I need some help in configuration of Varnish Cache, Nginx, & SSL on virtual hosts. I am able to configure the Varnish & Nginx on the server IP (Default virtual host). When I access site at http I am able to see
curl -I http://example.com
But when use same domain with SSL ( curl -I https://example.xom ) I get this
Can someone guide me what are the steps to configure SSL on Varnish Cache?
If you're already using Nginx to handle TLS traffic, you might as well configure a TLS virtual host in Nginx that proxies traffic to Varnish.
Here's an example configuration in Nginx:
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_certificate /path/to/cert/cert.pem;
ssl_certificate_key /path/to/key/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
keepalive_timeout 300s;
location / {
proxy_pass http://127.0.0.1;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Ssl-Offloaded "1";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
You can merge it with your existing TLS config for Nginx. Just ensure that you're proxying the content to Varnish via proxy_pass instead of just serving content locally.
In this case you'll use Nginx as a TLS proxy, not as a web server.
