Varnish/MediaWiki

The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL.

See this for installation instructions and Cloudflare varnish config:

http://www.htpcguides.com/configure-wordpress-varnish-4-cache-with-apache-or-nginx/

See this for actual Varnish 4.0 config with Mediawiki:

https://www.mediawiki.org/wiki/Manual:Varnish_caching#Configuring_Varnish_4.x

Notice that if you're using SSL, Varnish isn't able to process SSL encrypted data. However, Nginx can function both as the PHP-FPM backend of varnish and an SSL decrypting frontend to varnish.

Setting up Nginx+PHP-FPM to work as a Vagrant Backend
It's pretty simple, just comment out and  (we'll restore SSL support in the next step) and replace it with.

{{hc|/etc/nginx/conf.d/wiki.bibanon.org.conf| server { #listen 80; #listen 443; listen 127.0.0.1:8080; # tells Nginx to listen for traffic passed by Varnish server_name wiki.bibanon.org; }}
 * 1) and etc.

SSL Redirect with Nginx
Varnish doesn't support SSL unfortunately, but you can still use SSL with it. Just put Nginx as the front proxy for all SSL connections, so Nginx decrypts it.

This works even if the backend behind Varnish: is Nginx.

server { listen 443 ssl default; server_name myserver.com www.myserver.com;

ssl_certificate /etc/ssl/certs/mycert.crt; ssl_certificate_key /etc/ssl/private/mykey.key;

location / { # Pass the request on to Varnish. proxy_pass http://127.0.0.1;

# Pass some headers to the downstream server, so it can identify the host. proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Tell any web apps like Drupal that the session is HTTPS. proxy_set_header X-Forwarded-Proto https;

proxy_redirect    off; } }

https://bjornjohansen.no/redirect-to-https-with-nginx http://www.geoffstratton.com/nginx-php-fpm-php-cache-ssl-varnish-drupal

Redirecting non wiki domains through to the same server
Alright, so Varnish and Nginx are running on the same server, but now Varnish has monopolized the HTTP 80 port, and Nginx is left only with the SSL port. What do we do now?

Well, it's simple. Have Varnish enforce the use of SSL on certain domains. Unfortunately, each domain has to be manually set like this. maybe there is a better way with a wildcard?

https://www.rsreese.com/redirect-http-to-https-using-varnish/