Varnish, NGINX SSL and Wordpress

Jason Heffner jdh132 at psu.edu
Tue Nov 3 15:17:59 CET 2015 

We run Varnish in between an F5 and Apache as well as use Nginx for ssl and load balancing in development, in conjunction with Wordpress backends. You have to tell Wordpress that you are behind SSL and it will function properly. To accomplish this I’d use the following code in wp-config.php

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
        $_SERVER['HTTPS']='on';
}

You can then also set FORCE_SSL_ADMIN and FORCE_SSL_LOGIN however you see fit and it should work. I saw some updates not that long ago to support proxy headers but don’t believe they are fully supported yet.

Jason


> On Nov 2, 2015, at 12:37 PM, Carlos M. Fernández <cfernand at sju.edu> wrote:
> 
> Hi, Phil,
> 
> We don't use Nginx but do SSL termination at a hardware load balancer,
> with most of the work to support that setup done in the VCL, and something
> similar could possibly apply to your scenario.
> 
> Our load balancer can use different backend ports depending on which
> protocol the client requests; e.g., if the client connects to port 80 for
> HTTP, then the load balancer proxies that to Varnish on port 80, while if
> the client connects to 443 for HTTPS the load balancer proxies to Varnish
> on port 8008. The choice of Varnish port numbers doesn't matter, just the
> fact that Varnish listens on both ports and that the load balancer uses
> one or the other based on the SSL status with the client (using the
> command line option "-a :80,8008" in this case).
> 
> Then, in vcl_recv, we have the following to inform the backend when an SSL
> request has arrived:
> 
> if ( std.port( server.ip ) == 8008 ) {
>    set req.http.X-Forwarded-Proto = "https";
> }
> 
> We also have the following in vcl_hash to cache HTTP and HTTPS requests
> separately and avoid redirection loops:
> 
> if ( req.http.X-Forwarded-Proto ) {
>    hash_data( req.http.X-Forwarded-Proto );
> }
> 
> The backend then can look for that header and respond accordingly. For
> example, in Apache we set the HTTPS environment variable to "on":
> 
> SetEnvIf X_FORWARDED_PROTO https HTTPS=on
> 
> I have no knowledge of Nginx, but if it can be configured to use different
> backend ports then you should be able to use the above.
> 
> Best regards,
> -- 
> Carlos.
> 
> -----Original Message-----
> From: varnish-misc-bounces+cfernand=sju.edu at varnish-cache.org
> [mailto:varnish-misc-bounces+cfernand=sju.edu at varnish-cache.org] On Behalf
> Of Phil Daws
> Sent: Monday, 02 November, 2015 12:03
> To: varnish-misc at varnish-cache.org
> Subject: Varnish, NGINX SSL and Wordpress
> 
> Hello,
> 
> Are any of you running Varnish in-front of a SSL Wordpress site ?
> 
> I have tried using NGINX as the SSL termination point and proxying back to
> Varnish on port 80 but you end up with mixed content errors.  If you tell
> Wordpress to use https exclusively, and you are proxy with http, then you
> get into 301 perm loop.
> 
> Any thoughts please ?
> 
> Thanks, Phil
> 
> 
> 
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> 
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

More information about the varnish-misc mailing list