> Varnish (ESI) -> Ngnix App Server.

    That way you don't have to delegate your ssl, gzip requests to one back end server, and the ESI requests to another.

    Have Varnish strip the Accept-Encoding headers from the incoming requests, that way your backends won't try to gzip (iff they're configured to do so), and Varnish can parse your backend response objects for ESI includes. Varnish will then present to your Nginx proxy fully formed content. That leaves the Nginx proxy to do compression and SSL delivery.

    I've got a very similar setup running in production (without the SSL termination), and I've found it works quite gracefully.

    Joris : Then your ESI pages won't be gzipped?
    flungabunga : Yup they do, because Nginx still receives the Accept-Encoding header, it takes the response from the Varnish server (be they ESI's, static, dynamic) and gzips it.
    From flungabunga
Posted by Ku XI at 5:32 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)