Configure Hitch & Let's encrypt + Varnish

[aristotletalks]

Hi all,

Been using DA and centOS for quite some years now, but moved on to AlmaLinux with fresh DA installs. Even tho i know my way around linux and DA by now, these specific configs make me a noob.

To install varnish i used this guide:

Install and Configure Varnish Cache for Apache on AlmaLinux 8

with this article, you will learn how to Install and Configure Varnish Cache for Apache on AlmaLinux 8 via the command line

orcacore.com

For hitch this guide:

How To Enable HTTPS for Varnish Cache using Hitch on CentOS-RHEL 8

In this article, you will learn how to install and configure Hitch to enable HTTPS for Varnish Cache on CentOS/RHEL 8.

www.tecmint.com

Configuring Hitch with letsencrypt is where i need some guidance, so i don't mess up any configs.

I've added this line:

pem-file = "/etc/ssl/tecmint.lan/tecmint.pem"

to /etc/hitch/hitch.conf

But i skipped this step:

For Let’s Encrypt, the certificate, private key, and the full chain will be stored under /etc/letsencrypt/live/example.com/, so create the bundle as shown.

Because i don't know how to apply this instruction:

# cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem >/etc/letsencrypt/live/example.com/example.com_bundle.pem

Right now i get this error:

[root@server ~]# systemctl status hitch
● hitch.service - Network proxy that terminates TLS/SSL connections
Loaded: loaded (/usr/lib/systemd/system/hitch.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/hitch.service.d
└─limit.conf
Active: failed (Result: exit-code) since Fri 2022-09-02 13:25:55 CEST; 6s ago
Process: 995952 ExecStart=/usr/sbin/hitch --pidfile=/run/hitch/hitch.pid --config=/etc/hitch/hitch.conf (code=exited, status=1/FAILURE)

Sep 02 13:25:55 server.myserver.nl systemd[1]: Starting Network proxy that terminates TLS/SSL connections...
Sep 02 13:25:55 server.myserver.nl hitch[995952]: Error in configuration file '', line 29: Unable to stat x509 certificate PEM file '/etc/ssl/tecmint.lan/tecmint.pe>
Sep 02 13:25:55 server.myserver.nl systemd[1]: hitch.service: Control process exited, code=exited status=1
Sep 02 13:25:55 server.myserver.nl systemd[1]: hitch.service: Failed with result 'exit-code'.
Sep 02 13:25:55 server.myserver.nl systemd[1]: Failed to start Network proxy that terminates TLS/SSL connections.
lines 1-12/12 (END)

Í'm hoping someone has experience on how to configure this or give some insight on how to make this work with DA lets encrypt.

Thank you in advance!


I just opened a bunch of ports for varnish and httpd, would be nice to verify which one's i should remove:

Httpd lissens on port 8080
Varnish lissens on port 8443