Varnish/MediaWiki

From Bibliotheca Anonoma
Revision as of 21:15, 15 December 2016 by Antonizoon (talk | contribs) (Created page with "The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL. == SSL Redirect with Nginx...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL.

SSL Redirect with Nginx

Varnish doesn't support SSL unfortunately, but you can still use SSL with it. Just put Nginx as the front proxy for all SSL connections, so Nginx decrypts it.

This works even if the backend behind Varnish: is Nginx.

Warning: Make sure that the Varnish server is on the same machine or same Local Area Network, since whatever is going over this port is unencrypted.
server {
        listen 443 ssl default;
        server_name myserver.com www.myserver.com;

        ssl_certificate /etc/ssl/certs/mycert.crt;
        ssl_certificate_key /etc/ssl/private/mykey.key;

        location / {
            # Pass the request on to Varnish.
            proxy_pass  http://127.0.0.1;

            # Pass some headers to the downstream server, so it can identify the host.
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # Tell any web apps like Drupal that the session is HTTPS.
            proxy_set_header X-Forwarded-Proto https;

            proxy_redirect     off;
        }
}

https://bjornjohansen.no/redirect-to-https-with-nginx

Retrieved from "https://wiki.bibanon.org/index.php?title=Varnish/MediaWiki&oldid=2976"