using varnish4 for HTTPS wordpress site

Jason Heffner jdh132 at psu.edu
Fri Nov 3 12:03:08 UTC 2017


Hi,

I had a similar issue using the wordpress-varnish plugin and our large multi-site install. I had to completely re-write the code to use curl as opposed to fsockopen, but for the certificate issue I used the curl option to ignore certificate errors. You may be able to simply add a line to the plugin code. We were able to do this since we had security in place that wouldn’t allow BAN from any other systems. 

Jason

> On Nov 3, 2017, at 4:28 AM, Guillaume Quintard <guillaume at varnish-software.com> wrote:
> 
> To answer the HTTPS question, client-side HTTPS is easily done using hitch (hitch-tls.org <http://hitch-tls.org/>), for the backend-side, you would need Varnish Plus.
> 
> But you are saying Amazon provides the certificates, so my guess is that the LB does the termination arrive unencrypted to Varnish.
> 
> Do the curl error, does the host used matches the certificate?
> 
> -- 
> Guillaume Quintard
> 
> On Fri, Nov 3, 2017 at 9:18 AM, Luca Gervasi <luca.gervasi at gmail.com <mailto:luca.gervasi at gmail.com>> wrote:
> Hi,
> this is totally unrelated to varnish. If you want to achieve purging, you can safely stay http and purge locally (if you are using a load balancer in front of your delivery, you either have just one varnish - hence purge locally - or your purges are inconsistently distributed among all your caches).
> 
> Bye
> 
> On Fri, 3 Nov 2017 at 08:31 Navneet Kashyap <navneet.kashyap at webners.com <mailto:navneet.kashyap at webners.com>> wrote:
> Hi 
> 
> I was using varnish-cahe (open source) for my wordpress website, it was running well when its on HTTP only, but when i turn it to HTTPS its giving me error message when testing status using plugin in wordpress i.e.
> Varnish HTTP Purge
> Error: This request cannot be performed: cURL error 60: Issuer certificate is invalid.
> 
> please check the screenshot also.
> <image.png>
> 
> Currently the flow is like this:
> client--> HTTPS request--> AWS load balancer --> Varnish--> apache2.
> 
> we are using self-signed certs for backend authentication settings in AWS-load balancer, and using AMAZON provided CA-certs (using certificate manager)
> 
> Note: Is this possible in varnish-cache software (open-Source) or else we have to buy varnish-cache plus software (Paid Version). or we have to busy CA-certs for that domain. ?
> 
> kindly guide us.
> 
> 
> Thanks and Regards
> 
> Navneet Kashyap
> Sr. System Administrator - Webner Solutions Pvt. Ltd.
> Web - www.webnersolutions.com <http://www.webners.com/>
>  <http://www.webnersolutions.com/>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
> 
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20171103/3bd84ed9/attachment.html>


More information about the varnish-misc mailing list