Reputation: 1
varnish nginx wordpress ssl several domains
I've got stuck in moment of enabling 2 domains in Wordpress MU installation. Main question: how to configure varnish properly to understand both of domains?
I have next config:
Nginx Frontend -> Varnish Cache -> Varnish backend
Network configured like this: All request to my real IP for ports :80 and :443 are translated to local IP 192.168.1.70 to Nginx. Nginx transfered all requests from 80 to 443. Then all request goes to Varnish. if there's no cache Varnish asks backend.
4 config files for nginx: frontend-domain1.com frontend-domain2.com
Configs of frontend is similar except "server_name" "proxy_set_header Host" options
server {
listen 192.168.1.70:80;
server_name domain1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 192.168.1.70:443 ssl;
server_name domain1.com;
keepalive_timeout 60 60;
gzip on;
gzip_comp_level 1;
gzip_min_length 512;
gzip_buffers 8 64k;
gzip_types text/plain;
gzip_proxied any;
ssl on;
ssl_stapling on;
resolver 8.8.8.8 8.8.4.4;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_certificate /chain.crt;
ssl_certificate_key /private.key;
ssl_dhparam /dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:E$
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
location / {
proxy_pass http://127.0.0.1:6081/;
proxy_set_header Host domain1.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
}
}
backend-domain1.com backend-domain2.com Configs of backend is similar except server_name option
server {
listen 127.0.0.1:81;
root /web/sites/domain1;
index index.php;
gzip on;
gzip_comp_level 1;
gzip_min_length 512;
gzip_buffers 8 64k;
gzip_types text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
gzip_proxied any;
server_name domain1.com;
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~ \.php$ {
try_files $uri =404;
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
}
}
Varnish Configs: default.vcl
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "81";
}
acl purge {
"localhost";
"127.0.0.1";
"192.168.1.70";
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return(synth(405, "This IP is not allowed to send PURGE
requests."));
}
return (purge);
}
}
include "/etc/varnish/domain1.vcl";
include "/etc/varnish/domain2.vcl";
domain1.vcl and domain2.vcl differs with: "req.http.host"
sub vcl_recv {
if (req.http.host == "domain1.com") {
if (req.url !~ "^/wp-(login|admin)") {
unset req.http.cookie;
}
}
set req.http.host = regsub(req.http.host, "^www\.", "");
set req.http.host = regsub(req.http.host, ":[0-9]+", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
if (req.http.Authorization || req.method == "POST") {
return (pass);
}
if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
return (pass);
}
if (req.url ~ "sitemap" || req.url ~ "robots") {
return (pass);
}
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
# if (req.http.cookie ~ "^ *$") {
# unset req.http.cookie;
# }
if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|woff|svg|htm|html)") {
unset req.http.cookie;
if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
return (pass);
}
if (!req.http.cookie) {
unset req.http.cookie;
}
if (req.http.Authorization || req.http.Cookie) {
# Not cacheable by default
return (pass);
}
return (hash);
}
sub vcl_pass {
return (fetch);
}
sub vcl_hash {
hash_data(req.url);
return (lookup);
}
sub vcl_backend_response {
unset beresp.http.Server;
unset beresp.http.X-Powered-By;
if (bereq.url ~ "sitemap" || bereq.url ~ "robots") {
set beresp.uncacheable = true;
set beresp.ttl = 30s;
return (deliver);
}
if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g)|swf|ico|woff|svg|htm|html")
{
unset beresp.http.cookie;
set beresp.ttl = 7d;
unset beresp.http.Cache-Control;
set beresp.http.Cache-Control = "public, max-age=604800";
set beresp.http.Expires = now + beresp.ttl;
}
if (bereq.url ~ "wp-(login|admin)" || bereq.url ~ "preview=true") {
set beresp.uncacheable = true;
set beresp.ttl = 30s;
return (deliver);
}
if (!(bereq.url ~ "(wp-login|wp-admin|preview=true)")) {
unset beresp.http.set-cookie;
}
if ( bereq.method == "POST" || bereq.http.Authorization ) {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
if ( bereq.url ~ "\?s=" ){
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
if ( beresp.status != 200 ) {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
set beresp.ttl = 1d;
set beresp.grace = 30s;
return (deliver);
}
sub vcl_deliver {
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.Via;
unset resp.http.X-Varnish;
return (deliver);
}
If i uncomment
# if (req.http.cookie ~ "^ *$") {
# unset req.http.cookie;
# }
it shows index for First opened domain. and ignored second domain. all other links works perfectly. If i restart varnish and ask second domain, - it will not show first domain homepage.
Main question: how to configure varnish properly to understand both of domains?
rus: как корректно заставвить варниш обрабатівать два\несколько домена\доменов?
Upvotes: 0
Views: 347
Answers (2)
Reputation: 9835
Varnish is a transparent HTTP proxy so it doesn't really care what and how many domains you pass through it. It will forward the same Host header that was sent by browser to your backend (nginx).
Thus, you only have to make sure that your nginx configuration (or whatever webserver congifuration) will listen on desired domain names.
So make sure that your listen directive in nginx is equal to the domain names that you access the websites with in your browser. As simple as that.
In the SSL termination server blocks, the following will help to avoid hardcoding of domain name:
proxy_set_header Host $host;
P.S. Ну ты и наваял :)
Upvotes: 0
Reputation: 1
Versions of software: varnish-4.1.1 revision 66bb824 nginx version: nginx/1.10.3 PHP 7.0-fpm
OS: Ubuntu 16.04.3 LTS
Upvotes: 0
Related Questions
- How to proxy NGINX, Varnish, and PHP-FPM over SSL
- Varnish Wordpress SSL Apache
- Setting up Varnish on CentOS 7, Nginx and PHP-FPM with SSL
- Setting up Varnish with Nginx on multiple sites
- Redirect loop with Nginx SSL termination via Varnish/Apache On Wordpress
- Varnish SSL with Nginx
- Redirect loop when using Varnish + Nginx (HTTPS)
- Nginx & Varnish connection error
- Pass the domain from nginx as frontend to varnish as backend
- Varnish configuration with domain names