https://agora.nasqueron.org/ contains relevant documentation, but this site could be optimized with a Varnish cache as front-end.

Plan

Ideally, we want this setup:

[ nginx as TLS terminaison :443 ] → [ Varnish :80 ] → [ nginx as back-end :31080 ]

1. In nginx, configure two vhosts per site:
   1. 443 — SSL termination, proxy_pass to Varnish
   2. 31080 — back-end code, ie the current one on 80/443 hybrid block (or the 443 for TLS only sites)
2. Configure Varnish for our scenario
   1. Listen to the port 80
   2. Redirect http traffic to https with a 301 code
   3. By default, we don't want a cache for apps not configured to play nice with it, so we return (pass); in a VCL.
   4. Gradually, we can add more domains with caching strategies.

But this is disruptive, as even with this non intrusive configuration, we need our applications to be able to cope with the fact it serves HTTPS traffic even when it doesn't seem to. Experience on Dwellers show a lot of web applications must especially be tweaked for this scenario.

So the plan is to serve cached traffic through Varnish only on a dedicated IPv6 as experimental configuration.

That could for example be 2001:470:1f13:9e1:0:cac:7e:1 (cac:7e for cache, cac:7e:1 for cache #1).