I have previously talked about speeding up your site by using Squid as a reverse proxy to cache served pages. This is a great thing to do, but presents a problem now that all sites are moving over to HTTPS, since for various technical reasons reverse proxies can’t really handle HTTPS.

These days the standard way of doing this seems to be using Varnish as a cache, and Squid seems to be a little “old hat”, however I have several client estates which were set up before Varnish came on the scene, so I needed a solution I could get up and running very quickly.

Terminating HTTPS

Thankfully, the solution is very similar whatever reverse proxy you’re using. The solution is simple, you need to install something that terminates and handles the HTTPS session before sending it to your proxy. The simplest way to do this is to install NGINX and configure it to handle HTTPS sessions.

1) Disable Apache’s handling of HTTPS (if you’ve got an existing, un-cached, HTTPS server).

2) Install the basic nginx apt-get install nginx-light

3) Configure nginx to forward to your proxy (which you have previously configured to listen on port 80)

After restarting nginx, you should be able to see https requests coming in on your squid proxy logs.

Gotchas

The biggest gotcha that you’re going to hit is that if you’re checking whether a request is HTTPS in your app (e.g. for automatically forwarding from insecure to secure), you’re not going to be able to use the standard protocol checks. The reason being is that HTTPS is being terminated by nginx, so by the time the session hits your app, it will not be seen as secure!

To perform such a test, you’re instead going to have to check for the X-Forwarded-Proto header instead ($_SERVER['HTTP_X_FORWARDED_PROTO'] in PHP).

I recently did a little bit of work to help speed up some things in Known, those of you watching the project will have seen work to minimise things like javascript and css.

Anyway, I ran Google insights over my Known install, and was surprised that files weren’t being compressed. It used to be the case that all you had to do was enable mod_deflate or mod_gzip on apache, but somewhere along the line the configuration must have changed.

Long story short, I needed to enable it by creating a /etc/apache2/conf.d/deflate.conf file… here’s mine:

I use Ubuntu as my main desktop operating system, together with Gnome Fallback/failsafe, because I dislike Unity and want to keep my Gnome 2 desktop.

This might not be relevant to the problem, but when I upgraded from 14.4 to 16.4, I lost my sound card. When the computer booted, I would get the Ubuntu drums, but once I logged in, the only sound I had came out of my USB headphones. I no longer saw my Intel HDA soundcard listed in the gnome sounds settings.

After a lot of digging I eventually worked out the cause of the problem, and a temporary fix. Long story short, pulseaudio couldn’t detect the sound card, because Ubuntu have changed the way it’s loaded.

You need to therefore reload the detection libraries and restart pulseaudio, run the following command:

Now, I have a startup script that I run as part of my user login to set up my desktop environment and kick of my development environment, so it was enough for me to put this command in that script.

You will probably want to make sure you load this module in your pulseaudio init scripts. Anyway, hope this helps.