{"id":7431,"date":"2018-07-14T21:41:01","date_gmt":"2018-07-14T12:11:01","guid":{"rendered":"https:\/\/agix.com.au\/?p=7431"},"modified":"2022-06-02T14:00:27","modified_gmt":"2022-06-02T04:30:27","slug":"nginx-varnish-with-https","status":"publish","type":"post","link":"https:\/\/agix.com.au\/nginx-varnish-with-https\/","title":{"rendered":"Nginx & Varnish 4 With HTTPS:\/\/"},"content":{"rendered":"

This article explains and gives examples of how to use Varnish 4 to cache in a fully HTTPS environment. This example was created on a CentOS 7 server. Make sure to make SELinux allowances for NginX to listen on port 81.<\/p>\n

Here are the facts:<\/p>\n

    \n
  1. Nginx is listening on ports 80, 443 and 81.<\/li>\n
  2. Port 80 is redirected to port 443.<\/li>\n
  3. Port 443 reverse-proxies to Varnish 4 listening on port 8080.<\/li>\n
  4. Varnish reverse-proxies to Nginx listening on port 81.<\/li>\n
  5. Nginx listening on port 81 serves the files from disk.<\/li>\n
  6. The FQDN is “www.example.com”.<\/li>\n
  7. The host-based firewall needs to permit only 80 and 443 to the public.<\/li>\n<\/ol>\n

    This is the Nginx full configuration:<\/p>\n

    server {\r\n    listen 127.0.0.1:81;\r\n    server_name www.example.com;\r\n\r\n    access_log   \/var\/log\/nginx\/www.example.com.access-81.log;\r\n    error_log    \/var\/log\/nginx\/www.example.com.error-81.log;\r\n\r\n    root \/var\/www\/html\/www.example.com\/wordpress;\r\n    index index.php;\r\n\r\n    location \/ {\r\n        try_files $uri $uri\/ \/index.php?$args;\r\n    }\r\n\r\n    location ~ .php$ {\r\n        include fastcgi_params;\r\n        include fastcgi.conf;\r\n        fastcgi_param HTTPS on;\r\n        fastcgi_index  index.php;\r\n        fastcgi_pass   127.0.0.1:9000;\r\n    }\r\n}\r\n\r\nserver {\r\n    listen 192.168.122.4:443 ssl;\r\n    server_name www.example.com;\r\n\r\n    access_log   \/var\/log\/nginx\/www.example.com.access-443.log;\r\n    error_log    \/var\/log\/nginx\/www.example.com.error-443.log;\r\n\r\n    location \/ {\r\n        proxy_pass http:\/\/127.0.0.1:8080;\r\n        proxy_set_header Host $host;\r\n    }\r\n\r\n    ssl_certificate \/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem;\r\n    ssl_certificate_key \/etc\/letsencrypt\/live\/www.example.com\/privkey.pem;\r\n    include \/etc\/letsencrypt\/options-ssl-nginx.conf;\r\n    ssl_dhparam \/etc\/letsencrypt\/ssl-dhparams.pem;\r\n}\r\n\r\nserver {\r\n    listen 192.168.122.4:80;\r\n    server_name www.example.com;\r\n\r\n    access_log   \/var\/log\/nginx\/www.example.com.access-80.log;\r\n    error_log    \/var\/log\/nginx\/www.example.com.error-80.log;\r\n\r\n    if ($host = www.example.com) {\r\n        return 301 https:\/\/$host$request_uri;\r\n    }\r\n    return 404;\r\n}\r\n<\/pre>\n
    This is the Varnish 4 configuration:<\/p>\n
    vcl 4.0;\r\nimport std;\r\nimport directors;\r\n\r\nbackend default {\r\n  .host = \"127.0.0.1\";\r\n  .port = \"81\";\r\n}\r\n\r\nsub vcl_deliver {\r\n   if (obj.hits > 0) {\r\n      set resp.http.X-Cache = \"HIT\";\r\n   } else {\r\n      set resp.http.X-Cache = \"MISS\";\r\n   }\r\n}\r\n\r\nsub vcl_recv {\r\n   set req.http.host = \"www.example.com\";\r\n   if (req.url ~ \"(?i)\\.(jpeg|jpg|png|gif|ico|swf|js|css|gz|rar|txt|bzip)$\") {\r\n      unset req.http.Cookie;\r\n      return (hash);\r\n   } else {\r\n      return (pass);\r\n   }\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
    This article explains and gives examples of how to use Varnish 4 to cache in a fully HTTPS environment. This example was created on a CentOS 7 server. Make sure to make SELinux allowances for NginX to listen on port 81. Here are the facts: Nginx is listening on ports<\/p>\n","protected":false},"author":1,"featured_media":6487,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3,13,115,114,113,116],"tags":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts\/7431"}],"collection":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/comments?post=7431"}],"version-history":[{"count":5,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts\/7431\/revisions"}],"predecessor-version":[{"id":7436,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts\/7431\/revisions\/7436"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/media\/6487"}],"wp:attachment":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/media?parent=7431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/categories?post=7431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/tags?post=7431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}