-
-
Notifications
You must be signed in to change notification settings - Fork 250
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add parameter for redirecting to SSL #36
Comments
Also, I'm guessing there would be a list of hosts, and then match req.http.host with that lookup... |
Hi! This shouldn't be too hard to implement in Varnish, it's essentially the same logical condition as your Apache vhost redirect on port :8080. Something like this should work, in vcl_recv.
Could you give that a try? |
@mattiasgeniar Thank you! Let me just say I'm new to varnish.. so I understand very little of it, tho I understand the logic. In the meanwhile I have added the following to the vcl:
using your existing code 720 But seems right validating req.http.X-Forwarded-Proto, .. I will test that. I was suggesting you could add a commented section for this pre-configured.. Should I set something regarding the x-forwarded-proto in varnish at anytime? Also, on a separate note, for some reason getting a HEAD on my apache takes more than 5 seconds (why?!?), so probe was marking it as sick. you should add a curl command in the comments of probe section to simulate it. What I used was: |
No, if the Apache proxy sets it, that check in Varnish will work just fine. As for the curl tip: I should definitely do that! |
Hi,
I've set up this vcl template. Thank you very much, its very useful.
Now, my setup is (client) --https--> apache 443 --proxy pass --> varnish 80 --> apache 8080
so apache does the ssl termination and proxies into varnish.
varnish then requests apache non https port
this works and requires in apache non https vhost:
SetEnvIf X_FORWARDED_PROTO "^https$" HTTPS=on
on vhost https I have:
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:80/
#ProxyPassReverse / http://localhost:80/
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
and for wordpress users, in wp-config.php i have:
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
before loading wp-settings.php
Now, varnish should have a way of redirecting to https if client is not using it.. something like:
if(client.ip != "127.0.0.1"){
set req.http.x-redir = "https://" + req.http.host + req.url;
return(synth(850, "Moved permanently"));
}
and
sub vcl_synth {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 302;
return (deliver);
}
}
I took this code from somewhere on the internet, but i'm afraid its not quite right..
Would it be possible for you to implement such feature?
The text was updated successfully, but these errors were encountered: