Fwd: Trouble getting varnish to forwards on to SSL on port 443

Daniel Schledermann varnish at ds.schledermann.net
Fri Aug 24 12:33:21 CEST 2012

Den 24-08-2012 12:19, doug livesey skrev:
> Ah, brilliant, I'll look into that, then. Is there documentation on it?

I think you can dust up some examples fairly easy. We have something 
like this used often:

server {

   server_name  secure.example.com;

   ssl                  on;
   ssl_certificate      /etc/ssl/private/secure.example.com.crt;
   ssl_certificate_key  /etc/ssl/private/secure.example.com.key;

   ssl_session_timeout  5m;

   ssl_protocols  SSLv2 SSLv3 TLSv1;
   ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
   ssl_prefer_server_ciphers   on;

   location / {
     proxy_redirect     off;

   proxy_set_header  Host            $host;
   proxy_set_header  X-Real-IP       $remote_addr;
   proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header  X-From-SSL      "On";
   proxy_max_temp_file_size 0;

It is under the assumption that you servers ip is and 
Varnish occupy also. In many cases it is good to add some 
custom headers to make Varnish aware that it is infact decrypted SSL 
traffic it is dealing with.

More information about the varnish-misc mailing list