So I changed my site, its now a static site running
nginx instead of my old Varnish + LAMP setup.
This simplifies the complexity a lot and allows me to add support for the spdy
protocol. As of this writing Nginx supports spdy/2 and not spdy/3
unfortunately. It's still an experimental feature, so don't run this in your
large production environment just yet. Another cool feature in version 1.4.x
is support for proxying of WebSocket connections, but thats another story.
This is how easy it is to add spdy to Nginx on Ubuntu:
Install Nginx and the extras packages
nginx=stable # use nginx=development for latest development version
add-apt-repository ppa:nginx/$nginx
apt-get update
apt-get install nginx nginx-extras
Create SSL Certificates
openssl genrsa -des3 -out martensson.io.key 1024
cp martensson.io.key martensson.io.key.bak
openssl rsa -in martensson.io.key.bak -out martensson.io.key # remove password
openssl req -new -key martensson.io.key -out martensson.io.csr
openssl x509 -req -days 3650 -in martensson.io.csr -signkey martensson.io.key -out martensson.io.crt
Add the following to your Nginx config
listen 443 ssl spdy;
ssl_certificate /etc/nginx/ssl/martensson.io.crt;
ssl_certificate_key /etc/nginx/ssl/martensson.io.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Tell the browser we do SPDY
add_header Alternate-Protocol 443:npn-spdy/2;
You can now happily restart Nginx and visit spdycheck to see that everything works.