Varnish, NGINX SSL and Wordpress

Carlos M. Fernández cfernand at sju.edu
Mon Nov 2 18:37:50 CET 2015 

Hi, Phil,

We don't use Nginx but do SSL termination at a hardware load balancer,
with most of the work to support that setup done in the VCL, and something
similar could possibly apply to your scenario.

Our load balancer can use different backend ports depending on which
protocol the client requests; e.g., if the client connects to port 80 for
HTTP, then the load balancer proxies that to Varnish on port 80, while if
the client connects to 443 for HTTPS the load balancer proxies to Varnish
on port 8008. The choice of Varnish port numbers doesn't matter, just the
fact that Varnish listens on both ports and that the load balancer uses
one or the other based on the SSL status with the client (using the
command line option "-a :80,8008" in this case).

Then, in vcl_recv, we have the following to inform the backend when an SSL
request has arrived:

if ( std.port( server.ip ) == 8008 ) {
    set req.http.X-Forwarded-Proto = "https";
}

We also have the following in vcl_hash to cache HTTP and HTTPS requests
separately and avoid redirection loops:

if ( req.http.X-Forwarded-Proto ) {
    hash_data( req.http.X-Forwarded-Proto );
}

The backend then can look for that header and respond accordingly. For
example, in Apache we set the HTTPS environment variable to "on":

SetEnvIf X_FORWARDED_PROTO https HTTPS=on

I have no knowledge of Nginx, but if it can be configured to use different
backend ports then you should be able to use the above.

Best regards,
-- 
Carlos.

-----Original Message-----
From: varnish-misc-bounces+cfernand=sju.edu at varnish-cache.org
[mailto:varnish-misc-bounces+cfernand=sju.edu at varnish-cache.org] On Behalf
Of Phil Daws
Sent: Monday, 02 November, 2015 12:03
To: varnish-misc at varnish-cache.org
Subject: Varnish, NGINX SSL and Wordpress

Hello,

Are any of you running Varnish in-front of a SSL Wordpress site ?

I have tried using NGINX as the SSL termination point and proxying back to
Varnish on port 80 but you end up with mixed content errors.  If you tell
Wordpress to use https exclusively, and you are proxy with http, then you
get into 301 perm loop.

Any thoughts please ?

Thanks, Phil



_______________________________________________
varnish-misc mailing list
varnish-misc at varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

More information about the varnish-misc mailing list