Fwd: Trouble getting varnish to forwards on to SSL on port 443
Daniel Schledermann
varnish at ds.schledermann.net
Fri Aug 24 12:33:21 CEST 2012
Den 24-08-2012 12:19, doug livesey skrev:
> Ah, brilliant, I'll look into that, then. Is there documentation on it?
I think you can dust up some examples fairly easy. We have something
like this used often:
server {
listen 192.168.10.12:443;
server_name secure.example.com;
ssl on;
ssl_certificate /etc/ssl/private/secure.example.com.crt;
ssl_certificate_key /etc/ssl/private/secure.example.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:80/;
proxy_redirect off;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-From-SSL "On";
proxy_max_temp_file_size 0;
}
It is under the assumption that you servers ip is 192.168.10.12 and
Varnish occupy 127.0.0.1:80 also. In many cases it is good to add some
custom headers to make Varnish aware that it is infact decrypted SSL
traffic it is dealing with.
More information about the varnish-misc
mailing list