Hello, i don’t know if you already solved your issue (it’s quiete a pain to configure ssl with nginx and varnish only), but i solved this way:
starting from the hybrid
nginx on port 8080 and port 443
varnish on port 80
request on port 80 arrive on varnish, if not cached are requested to nginx on port 8080, and sent back to the user
request on port 443 (ssl) arrive on nginx, request is decrypted and sent to varnish (using proxy_pass directive using local network) on port 80, varnish request the document to nginx on 8080 or use grab its cache and send the document back to nginx, nginx crypt the document and send it back to the user
with this scenario your web server work both on http and https
next step is to redirect all http requests to https; this is done in varnish, since it is the software listening on port 80
i made the following modification in varnish default.vcl (i’m using varnish 3.0.5, for varnish 4 its a bit different)
sub vcl_recv {
.....
#HTTPS
if ( (req.http.host ~ "^(?i)mysite.it" || req.http.host ~ "^(?i)www.mysite.it")
&& req.http.X-Forwarded-Proto !~ "(?i)https") {
set req.http.x-Redir-Url = "https://www.mysite.it" + req.url;
error 750 req.http.x-Redir-Url;
}
...
}
sub vcl_error {
if (obj.status == 750) {
set obj.http.Location = obj.response;
set obj.status = 301;
return (deliver);
}
}
this way any requst to http://mysite.it or http://www.mysite.it are redirected (with full path) to https using a 301
You would probably need a little more tweaks to have everything working as you like (for example logging ip’s) but this is the main concept to achieve a full http to https switch