Thank you to both. Will clone my existing instance and give these suggestions a whirl.
Phil. ----- On 3 Nov, 2015, at 14:17, Jason Heffner [email protected] wrote: > We run Varnish in between an F5 and Apache as well as use Nginx for ssl and > load > balancing in development, in conjunction with Wordpress backends. You have to > tell Wordpress that you are behind SSL and it will function properly. To > accomplish this I’d use the following code in wp-config.php > > if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { > $_SERVER['HTTPS']='on'; > } > > You can then also set FORCE_SSL_ADMIN and FORCE_SSL_LOGIN however you see fit > and it should work. I saw some updates not that long ago to support proxy > headers but don’t believe they are fully supported yet. > > Jason > > >> On Nov 2, 2015, at 12:37 PM, Carlos M. Fernández <[email protected]> wrote: >> >> Hi, Phil, >> >> We don't use Nginx but do SSL termination at a hardware load balancer, >> with most of the work to support that setup done in the VCL, and something >> similar could possibly apply to your scenario. >> >> Our load balancer can use different backend ports depending on which >> protocol the client requests; e.g., if the client connects to port 80 for >> HTTP, then the load balancer proxies that to Varnish on port 80, while if >> the client connects to 443 for HTTPS the load balancer proxies to Varnish >> on port 8008. The choice of Varnish port numbers doesn't matter, just the >> fact that Varnish listens on both ports and that the load balancer uses >> one or the other based on the SSL status with the client (using the >> command line option "-a :80,8008" in this case). >> >> Then, in vcl_recv, we have the following to inform the backend when an SSL >> request has arrived: >> >> if ( std.port( server.ip ) == 8008 ) { >> set req.http.X-Forwarded-Proto = "https"; >> } >> >> We also have the following in vcl_hash to cache HTTP and HTTPS requests >> separately and avoid redirection loops: >> >> if ( req.http.X-Forwarded-Proto ) { >> hash_data( req.http.X-Forwarded-Proto ); >> } >> >> The backend then can look for that header and respond accordingly. For >> example, in Apache we set the HTTPS environment variable to "on": >> >> SetEnvIf X_FORWARDED_PROTO https HTTPS=on >> >> I have no knowledge of Nginx, but if it can be configured to use different >> backend ports then you should be able to use the above. >> >> Best regards, >> -- >> Carlos. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf >> Of Phil Daws >> Sent: Monday, 02 November, 2015 12:03 >> To: [email protected] >> Subject: Varnish, NGINX SSL and Wordpress >> >> Hello, >> >> Are any of you running Varnish in-front of a SSL Wordpress site ? >> >> I have tried using NGINX as the SSL termination point and proxying back to >> Varnish on port 80 but you end up with mixed content errors. If you tell >> Wordpress to use https exclusively, and you are proxy with http, then you >> get into 301 perm loop. >> >> Any thoughts please ? >> >> Thanks, Phil >> >> >> >> _______________________________________________ >> varnish-misc mailing list >> [email protected] >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >> _______________________________________________ >> varnish-misc mailing list >> [email protected] >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
