CODEWITHSUNDEEP
apachemagentosslnginxvarnish
John doe
John doe

Reputation: 33

Ubuntu 14.04 Apache + SSL server, how to configure Varnish

I have a Magento running on a Ubuntu 14.04 server with Apache2 and SSL. I have installed Varnish but not sure how to set it up with SSL without using Nginx. this is my current vhost file ; 

    <VirtualHost *:443>

    ServerName mysite.com
    ServerAlias www.mysite.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/mysite.com

    <Directory /var/www/mysite.com/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    </Directory>

    SSLEngine on
    SSLCertificateFile /home/ssl/mysite_com.crt
    SSLCertificateKeyFile /home/ssl/mysite.com.key
    SSLCACertificateFile /home/ssl/mysite_com.ca-bundle

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    </VirtualHost>
    <VirtualHost *:80>
    ServerName mysite.com
    RewriteEngine On
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]
    </VirtualHost>

Upvotes: 3

Views: 2053

Answers (2)

Angel Abad Cerdeira
Angel Abad Cerdeira

Reputation: 1437

With your current Apache I would do:

Configure your site to listen in another port, 8888 for example

<VirtualHost *:8888>
   ServerName mysite.com
   ServerAlias www.mysite.com
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/mysite.com

  <Directory /var/www/mysite.com/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
  </Directory>
</VirtualHost>

Then configure the SSL one to proxy to Varnish

<VirtualHost *:443>

  # what you had above plus the following:

  RequestHeader set X-Forwarded-Proto "https"
  ProxyPass / http://localhost:6081/
  ProxyPassReverse / http://localhost:6081/
</VirtualHost>

You will need some extra modules:

sudo a2enmod headers proxy proxy_http proxy_html

Finally Configure Varnish backend to use port 8888

backend default {
  .host = "127.0.0.1";
  .port = "8888";
}

Upvotes: 2

Jacob Rastad
Jacob Rastad

Reputation: 1171

Short answer, you can't setup Varnish with SSL since Varnish doesn't support it.

You have 2 options

  1. Setup Nginx (or some other SSL-terminator) infront of Varnish which acts as reverse proxy and forwards the requests to Varnish via HTTP.

  2. Split the traffic between your current Apache2 server (that supports SSL) and Varnish. The HTTP-traffic on port 80 goes to Varnish and the HTTPS-traffic on port 443 goes to Apache2.

Upvotes: 0

Related Questions