Varnish/MediaWiki: Difference between revisions
Antonizoon (talk | contribs) No edit summary |
Antonizoon (talk | contribs) No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL. | The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL. | ||
See this for installation instructions and Cloudflare varnish config: | |||
http://www.htpcguides.com/configure-wordpress-varnish-4-cache-with-apache-or-nginx/ | |||
See this for actual Varnish 4.0 config with Mediawiki: | |||
https://www.mediawiki.org/wiki/Manual:Varnish_caching#Configuring_Varnish_4.x | |||
Notice that if you're using SSL, Varnish isn't able to process SSL encrypted data. However, Nginx can function both as the PHP-FPM backend of varnish and an SSL decrypting frontend to varnish. | |||
== Setting up Nginx+PHP-FPM to work as a Vagrant Backend == | == Setting up Nginx+PHP-FPM to work as a Vagrant Backend == | ||
| Line 49: | Line 59: | ||
https://bjornjohansen.no/redirect-to-https-with-nginx | https://bjornjohansen.no/redirect-to-https-with-nginx | ||
http://www.geoffstratton.com/nginx-php-fpm-php-cache-ssl-varnish-drupal | http://www.geoffstratton.com/nginx-php-fpm-php-cache-ssl-varnish-drupal | ||
=== Redirecting non wiki domains through to the same server === | |||
Alright, so Varnish and Nginx are running on the same server, but now Varnish has monopolized the HTTP 80 port, and Nginx is left only with the SSL port. What do we do now? | |||
Well, it's simple. Have Varnish enforce the use of SSL on certain domains. Unfortunately, each domain has to be manually set like this. maybe there is a better way with a wildcard? | |||
https://www.rsreese.com/redirect-http-to-https-using-varnish/ | |||
Latest revision as of 03:05, 9 July 2017
The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL.
See this for installation instructions and Cloudflare varnish config:
http://www.htpcguides.com/configure-wordpress-varnish-4-cache-with-apache-or-nginx/
See this for actual Varnish 4.0 config with Mediawiki:
https://www.mediawiki.org/wiki/Manual:Varnish_caching#Configuring_Varnish_4.x
Notice that if you're using SSL, Varnish isn't able to process SSL encrypted data. However, Nginx can function both as the PHP-FPM backend of varnish and an SSL decrypting frontend to varnish.
Setting up Nginx+PHP-FPM to work as a Vagrant Backend[edit]
It's pretty simple, just comment out listen 80; and listen 443; (we'll restore SSL support in the next step) and replace it with listen 127.0.0.1:8080;.
/etc/nginx/conf.d/wiki.bibanon.org.conf
server {
#listen 80;
#listen 443;
listen 127.0.0.1:8080; # tells Nginx to listen for traffic passed by Varnish
server_name wiki.bibanon.org;
# and etc.
SSL Redirect with Nginx[edit]
Varnish doesn't support SSL unfortunately, but you can still use SSL with it. Just put Nginx as the front proxy for all SSL connections, so Nginx decrypts it.
This works even if the backend behind Varnish: is Nginx.
server {
listen 443 ssl default;
server_name myserver.com www.myserver.com;
ssl_certificate /etc/ssl/certs/mycert.crt;
ssl_certificate_key /etc/ssl/private/mykey.key;
location / {
# Pass the request on to Varnish.
proxy_pass http://127.0.0.1;
# Pass some headers to the downstream server, so it can identify the host.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Tell any web apps like Drupal that the session is HTTPS.
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
https://bjornjohansen.no/redirect-to-https-with-nginx http://www.geoffstratton.com/nginx-php-fpm-php-cache-ssl-varnish-drupal
Redirecting non wiki domains through to the same server[edit]
Alright, so Varnish and Nginx are running on the same server, but now Varnish has monopolized the HTTP 80 port, and Nginx is left only with the SSL port. What do we do now?
Well, it's simple. Have Varnish enforce the use of SSL on certain domains. Unfortunately, each domain has to be manually set like this. maybe there is a better way with a wildcard?
https://www.rsreese.com/redirect-http-to-https-using-varnish/
