• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Plesk, Varnish and HTTPS

Pentarou

Pentarou

Basic Pleskian
Hello,

I've been trying to make Varnish 4 work using this documentation and succeeded doing so via HTTP. However, this is not true for HTTPS, as it either causes redirect loop if the option “Permanent SEO-safe 301 redirect from HTTP to HTTPS” is turned on, or the cache simply mismatches, even after clearing browser cache and reloading the page.

After googling and trying different tutorials and user solutions, I still have not managed to make it work, hence my question on this forum: How can I make Varnish work via HTTPS using Plesk (latest)?

Thank you in advance!
 
Any help is appreciated.

I also welcome an alternative that is compatible with both Magento and WordPress.
 
Last edited:
Uff. I've been trying since a month ago several ways I've read with no success. My result is: I can live without varnish
 
Hello Moizez,

It should be possible, but I don't have the knowledge to do so. I've been losing sleep over this, because Magento is recommending Varnish and even offers a dedicated .vcl template. Like I said before, I welcome an alternative that is compatible with both Magento and WordPress and SSL of course..
 
working with magento the only way we have found to fix this is to hack the nginx.conf file like so..

location / {
proxy_pass https://78.129.161.190:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;

access_log off;
}

and

location ~ ^/.* {
proxy_pass http://0.0.0.0:32768;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;
}

AND add

SetEnvIf X-Forwarded-Proto https HTTPS=on


to .htaccess

You will then need to lock nginx.conf to stop plesk from nuking it the next time anything is saved.

It is a real pain.

Now all we need to crack is forcing traffic to https rather http as it still seems to server traffic on both.
 
Not sure of your exact requirements,

Something like this may help solve your problem?

sub vcl_recv {
if ( req.http.X-Forwarded-Proto !~ "https" && req.http.host !~ "HTTPDOMAIN.com" ) {
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, "Moved permanently"));
}
}

Though you shouldn't need an HTTPS redirect in Varnish (I would have thought?) its terminated at NGINX before reaching varnish, so that whole line could be removed.
i.e.
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, "Moved permanently"));
 
My plesk install is in proxmox lcx container.
I have several IPs. Iw thinking to install varnish on new container with it's own ip and forward requests to sertain domains in plesk. I think it should work without making modifications to plesk config files.
What do you think about such setup.
 
moizez said:
Uff. I've been trying since a month ago several ways I've read with no success. My result is: I can live without varnish
Click to expand...

Very wise decision!

In general, why want Varnish if you can use Nginx - a better alternative.

Regards.....
 
Pentarou said:
Hello Moizez,

It should be possible, but I don't have the knowledge to do so. I've been losing sleep over this, because Magento is recommending Varnish and even offers a dedicated .vcl template. Like I said before, I welcome an alternative that is compatible with both Magento and WordPress and SSL of course..
Click to expand...

@Pentarou

Actually, it should not be working - it is the whole concept of Varnish to use a HTTP connection.

In essence, Varnish is very "old" and the design concept of Varnish has not changed a lot since many, many years.

You should ask yourself whether you want to do this - Varnish simply ignores a lot of goodies like HTTP/2 and requires unsafe HTTP protocols.

Sure, you can tweak and work-around any shortcomings - there always is a way ......... but that is only fixing what was broken : it is "broken" nevertheless.

Moreover, to have Varnish working properly in a Plesk environment, you will have to tweak in such a way that you can also use Nginx.

It is pure irony that both Nginx and implementation of Varnish require the same tweak - that is : custom Nginx templates.

I would not recommend to create custom Nginx templates for the sake of Varnish - create custom Nginx templates to use native Nginx caching mechanisms!

By the way, Nginx native caching + Nginx custom templates has two advantages : it outperforms Varnish AND it creates an update-safe Nginx config.

In short, I would not want to see that you put a lot of effort into Varnish - it will take a lot of time now to fix something that is already "broken", that is not performing very well and that will require future fixes or work-arounds sooner or later.

Hope the above helps a bit.

Kind regards..........
 
andyxyz said:
working with magento the only way we have found to fix this is to hack the nginx.conf file like so..

location / {
proxy_pass https://78.129.161.190:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;

access_log off;
}

and

location ~ ^/.* {
proxy_pass http://0.0.0.0:32768;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;
}

AND add

SetEnvIf X-Forwarded-Proto https HTTPS=on


to .htaccess

You will then need to lock nginx.conf to stop plesk from nuking it the next time anything is saved.

It is a real pain.

Now all we need to crack is forcing traffic to https rather http as it still seems to server traffic on both.
Click to expand...

@andyxyz

You could use custom Nginx templates to make the custom Nginx update-safe.

However, there actually is no need to do so : just use a firewall to block all other traffic that does not originate from the web server (that connects to Varnish).

When properly firewalled, there is actually no need to create a https connection between the web server and Varnish.

Nevertheless, there also is no need at all to use Varnish : one can create custom Nginx templates to make full use of the better Nginx native caching mechanisms.

Kind regards.........
 
trialotto said:
@andyxyz

You could use custom Nginx templates to make the custom Nginx update-safe.

However, there actually is no need to do so : just use a firewall to block all other traffic that does not originate from the web server (that connects to Varnish).

When properly firewalled, there is actually no need to create a https connection between the web server and Varnish.

Nevertheless, there also is no need at all to use Varnish : one can create custom Nginx templates to make full use of the better Nginx native caching mechanisms.

Kind regards.........
Click to expand...

I dont suppose you have a working magento 2 example of this?
I cant find a single article discussing nginx caching and magento 2
 
You must log in or register to reply here.

Similar threads

W
  • Locked
Issue Magento 2, Docker and Varnish Working but Purge errors with 501
Replies
1
Views
872
Peter Debik
P
W
Resolved Magento 2.4.2, Varnish in Docker and Getting 501 PURGE errors in NGINX
Replies
17
Views
3K
Peter Debik
P
S
Issue Varnish installation Can not start container
Replies
0
Views
2K
straddi
S
O
Question Where in Plesk can I configure 301 redirect for non-existing subdomains?
Replies
2
Views
487
olegos76
O
Daerik
Issue Error Upgrading Plesk Obsidian 18.0.63 to 18.0.64: HTTPS Error 404 - Not Found (MaxScale Repo)
Replies
6
Views
694
Daerik
Daerik
Back
Top