Just stumbled upon this question the other day and was amazed with what ServerPilot has to say about Varnish:
ServerPilot does not recommend using Varnish.
This tutorial is provided for users who, for legacy reasons, require Varnish in their application stack. Varnish misconfiguration can result in security and performance problems as well as downtime on your server. Please be careful!
A total disaster of a statement? Not exactly.
An effing disaster of a statement
It is obvious that ServerPilot can’t support Varnish because its configuration maybe not always trivial. And when you introduce Varnish to your stack, you quickly realize that you have to get rid of ServerPilot. They only want to save their butt and get around by lying.
Instead of mentioning that they can’t support Varnish because their product is too simple / underdeveloped, they totally mislead and lie to all of their clients by introducing “legacy reasons” for not using Varnish.
Varnish for legacy reasons
How can Varnish use be a legacy reason, if Varnish is relatively new HTTP caching proxy? Making your web application fast is a legacy reason? I don’t think so. You will agree with me.
Security problems
Varnish is mostly as secure as HTTP protocol since that’s the level where it operates. It is a transparent HTTP proxy and there’s no known security threats form running it.
Performance problems
Varnish is designed to make your web site faster by storing its full page cache in RAM. No comments here.
Downtime
When you configure your server with new application stack, the downtime is inevitable. The same applies to ServerPilot – some downtime is to be expected when you let them provision your server for the first time.
Now, let’s quickly review ServerPilot itself.
#1. ServerPilot is insecure
ServerPilot has access to your server. You trust your server data into hands of a company that gets around by lying to its clients. Do you feel safe?
#2. ServerPilot is insecure
ServerPilot does not use standard operating system packages and naturally their packages will be nearly always less secure than provided by the operating system.
#3. ServerPilot is insecure
I had to say it magic 3 times in hope that my wish comes true and ServerPilot is gone. If ServerPilot is so insecure about Varnish, they should be gone.
Now let’s make things right and provide the correct statement:
We do not recommend using ServerPilot.
This article is provided for users who, for legacy reasons, have been using ServerPilot. The use of ServerPilot can and will result in security and performance problems as well as downtime on your server. Please be careful!