Hi, I had a similar issue using the wordpress-varnish plugin and our large multi-site install. I had to completely re-write the code to use curl as opposed to fsockopen, but for the certificate issue I used the curl option to ignore certificate errors. You may be able to simply add a line to the plugin code. We were able to do this since we had security in place that wouldn’t allow BAN from any other systems.
Jason > On Nov 3, 2017, at 4:28 AM, Guillaume Quintard > <[email protected]> wrote: > > To answer the HTTPS question, client-side HTTPS is easily done using hitch > (hitch-tls.org <http://hitch-tls.org/>), for the backend-side, you would need > Varnish Plus. > > But you are saying Amazon provides the certificates, so my guess is that the > LB does the termination arrive unencrypted to Varnish. > > Do the curl error, does the host used matches the certificate? > > -- > Guillaume Quintard > > On Fri, Nov 3, 2017 at 9:18 AM, Luca Gervasi <[email protected] > <mailto:[email protected]>> wrote: > Hi, > this is totally unrelated to varnish. If you want to achieve purging, you can > safely stay http and purge locally (if you are using a load balancer in front > of your delivery, you either have just one varnish - hence purge locally - or > your purges are inconsistently distributed among all your caches). > > Bye > > On Fri, 3 Nov 2017 at 08:31 Navneet Kashyap <[email protected] > <mailto:[email protected]>> wrote: > Hi > > I was using varnish-cahe (open source) for my wordpress website, it was > running well when its on HTTP only, but when i turn it to HTTPS its giving me > error message when testing status using plugin in wordpress i.e. > Varnish HTTP Purge > Error: This request cannot be performed: cURL error 60: Issuer certificate is > invalid. > > please check the screenshot also. > <image.png> > > Currently the flow is like this: > client--> HTTPS request--> AWS load balancer --> Varnish--> apache2. > > we are using self-signed certs for backend authentication settings in > AWS-load balancer, and using AMAZON provided CA-certs (using certificate > manager) > > Note: Is this possible in varnish-cache software (open-Source) or else we > have to buy varnish-cache plus software (Paid Version). or we have to busy > CA-certs for that domain. ? > > kindly guide us. > > > Thanks and Regards > > Navneet Kashyap > Sr. System Administrator - Webner Solutions Pvt. Ltd. > Web - www.webnersolutions.com <http://www.webners.com/> > <http://www.webnersolutions.com/> > _______________________________________________ > varnish-misc mailing list > [email protected] <mailto:[email protected]> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc> > _______________________________________________ > varnish-misc mailing list > [email protected] <mailto:[email protected]> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc> > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
