• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Plesk, Varnish and HTTPS

Pentarou

Basic Pleskian
Hello,

I've been trying to make Varnish 4 work using this documentation and succeeded doing so via HTTP. However, this is not true for HTTPS, as it either causes redirect loop if the option “Permanent SEO-safe 301 redirect from HTTP to HTTPS” is turned on, or the cache simply mismatches, even after clearing browser cache and reloading the page.

After googling and trying different tutorials and user solutions, I still have not managed to make it work, hence my question on this forum: How can I make Varnish work via HTTPS using Plesk (latest)?

Thank you in advance!
 
Any help is appreciated.

I also welcome an alternative that is compatible with both Magento and WordPress.
 
Last edited:
Uff. I've been trying since a month ago several ways I've read with no success. My result is: I can live without varnish
 
Hello Moizez,

It should be possible, but I don't have the knowledge to do so. I've been losing sleep over this, because Magento is recommending Varnish and even offers a dedicated .vcl template. Like I said before, I welcome an alternative that is compatible with both Magento and WordPress and SSL of course..
 
working with magento the only way we have found to fix this is to hack the nginx.conf file like so..

location / {
proxy_pass https://78.129.161.190:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;

access_log off;
}

and

location ~ ^/.* {
proxy_pass http://0.0.0.0:32768;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;
}

AND add

SetEnvIf X-Forwarded-Proto https HTTPS=on


to .htaccess

You will then need to lock nginx.conf to stop plesk from nuking it the next time anything is saved.

It is a real pain.

Now all we need to crack is forcing traffic to https rather http as it still seems to server traffic on both.
 
Not sure of your exact requirements,

Something like this may help solve your problem?

sub vcl_recv {
if ( req.http.X-Forwarded-Proto !~ "https" && req.http.host !~ "HTTPDOMAIN.com" ) {
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, "Moved permanently"));
}
}

Though you shouldn't need an HTTPS redirect in Varnish (I would have thought?) its terminated at NGINX before reaching varnish, so that whole line could be removed.
i.e.
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, "Moved permanently"));
 
My plesk install is in proxmox lcx container.
I have several IPs. Iw thinking to install varnish on new container with it's own ip and forward requests to sertain domains in plesk. I think it should work without making modifications to plesk config files.
What do you think about such setup.
 
Uff. I've been trying since a month ago several ways I've read with no success. My result is: I can live without varnish

Very wise decision!

In general, why want Varnish if you can use Nginx - a better alternative.

Regards.....
 
Hello Moizez,

It should be possible, but I don't have the knowledge to do so. I've been losing sleep over this, because Magento is recommending Varnish and even offers a dedicated .vcl template. Like I said before, I welcome an alternative that is compatible with both Magento and WordPress and SSL of course..

@Pentarou

Actually, it should not be working - it is the whole concept of Varnish to use a HTTP connection.

In essence, Varnish is very "old" and the design concept of Varnish has not changed a lot since many, many years.

You should ask yourself whether you want to do this - Varnish simply ignores a lot of goodies like HTTP/2 and requires unsafe HTTP protocols.

Sure, you can tweak and work-around any shortcomings - there always is a way ......... but that is only fixing what was broken : it is "broken" nevertheless.

Moreover, to have Varnish working properly in a Plesk environment, you will have to tweak in such a way that you can also use Nginx.

It is pure irony that both Nginx and implementation of Varnish require the same tweak - that is : custom Nginx templates.

I would not recommend to create custom Nginx templates for the sake of Varnish - create custom Nginx templates to use native Nginx caching mechanisms!

By the way, Nginx native caching + Nginx custom templates has two advantages : it outperforms Varnish AND it creates an update-safe Nginx config.

In short, I would not want to see that you put a lot of effort into Varnish - it will take a lot of time now to fix something that is already "broken", that is not performing very well and that will require future fixes or work-arounds sooner or later.

Hope the above helps a bit.

Kind regards..........
 
working with magento the only way we have found to fix this is to hack the nginx.conf file like so..

location / {
proxy_pass https://78.129.161.190:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;

access_log off;
}

and

location ~ ^/.* {
proxy_pass http://0.0.0.0:32768;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto: https;
}

AND add

SetEnvIf X-Forwarded-Proto https HTTPS=on


to .htaccess

You will then need to lock nginx.conf to stop plesk from nuking it the next time anything is saved.

It is a real pain.

Now all we need to crack is forcing traffic to https rather http as it still seems to server traffic on both.

@andyxyz

You could use custom Nginx templates to make the custom Nginx update-safe.

However, there actually is no need to do so : just use a firewall to block all other traffic that does not originate from the web server (that connects to Varnish).

When properly firewalled, there is actually no need to create a https connection between the web server and Varnish.

Nevertheless, there also is no need at all to use Varnish : one can create custom Nginx templates to make full use of the better Nginx native caching mechanisms.

Kind regards.........
 
@andyxyz

You could use custom Nginx templates to make the custom Nginx update-safe.

However, there actually is no need to do so : just use a firewall to block all other traffic that does not originate from the web server (that connects to Varnish).

When properly firewalled, there is actually no need to create a https connection between the web server and Varnish.

Nevertheless, there also is no need at all to use Varnish : one can create custom Nginx templates to make full use of the better Nginx native caching mechanisms.

Kind regards.........

I dont suppose you have a working magento 2 example of this?
I cant find a single article discussing nginx caching and magento 2
 
Back
Top