Nginx Varnish Configuration issue

January 7, 2019 336 views
Nginx Ubuntu

I’m trying to install varnish with ssl from this link:
https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8/

I did everything like post but now I got “This site can’t be reached. example.com refused to connect” error.I just missing little bit thing I’m sure but i don’t know where.

Here /etc/nginx/sites-available/default :

    server {
   listen  443 ssl;
   listen  [::]:443 ssl;
   server_name example.com  www.example.com;
   port_in_redirect off;

   ssl                  on;
   ssl_certificate      /etc/letsencrypt/live/example.com/fullchain.pem;
   ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:20m;
   ssl_session_timeout 60m;

   add_header Strict-Transport-Security "max-age=31536000";
   add_header X-Content-Type-Options nosniff;

   location / {
     proxy_pass http://127.0.0.1:80;
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
     proxy_set_header HTTPS "on";

     access_log /var/www/html/logs/access.log;
     error_log  /var/www/html/logs/error.log notice;
     }
}

server {
   listen 8080;
   listen [::]:8080;
   server_name example.com  www.example.com;
   root /var/www/html;
   index index.php;
   port_in_redirect off;

   location / {
      try_files $uri $uri/ /index.php?$args;
   }

   location ~ \.php$ {
       try_files $uri =404;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param HTTPS on;
       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
       }
}

here is /etc/default/varnish (I just change this lines):

DAEMON_OPTS="-a :80 \
            -T localhost:6082 \
            -f /etc/varnish/custom.vcl \
            -S /etc/varnish/secret \
            -s malloc,1G"

here /etc/varnish/custom.vcl

vcl 4.0;

backend default {
    .host = "localhost";
    .port = "8080";
}

acl purger {
    "localhost";
    "142.93.244.9";
}

sub vcl_recv {
if (client.ip != "127.0.0.1" && req.http.host ~ "example.com") {
    set req.http.x-redir = "https://www.example.com" + req.url;
return(synth(850, ""));
}

if (req.method == "PURGE") {
    if (!client.ip ~ purger) {
        return(synth(405, "This IP is not allowed to send PURGE requests."));
  }
return (purge);
}

if (req.restarts == 0) {
    if (req.http.X-Forwarded-For) {
        set req.http.X-Forwarded-For = client.ip;
  }
}

if (req.http.Authorization || req.method == "POST") {
return (pass);
}

if (req.url ~ "/feed") {
return (pass);
}

if (req.url ~ "wp-admin|wp-login") {
return (pass);
}

set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");

set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");

if (req.http.cookie == "") {
    unset req.http.cookie;
  }
}
#end of vcl_recv

sub vcl_synth {
 if (resp.status == 850) {
     set resp.http.Location = req.http.x-redir;
     set resp.status = 302;
     return (deliver);
 }
}

sub vcl_purge {
 set req.method = "GET";
 set req.http.X-Purger = "Purged";
 return (restart);
}

sub vcl_backend_response {
set beresp.ttl = 24h;

set beresp.grace = 1h;

if (bereq.url !~ "wp-admin|wp-login|product|cart|checkout|my-account|/?remove_item=") {
    unset beresp.http.set-cookie;
    }
}

sub vcl_deliver {
    if (req.http.X-Purger) {
        set resp.http.X-Purger = req.http.X-Purger;
    }
}

/lib/systemd/system/varnish.service (I just changed this lines)

ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/custom.vcl
ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/custom.vcl -S /etc/varnish/secret -s malloc,1G

Thanks for helping

1 Answer

It looks good. I’m suspecting either Varnish or Nginx isn’t listening on 80 or 443 respectively. I’ll need some more info to go on:

netstat -atnlp|grep '80\|443\|8080'

ps -elf|grep 'nginx\|varnish'

nginx -t

grep listen -r /etc/nginx

curl -I http://example.com
curl -I https://example.com

Cheers

Have another answer? Share your knowledge.