Varnish/MediaWiki: Difference between revisions
From Bibliotheca Anonoma
Antonizoon (talk | contribs) (Created page with "The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL. == SSL Redirect with Nginx...") |
Antonizoon (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL. | The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL. | ||
== Setting up Nginx+PHP-FPM to work as a Vagrant Backend == | |||
It's pretty simple, just comment out {{ic|listen 80;}} and {{ic|listen 443;}} (we'll restore SSL support in the next step) and replace it with {{ic|listen 127.0.0.1:8080;}}. | |||
{{hc|/etc/nginx/conf.d/wiki.bibanon.org.conf|<nowiki> | |||
server { | |||
#listen 80; | |||
#listen 443; | |||
listen 127.0.0.1:8080; # tells Nginx to listen for traffic passed by Varnish | |||
server_name wiki.bibanon.org; | |||
# and etc. | |||
</nowiki>}} | |||
== SSL Redirect with Nginx == | == SSL Redirect with Nginx == | ||
| Line 35: | Line 48: | ||
https://bjornjohansen.no/redirect-to-https-with-nginx | https://bjornjohansen.no/redirect-to-https-with-nginx | ||
http://www.geoffstratton.com/nginx-php-fpm-php-cache-ssl-varnish-drupal | |||
Revision as of 21:44, 15 December 2016
The Varnish implementation will still require Nginx, even if Nginx is already being used as the MediaWiki server, since only Nginx can process SSL.
Setting up Nginx+PHP-FPM to work as a Vagrant Backend
It's pretty simple, just comment out listen 80; and listen 443; (we'll restore SSL support in the next step) and replace it with listen 127.0.0.1:8080;.
/etc/nginx/conf.d/wiki.bibanon.org.conf
server {
#listen 80;
#listen 443;
listen 127.0.0.1:8080; # tells Nginx to listen for traffic passed by Varnish
server_name wiki.bibanon.org;
# and etc.
SSL Redirect with Nginx
Varnish doesn't support SSL unfortunately, but you can still use SSL with it. Just put Nginx as the front proxy for all SSL connections, so Nginx decrypts it.
This works even if the backend behind Varnish: is Nginx.
server {
listen 443 ssl default;
server_name myserver.com www.myserver.com;
ssl_certificate /etc/ssl/certs/mycert.crt;
ssl_certificate_key /etc/ssl/private/mykey.key;
location / {
# Pass the request on to Varnish.
proxy_pass http://127.0.0.1;
# Pass some headers to the downstream server, so it can identify the host.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Tell any web apps like Drupal that the session is HTTPS.
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
https://bjornjohansen.no/redirect-to-https-with-nginx http://www.geoffstratton.com/nginx-php-fpm-php-cache-ssl-varnish-drupal
