Fantastic, thankyou very much!
On 24 August 2012 11:33, Daniel Schledermann <[email protected]>wrote:
> Den 24-08-2012 12:19, doug livesey skrev:
>
> Ah, brilliant, I'll look into that, then. Is there documentation on it?
>>
>
> I think you can dust up some examples fairly easy. We have something like
> this used often:
>
>
> server {
> listen 192.168.10.12:443;
>
> server_name secure.example.com;
>
> ssl on;
> ssl_certificate /etc/ssl/private/secure.**example.com.crt;
> ssl_certificate_key /etc/ssl/private/secure.**example.com.key;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv2 SSLv3 TLSv1;
> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+**
> HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
> ssl_prefer_server_ciphers on;
>
> location / {
> proxy_pass http://127.0.0.1:80/;
> proxy_redirect off;
> }
>
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-From-SSL "On";
> proxy_max_temp_file_size 0;
> }
>
>
>
> It is under the assumption that you servers ip is 192.168.10.12 and
> Varnish occupy 127.0.0.1:80 also. In many cases it is good to add some
> custom headers to make Varnish aware that it is infact decrypted SSL
> traffic it is dealing with.
>
>
> ______________________________**_________________
> varnish-misc mailing list
> [email protected]
> https://www.varnish-cache.org/**lists/mailman/listinfo/**varnish-misc<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
>
_______________________________________________
varnish-misc mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
