Understanding High Performance Caching with SSL DrupalCampNJ 2013


Zivtech's Laurence Liss explains how Varnish and Pound work together to provide high performance caching over SSL for your Drupal site.

  1. 1. Understanding highperformance caching with SSL DrupalCamp NJ 2013 Saturday, 02 Feb 2013 Princeton, NJ
  2. 2. Laurence LissSenior Developer lliss
  3. 3. About me➡ Film school graduate with a mathematics degree➡ Became a magazine writer and editor➡ Had to get content on the Web➡ Slid from print editorial to online➡ Led development teams➡ Started building sites➡ Learned to do real programming➡ Became interested in Drupal➡ Fell in love with Drupal and was hired by Zivtech
  4. 4. What we’ll cover• Caching basics• Drupal Performance• Reverse Proxy Caches• SSL termination• Varnish• Pound• Simple Demo• Proxy vs Reverse Proxy (maybe)
  5. 5. Drupal is kind of slowThere I said it...
  6. 6. Drupal is kind of slowDrupal gives tremendous power andflexibility but there is always anassociated cost.Drupal’s core systems provide layers ofcaching to help.
  7. 7. Drupal is kind of slow
  8. 8. A human analogy...
  9. 9. A human analogy...You’ve got an office, many files, manyclients, each with different needs.People keep calling and asking forinformation. Each request requires youto dig around in some more papers foran answer.
  10. 10. A human analogy...Soon, you’re putting people on hold asyou service requests. Clients are gettingangry.You’ve even gone so far as to putcommon information on sticky notes butyou still need to find them when asked.
  11. 11. So what do you do?Get a secretary...
  12. 12. Meet your secretaryYour secretary has a great memory(much better than yours).Answers the phone when clients call.At first, doesn’t know anything aboutthe office. Bugs you a lot.
  13. 13. Meet your secretary
  14. 14. Meet your secretary
  15. 15. Meet your secretaryAfter hearing an answer to a questioncan just answer the question againthe next time from memory.
  16. 16. A human analogy...In this setup, you, the person in themessy office, are Web server (Apache).Your secretary with that brilliantmemory, that’s the reverse-proxy cache.
  17. 17. A real setupApache and PHP do the heavy lifting.Varnish is the reverse-proxy cache.
  18. 18. VarnishA reverse-proxy not thisHTTP acceleratorPopular amongDrupal devsSmart configuration,very flexible CC license Rubber Dragon
  19. 19. VarnishStandard package on many Linux variantsCustom configuration language (vcl files)Speaks HTTP, knows HTTP, loves HTTP
  20. 20. VarnishVarnish is a quick solution to improve theresponsiveness of your site for most users.Let’s change topic for a moment.
  21. 21. Security is a featureYour site is an investment. - time - money - resourcesThe trust of your users isan asset. CC license Ice Sabre
  22. 22. Security is a featureThe Internet is a scary place.At least we have good crypto.Crypto doesn’t solve everything.But it solves a lot... CC license Ice Sabre
  23. 23. Security is a featureSSL everywhere is worthconsidering.The overhead isn’t much(potentially negligible on abig Drupal site). CC license Ice Sabre
  24. 24. Back to the analogy...We can think of HTTP and HTTPS astwo different languages.Consider HTTP as Englishand HTTPS as French.Let’s say you want to start doingbusiness with French speakers.
  25. 25. But your secretary doesn’t speak FrenchThis isn’t going towork so well.If all your calls are inFrench she’ll be nohelp at all.
  26. 26. VarnishYeah Varnish doesn’t handle SSLtermination (i.e. it doesn’t speak HTTPS)and it’s not going to.
  27. 27. That’s cool.Other things doPound is another reverseproxy tool that handles SSLterminationSomewhat lacking indocumentation and sparkyhow-to guides on the Internet I made this logo up
  28. 28. PoundHandles load balancingCan remove servers that failfrom rotationCan send requests for static filesto a different physical server (orserver service like lighthttpd) I made this logo up
  29. 29. Pound“Pound does not access the hard-disk at all (except for reading thecertificate file on start, if required)and should thus pose no securitythreat to any machine.”I liked this quote from the Pound Web site at I made this logo up
  30. 30. Pound is your new translatorFluent in both Frenchand EnglishCan pass messagesfrom your Frenchcallers to your brainysecretary.
  31. 31. Your new office setup
  32. 32. Your new office setup
  33. 33. Requests look like this
  34. 34. And often like this
  35. 35. In reality...
  36. 36. In reality...
  37. 37. Time for a demoBecause talk is cheap...
  38. 38. Thank YouDo you have questions?