• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Plesk, Varnish and HTTPS

Pentarou

Pentarou

Basic Pleskian
Hello,

I've been trying to make Varnish 4 work using this documentation and succeeded doing so via HTTP. However, this is not true for HTTPS, as it either causes redirect loop if the option “Permanent SEO-safe 301 redirect from HTTP to HTTPS” is turned on, or the cache simply mismatches, even after clearing browser cache and reloading the page.

After googling and trying different tutorials and user solutions, I still have not managed to make it work, hence my question on this forum: How can I make Varnish work via HTTPS using Plesk (latest)?

Thank you in advance!
 
Any help is appreciated.

I also welcome an alternative that is compatible with both Magento and WordPress.
 
Last edited:
Uff. I've been trying since a month ago several ways I've read with no success. My result is: I can live without varnish
 
Hello Moizez,

It should be possible, but I don't have the knowledge to do so. I've been losing sleep over this, because Magento is recommending Varnish and even offers a dedicated .vcl template. Like I said before, I welcome an alternative that is compatible with both Magento and WordPress and SSL of course..
 
working with magento the only way we have found to fix this is to hack the nginx.conf file like so..

location / {
proxy_pass https://78.129.161.190:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;

access_log off;
}

and

location ~ ^/.* {
proxy_pass http://0.0.0.0:32768;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;
}

AND add

SetEnvIf X-Forwarded-Proto https HTTPS=on


to .htaccess

You will then need to lock nginx.conf to stop plesk from nuking it the next time anything is saved.

It is a real pain.

Now all we need to crack is forcing traffic to https rather http as it still seems to server traffic on both.
 
Not sure of your exact requirements,

Something like this may help solve your problem?

sub vcl_recv {
if ( req.http.X-Forwarded-Proto !~ "https" && req.http.host !~ "HTTPDOMAIN.com" ) {
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, "Moved permanently"));
}
}

Though you shouldn't need an HTTPS redirect in Varnish (I would have thought?) its terminated at NGINX before reaching varnish, so that whole line could be removed.
i.e.
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, "Moved permanently"));
 
My plesk install is in proxmox lcx container.
I have several IPs. Iw thinking to install varnish on new container with it's own ip and forward requests to sertain domains in plesk. I think it should work without making modifications to plesk config files.
What do you think about such setup.
 
moizez said:
Uff. I've been trying since a month ago several ways I've read with no success. My result is: I can live without varnish
Click to expand...

Very wise decision!

In general, why want Varnish if you can use Nginx - a better alternative.

Regards.....
 
Pentarou said:
Hello Moizez,

It should be possible, but I don't have the knowledge to do so. I've been losing sleep over this, because Magento is recommending Varnish and even offers a dedicated .vcl template. Like I said before, I welcome an alternative that is compatible with both Magento and WordPress and SSL of course..
Click to expand...

@Pentarou

Actually, it should not be working - it is the whole concept of Varnish to use a HTTP connection.

In essence, Varnish is very "old" and the design concept of Varnish has not changed a lot since many, many years.

You should ask yourself whether you want to do this - Varnish simply ignores a lot of goodies like HTTP/2 and requires unsafe HTTP protocols.

Sure, you can tweak and work-around any shortcomings - there always is a way ......... but that is only fixing what was broken : it is "broken" nevertheless.

Moreover, to have Varnish working properly in a Plesk environment, you will have to tweak in such a way that you can also use Nginx.

It is pure irony that both Nginx and implementation of Varnish require the same tweak - that is : custom Nginx templates.

I would not recommend to create custom Nginx templates for the sake of Varnish - create custom Nginx templates to use native Nginx caching mechanisms!

By the way, Nginx native caching + Nginx custom templates has two advantages : it outperforms Varnish AND it creates an update-safe Nginx config.

In short, I would not want to see that you put a lot of effort into Varnish - it will take a lot of time now to fix something that is already "broken", that is not performing very well and that will require future fixes or work-arounds sooner or later.

Hope the above helps a bit.

Kind regards..........
 
andyxyz said:
working with magento the only way we have found to fix this is to hack the nginx.conf file like so..

location / {
proxy_pass https://78.129.161.190:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;

access_log off;
}

and

location ~ ^/.* {
proxy_pass http://0.0.0.0:32768;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;
}

AND add

SetEnvIf X-Forwarded-Proto https HTTPS=on


to .htaccess

You will then need to lock nginx.conf to stop plesk from nuking it the next time anything is saved.

It is a real pain.

Now all we need to crack is forcing traffic to https rather http as it still seems to server traffic on both.
Click to expand...

@andyxyz

You could use custom Nginx templates to make the custom Nginx update-safe.

However, there actually is no need to do so : just use a firewall to block all other traffic that does not originate from the web server (that connects to Varnish).

When properly firewalled, there is actually no need to create a https connection between the web server and Varnish.

Nevertheless, there also is no need at all to use Varnish : one can create custom Nginx templates to make full use of the better Nginx native caching mechanisms.

Kind regards.........
 
trialotto said:
@andyxyz

You could use custom Nginx templates to make the custom Nginx update-safe.

However, there actually is no need to do so : just use a firewall to block all other traffic that does not originate from the web server (that connects to Varnish).

When properly firewalled, there is actually no need to create a https connection between the web server and Varnish.

Nevertheless, there also is no need at all to use Varnish : one can create custom Nginx templates to make full use of the better Nginx native caching mechanisms.

Kind regards.........
Click to expand...

I dont suppose you have a working magento 2 example of this?
I cant find a single article discussing nginx caching and magento 2
 
You must log in or register to reply here.

Similar threads

W
  • Locked
Issue Magento 2, Docker and Varnish Working but Purge errors with 501
Replies
1
Views
430
Peter Debik
P
W
Resolved Magento 2.4.2, Varnish in Docker and Getting 501 PURGE errors in NGINX
Replies
17
Views
2K
Peter Debik
P
S
Issue Varnish installation Can not start container
Replies
0
Views
1K
straddi
S
Stergios G
Resolved Error: Unable to retrieve information about the PHP configuration
Replies
2
Views
258
Stergios G
Stergios G
A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
839
AntoineW
A
Back
Top