Welcome! Log In Create A New Profile

nginx reverse proxy / ssl ---> varnish ---> nginx

Posted by srmobile

srmobile

nginx reverse proxy / ssl ---> varnish ---> nginx
July 18, 2016 07:47AM

Registered: 7 years ago
Posts: 1

Hello,

I dont know if this is possible or not but what I would like to do is configure nginx to act as both the SSL wrapper AND webserver for my magento website.

I followed these instructions: https://github.com/nexcess/magento-turpentine/issues/35

But what I find insane is that nginx is only being used as a reverse proxy and ssl, I'd like to ditch apache in favor of nginx altogether. To do this, I have to figure out how to configure nginx to act as both roles.

I've done different ports in the configuration but I get bad request.

Here is a visual:

nginx port 443 ----> varnish 6081 ----> nginx port 8080 (ssl)

Here is a sample of the configuration - is there anything obvious? or do I need to configure a seperate machine in order to achieve this?

website.conf
==============
upstream varnish {
server 127.0.0.1:6081;
server 127.0.0.1:8080 backup;
}

server {
server_name website.com www.website.com;
listen 443;
root /home/website/public_html;
index index.html index.htm index.php;
try_files $uri $uri/ @handler;
expires 30d;
}
ssl on;
ssl_certificate /home/website/server.crt;
ssl_certificate_key /home/website/server.key;

include conf.d/default_ssl_options.conf.inc;
include conf.d/magento_proxy_pass.conf.inc;
}

server {
server_name website.com www.website.com;
listen 8080 ssl;
root /home/website/public_html;
index index.html index.htm index.php;
try_files $uri $uri/ @handler;
expires 30d;
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}

access_log /var/log/virtualmin/ncds.ca_access_log;
error_log /var/log/virtualmin/ncds.ca_error_log;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /home/ncds/public_html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /home/ncds/public_html;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/php-nginx/146819597818248.sock/socket;
}
ssl on;
ssl_certificate /home/website/server.crt;
ssl_certificate_key /home/website/server.key;

====

Thank you
SR

Edited 1 time(s). Last edit at 07/18/2016 07:49AM by srmobile.

Reply Quote

Newer Topic Older Topic

Print View RSS

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 97

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018