I followed multiple guides how to setup Varnish (e.g. https://www.globo.tech/learning-center/set-up-varnish-ubuntu-16/) and all of them tell to set Varnish to port 80 and Nginx to 8080.
So this is what we see in netstat -nlpt:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12465/nginx.conf
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12059/varnishd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12465/nginx.conf
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 12059/varnishd
tcp6 0 0 :::80 :::* LISTEN 12059/varnishd
tcp6 0 0 ::1:6082 :::* LISTEN 12059/varnishd
This is my site's 100% complete nginx .config:
server {
listen 127.0.0.1:8080;
server_name example.com www.example.com;
#return 301 https://www.example.com$request_uri; <--- had to remove this redirect because of the addition to default.vcl, with both enabled it gives infinite redirect loop.
}
server {
listen 443;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
root /var/www/example.com/htdocs;
server_name example.com www.example.com;
location / {
#autoindex on;
#try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:80;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
location ~* /img/.*\.gif$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
If I go to example.com, not just redirects to https and www are broken, I simply get 404 not found. And all I did in my .conf was change 80 to 8080 at the top line.
Also Varnish is actually caching the 404 curl --head -I example.com
HTTP/1.1 404 Not Found
Server: nginx/1.11.10
Date: Tue, 21 Feb 2017 11:01:56 GMT
Content-Type: text/html
Content-Length: 170
X-Varnish: 72 65
Age: 340
Via: 1.1 varnish-v4
Cache-Tags: HIT
Connection: keep-alive
And to load a website I have to enter www.example.com it redirects to https://www.example.com, site loads, but Varnish is not caching it curl --head -I https://www.example.com:
HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Tue, 21 Feb 2017 11:09:08 GMT
Content-Type: text/html
Content-Length: 478
Last-Modified: Fri, 17 Feb 2017 17:30:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "58a73323-1de"
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes
Also varnishd gives Error: Cannot open socket: :80: Address already in use
varnishstat looks good:
MAIN.uptime 0+00:30:07
MAIN.sess_conn 44 0.00 . 0.00 0.00 0.00
MAIN.client_req 74 0.00 . 0.00 0.00 0.00
MAIN.cache_hit 70 0.00 . 0.00 0.00 0.00
MAIN.cache_miss 4 0.00 . 0.00 0.00 0.00
MAIN.backend_reuse 3 0.00 . 0.00 0.00 0.00
MAIN.backend_recycle 6 0.00 . 0.00 0.00 0.00
MAIN.fetch_length 6 0.00 . 0.00 0.00 0.00
MAIN.pools 2 0.00 . 2.00 2.00 2.00
MAIN.threads 200 0.00 . 200.00 200.00 200.00
MAIN.threads_created 200 0.00 . 0.00 0.00 0.00
MAIN.n_object 4 0.00 . 4.00 4.00 4.00
MAIN.n_objectcore 5 0.00 . 5.00 5.00 5.00
MAIN.n_objecthead 6 0.00 . 6.00 6.00 6.00
MAIN.n_backend 1 0.00 . 1.00 1.00 1.00
MAIN.s_sess 44 0.00 . 0.00 0.00 0.00
MAIN.s_req 74 0.00 . 0.00 0.00 0.00
MAIN.s_fetch 4 0.00 . 0.00 0.00 0.00
MAIN.s_req_hdrbytes 24.54K 0.00 13.00 0.00 0.00 0.00
MAIN.s_resp_hdrbytes 15.99K 0.00 9.00 0.00 0.00 0.00
MAIN.s_resp_bodybytes 11.46K 0.00 6.00 0.00 0.00 0.00
MAIN.backend_req 6 0.00 . 0.00 0.00 0.00
MAIN.n_vcl 1 0.00 . 0.00 0.00 0.00
MAIN.bans 1 0.00 . 1.00 1.00 1.00
MAIN.vmods 2 0.00 . 2.00 2.00 2.00
MGT.uptime 0+00:30:07
SMA.s0.c_req 12 0.00 . 0.00 0.00 0.00
SMA.s0.c_bytes 2.68K 0.00 1.00 0.00 0.00 0.00
SMA.s0.c_freed 908 0.00 . 0.00 0.00 0.00
SMA.s0.g_alloc 8 0.00 . 8.00 8.00 8.00
SMA.s0.g_bytes 1.80K 0.00 . 1.80K 1.80K 1.80K
SMA.s0.g_space 256.00M 0.00 . 256.00M 256.00M 256.00M
VBE.boot.default.bereq_hdrbytes 1.61K 0.00 . 0.00 0.00 0.00
VBE.boot.default.beresp_hdrbytes 936 0.00 . 0.00 0.00 0.00
VBE.boot.default.beresp_bodybytes 1020 0.00 . 0.00 0.00 0.00
VBE.boot.default.conn 6 0.00 . 6.00 6.00 6.00
VBE.boot.default.req 6 0.00 . 0.00 0.00 0.00
UPDATE:
Followed https://www.smashingmagazine.com/2015/09/https-everywhere-with-nginx-varnish-apache/ and added these to config:
proxy_pass http://127.0.0.1:80;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
and these to .vcl
# handles redirecting from http to https
sub vcl_synth {
if (resp.status == 750) {
set resp.status = 301;
set resp.http.Location = req.http.x-redir;
return(deliver);
}
}
if ( (req.http.host ~ "^(?i)smashing_ssl_one.tutorials.eoms") && req.http.X-Forwarded-Proto !~ "(?i)https") {
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, ""));
}
Still 404, but at least varnish is caching https:// now.
curl -I https://www.example.com/
HTTP/1.1 404 Not Found
Server: nginx/1.11.10
Date: Tue, 21 Feb 2017 12:58:47 GMT
Content-Type: text/html
Content-Length: 170
Connection: keep-alive
X-Varnish: 32849 32847
Age: 63
Via: 1.1 varnish-v4
X-Cache: HIT
Also while https://www.example.com/ is 404 not found, but e.g. https://www.example.com/img/pic.png is found and loads item, but not varnished.
Best Answer
Use the below nginx configuration for 443 proxy