I'm looking to add SSL to some sites. My current setup is varnish -> nginx -> python wsgi server. The varnish sits at the front and caches both static and dynamic content. The nginx server serves up the static media from disk and proxies other requests back to the python app. It works like a charm.
I've tried 2 different approaches to adding SSL and both have their drawbacks:
request on 443 > stunnel > varnish cache > nginx > python wsgi app
request on 443 > nginx/ssl > varnish cache > python wsgi app
The first approach has the benefit of continuing to cache static content. The main drawback is that I'm not sure how to redirect "non-https" traffic to the secure version, because once the traffic hits nginx it is unencrypted.
The second approach is also good, the only drawback is that varnish is no longer in front of the static content and therefore not caching it.
What do you guys think? Any ideas?