We get a lot of questions about TLS and Varnish, and we’ve long been touting our TLS proxy, Hitch, as the best way to terminate TLS in front of Varnish. Hitch is a lightweight, high-performance TLS proxy that is entirely dedicated to TLS termination. This makes Hitch a tiny and performant tool that can be used anywhere, including in front of Varnish. One of its main features is the PROXY protocol, which is capable of capturing and transporting information about the original connection, regardless of the number of proxies it passes through.
Docker has been on my radar for quite some years now, but, I have to admit, as a C developer, I never really cared about it. I run Arch Linux on my computer, so everything I ever needed was packaged, save for a few exceptions where I could just whip up a custom PKGBUILD and install the resulting package. If I needed another OS, I used a VM.
But recently, I forced myself to try that container thingy (much like you'd try again some food you wrongly discarded as uninteresting when you were a child), and I found that I could find a few use cases for it, related to Varnish, of course. This post is a report of my exploration, so, don't expect too much new stuff, but since it's also focused on running Varnish inside a container, so there a few specific tricks and questions to be aware of.