Fwd: Trouble getting varnish to forwards on to SSL on port 443
doug livesey
biot023 at gmail.com
Fri Aug 24 12:51:31 CEST 2012
Fantastic, thankyou very much!
On 24 August 2012 11:33, Daniel Schledermann <varnish at ds.schledermann.net>wrote:
> Den 24-08-2012 12:19, doug livesey skrev:
>
> Ah, brilliant, I'll look into that, then. Is there documentation on it?
>>
>
> I think you can dust up some examples fairly easy. We have something like
> this used often:
>
>
> server {
> listen 192.168.10.12:443;
>
> server_name secure.example.com;
>
> ssl on;
> ssl_certificate /etc/ssl/private/secure.**example.com.crt;
> ssl_certificate_key /etc/ssl/private/secure.**example.com.key;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv2 SSLv3 TLSv1;
> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+**
> HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
> ssl_prefer_server_ciphers on;
>
> location / {
> proxy_pass http://127.0.0.1:80/;
> proxy_redirect off;
> }
>
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-From-SSL "On";
> proxy_max_temp_file_size 0;
> }
>
>
>
> It is under the assumption that you servers ip is 192.168.10.12 and
> Varnish occupy 127.0.0.1:80 also. In many cases it is good to add some
> custom headers to make Varnish aware that it is infact decrypted SSL
> traffic it is dealing with.
>
>
> ______________________________**_________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/**lists/mailman/listinfo/**varnish-misc<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120824/c374b65f/attachment.html>
More information about the varnish-misc
mailing list