Varnish, NGINX SSL and Wordpress
Phil Daws
uxbod at splatnix.net
Tue Nov 3 16:16:17 CET 2015
Thank you to both.
Will clone my existing instance and give these suggestions a whirl.
Phil.
----- On 3 Nov, 2015, at 14:17, Jason Heffner jdh132 at psu.edu wrote:
> We run Varnish in between an F5 and Apache as well as use Nginx for ssl and load
> balancing in development, in conjunction with Wordpress backends. You have to
> tell Wordpress that you are behind SSL and it will function properly. To
> accomplish this I’d use the following code in wp-config.php
>
> if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
> $_SERVER['HTTPS']='on';
> }
>
> You can then also set FORCE_SSL_ADMIN and FORCE_SSL_LOGIN however you see fit
> and it should work. I saw some updates not that long ago to support proxy
> headers but don’t believe they are fully supported yet.
>
> Jason
>
>
>> On Nov 2, 2015, at 12:37 PM, Carlos M. Fernández <cfernand at sju.edu> wrote:
>>
>> Hi, Phil,
>>
>> We don't use Nginx but do SSL termination at a hardware load balancer,
>> with most of the work to support that setup done in the VCL, and something
>> similar could possibly apply to your scenario.
>>
>> Our load balancer can use different backend ports depending on which
>> protocol the client requests; e.g., if the client connects to port 80 for
>> HTTP, then the load balancer proxies that to Varnish on port 80, while if
>> the client connects to 443 for HTTPS the load balancer proxies to Varnish
>> on port 8008. The choice of Varnish port numbers doesn't matter, just the
>> fact that Varnish listens on both ports and that the load balancer uses
>> one or the other based on the SSL status with the client (using the
>> command line option "-a :80,8008" in this case).
>>
>> Then, in vcl_recv, we have the following to inform the backend when an SSL
>> request has arrived:
>>
>> if ( std.port( server.ip ) == 8008 ) {
>> set req.http.X-Forwarded-Proto = "https";
>> }
>>
>> We also have the following in vcl_hash to cache HTTP and HTTPS requests
>> separately and avoid redirection loops:
>>
>> if ( req.http.X-Forwarded-Proto ) {
>> hash_data( req.http.X-Forwarded-Proto );
>> }
>>
>> The backend then can look for that header and respond accordingly. For
>> example, in Apache we set the HTTPS environment variable to "on":
>>
>> SetEnvIf X_FORWARDED_PROTO https HTTPS=on
>>
>> I have no knowledge of Nginx, but if it can be configured to use different
>> backend ports then you should be able to use the above.
>>
>> Best regards,
>> --
>> Carlos.
>>
>> -----Original Message-----
>> From: varnish-misc-bounces+cfernand=sju.edu at varnish-cache.org
>> [mailto:varnish-misc-bounces+cfernand=sju.edu at varnish-cache.org] On Behalf
>> Of Phil Daws
>> Sent: Monday, 02 November, 2015 12:03
>> To: varnish-misc at varnish-cache.org
>> Subject: Varnish, NGINX SSL and Wordpress
>>
>> Hello,
>>
>> Are any of you running Varnish in-front of a SSL Wordpress site ?
>>
>> I have tried using NGINX as the SSL termination point and proxying back to
>> Varnish on port 80 but you end up with mixed content errors. If you tell
>> Wordpress to use https exclusively, and you are proxy with http, then you
>> get into 301 perm loop.
>>
>> Any thoughts please ?
>>
>> Thanks, Phil
>>
>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
More information about the varnish-misc
mailing list