nginx + varnish + apache + SSL ( working fine )

mohamad_oops

New member
Joined
Oct 9, 2016
Messages
2
how use varnish with SSL (HTTPS) in directadmin :

1. Install NGINX+Apache+php-fpm

2. Install Varnish 6

download :
http://varnish-cache.org/
https://packagecloud.io/varnishcache

Code:
yum install epel-release
yum install varnish

3. change ram usage :

in file : /etc/varnish/varnish.params
default is 256m

4. Copy files :

/usr/local/directadmin/data/templates/nginx_server.conf
/usr/local/directadmin/data/templates/nginx_server_sub.conf
/usr/local/directadmin/data/templates/nginx_server_secure.conf
/usr/local/directadmin/data/templates/nginx_server_secure_sub.conf

to folder :

/usr/local/directadmin/data/templates/custom/

Modify the files in folder :

/usr/local/directadmin/data/templates/custom/

in files : nginx_server.conf & nginx_server_sub.conf changes is :

Code:
proxy_pass http://|IP|:|PORT_8080|;

to

Code:
proxy_pass http://|IP|:6081;

and in files : nginx_server_secure.conf & nginx_server_secure_sub.conf changes is :

Code:
proxy_pass http://|IP|:|PORT_8081|;
proxy_set_header X-Client-IP      $remote_addr;
proxy_set_header X-Accel-Internal /nginx_static_files;
proxy_set_header Host             $host;
proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_hide_header Upgrade;

to

Code:
proxy_pass http://|IP|:6081;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;

6. Rewrite nginx virtual hosts: (ssh code)

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq

7. restart PHP & APACHE & NGINX & VARNISH and enable chkconfig varnish

in centos 6 : (for example php 7.2 = php-fpm72 )

Code:
service php-fpm72 restart
service httpd restart
service nginx restart
service varnish restart
chkconfig --add varnish
chkconfig varnish on



in centos 7 : (for example php 7.2 = php-fpm72 )


Code:
systemctl restart php-fpm72
systemctl restart httpd
systemctl restart nginx
systemctl restart varnish
systemctl enable varnish


8. for loop errors in some cms :

in wordpress : (for use https)

insert this code in file wp-config.php : (above of "/* That's all, stop editing! Happy blogging. */ " )

Code:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
 $_SERVER['HTTPS']='on';

in magento : (for use https)

Add this to your the Magento .htaccess file located in your docroot

Code:
SetEnvIf X-Forwarded-Proto https HTTPS=on

9. test working :

Code:
curl -I https://yoursite.com

you should see: "via: 1.1 varnish (Varnish/6.0)"


enjoy speed :cool:


if you want to remove varnish :

remove this files :

/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
/usr/local/directadmin/data/templates/custom/nginx_server_secure.conf
/usr/local/directadmin/data/templates/custom/nginx_server_secure_sub.conf


and rewrite virtual hosts:

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq

in centos 6 :

Code:
service php-fpm72 restart
service httpd restart
service nginx restart



in centos 7 :

Code:
systemctl restart php-fpm72
systemctl restart httpd
systemctl restart nginx

Code:
yum remove varnish
 
Thanks for this helpful tutorial,
but I have a problem , after applying this changes I faced with infinite loop
any advice ?
 
An infinite loop (besides already mentioned by the TS) might occur if you detect HTTP in .htaccess and redirects to HTTPS using mod_rewrite.

You should check and update mod_rewrite rules in .htaccess to rely on X-Forwarded-Proto:

Code:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

You might try and add:

Code:
<IfModule setenvif_module>
    SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
    SetEnvIf X-Forwarded-Proto "^https$" X_SERVER_PORT=443
    SetEnvIf X-Forwarded-Proto "^https$" X_REQUEST_SCHEME=https
</IfModule>

into /etc/httpd/conf/extra/httpd-includes.conf and restart Apache.
 
My server has been installed nginx_apache and has been running normally so far.

To improve the directadmin server performance that I use, I intend to install varnish on my server.
systemctl restart php-fpm72 ---> fine :)
systemctl restart httpd ---> fine :)
systemctl restart nginx ---> error :(
systemctl restart varnish ---> fine :)
systemctl enable varnish ---> fine :)

But, following the tutorial written by @mohamad_oops, I encountered an error when restarting nginx as follows:

[root@panel ~]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

# systemctl status nginx.service
Aug 05 03:10:30 HOSTNAME.DOMAIN.com nginx[14559]: nginx: [emerg] invalid port in upstream "THE_SERVER_IP_ADDRESS:|PORT_8081|" in /usr/local/directadmin/data/users/admin/nginx.conf:25
Aug 05 03:10:30 HOSTNAME.DOMAIN.com nginx[14559]: nginx: configuration file /etc/nginx/nginx.conf test failed
Aug 05 03:10:29 HOSTNAME.DOMAIN.com systemd[1]: nginx.service: control process exited, code=exited status=1

# nano /usr/local/directadmin/data/users/admin/nginx.conf
go to line 25:
proxy_pass http://THE_SERVER_IP_ADDRESS:|PORT_8081|;

I has changed value 8081 to 6081 and added ports 8081 and 6081 on CSF, but it's still got same error.

Please advise.
 
You should never edit /usr/local/directadmin/data/users/admin/nginx.conf directly. You should deal with template files as mentioned in the guide.
 
I am installed and receive this erroe

hi
I m install success and my server site open the html page
when im open the php page browser receive this error for all site plase help me
ERR_TOO_MANY_REDIRECTS
tanks
 
It might be infinite LOOPS with HTTP -> HTTPS. see the post #3 for a possible solution.
 
Hi all,

I followed all steps, dont get any error varnish is also running but when i check if varnish is serving the content with curl -I i still see nginx any idea what could be wrong ?

Kind regards,

Daan
 
Hoi Daan,

Could be plenty its hard to say if the issue is still current got any logs from nginx / varnish ? it's a bit little to go on.
If no errors are returned and it works fine then most likely either the wrong file was changed maybe domain specific maybe forgot to restart doubt it but still :)
try the curl directly on the varnish port to see if that responds.

your welcome to pm me if you don't want to post logs or anything.

ps. Voor everyone else afther this setup varnish runs but does pretty much nothing since you can avoid it with cookies etc. its a very basic default config. https://github.com/mattiasgeniar Has a a exelend template setup have a look at those.
 
Voor everyone else afther this setup varnish runs but does pretty much nothing since you can avoid it with cookies etc. its a very basic default config.

Yes, though Varnish might be good for a single project server, where you run a single web-site. It might be not that good for shared-hosting servers.
 
how use varnish with SSL (HTTPS) in directadmin :

1. Install NGINX+Apache+php-fpm

2. Install Varnish 6


download :
http://varnish-cache.org/
https://packagecloud.io/varnishcache

Code:
yum install epel-release
yum install varnish

3. change ram usage :

in file : /etc/varnish/varnish.params
default is 256m

4. Copy files :

/usr/local/directadmin/data/templates/nginx_server.conf
/usr/local/directadmin/data/templates/nginx_server_sub.conf
/usr/local/directadmin/data/templates/nginx_server_secure.conf
/usr/local/directadmin/data/templates/nginx_server_secure_sub.conf

to folder :

/usr/local/directadmin/data/templates/custom/

Modify the files in folder :

/usr/local/directadmin/data/templates/custom/

in files : nginx_server.conf & nginx_server_sub.conf changes is :

Code:
proxy_pass http://|IP|:|PORT_8080|;

to

Code:
proxy_pass http://|IP|:6081;

and in files : nginx_server_secure.conf & nginx_server_secure_sub.conf changes is :

Code:
proxy_pass http://|IP|:|PORT_8081|;
proxy_set_header X-Client-IP      $remote_addr;
proxy_set_header X-Accel-Internal /nginx_static_files;
proxy_set_header Host             $host;
proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_hide_header Upgrade;

to

Code:
proxy_pass http://|IP|:6081;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;

6. Rewrite nginx virtual hosts: (ssh code)

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq

7. restart PHP & APACHE & NGINX & VARNISH and enable chkconfig varnish

in centos 6 :
(for example php 7.2 = php-fpm72 )

Code:
service php-fpm72 restart
service httpd restart
service nginx restart
service varnish restart
chkconfig --add varnish
chkconfig varnish on



in centos 7 : (for example php 7.2 = php-fpm72 )


Code:
systemctl restart php-fpm72
systemctl restart httpd
systemctl restart nginx
systemctl restart varnish
systemctl enable varnish


8. for loop errors in some cms :

in wordpress :
(for use https)

insert this code in file wp-config.php : (above of "/* That's all, stop editing! Happy blogging. */ " )

Code:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';

in magento : (for use https)

Add this to your the Magento .htaccess file located in your docroot

Code:
SetEnvIf X-Forwarded-Proto https HTTPS=on

9. test working :

Code:
curl -I https://yoursite.com

you should see: "via: 1.1 varnish (Varnish/6.0)"


enjoy speed :cool:


if you want to remove varnish :

remove this files :


/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
/usr/local/directadmin/data/templates/custom/nginx_server_secure.conf
/usr/local/directadmin/data/templates/custom/nginx_server_secure_sub.conf


and rewrite virtual hosts:

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq

in centos 6 :

Code:
service php-fpm72 restart
service httpd restart
service nginx restart



in centos 7 :

Code:
systemctl restart php-fpm72
systemctl restart httpd
systemctl restart nginx

Code:
yum remove varnish

do you have an update ? I have tried but some settings are changed with the time?

and what do you mean wit download at the top, where do I put the files ?
 
works great but I have one single problem. I'm using a CDN(js, woff, .html from ajax calls, and other resources load from cdn.mydomain.com) and ajax calls fail as they try to do an OPTIONS request as they are accessing another origin. Any idea in fixing this? I used to fix this when I was using Litespeed with a simple
Code:
Header set Access-Control-Allow-Source-Origin *
Header set Access-Control-Allow-Methods "OPTIONS, GET, HEAD, POST"

Apparently that doesn't work with this setup, any ideas?

How the request is showing like:
1604771406404-png.3839


Thanks!
 
Hi, I am new to this forum and just started a VPS. Now I manage a lot, but I don't fully understand point 6, is there someone who can tell me where I can find the location of nginx vhosts?

6. Rewrite nginx virtual hosts: (ssh code)

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq
 
does this work with cloudlinux mod_lsapi? we're using cloudlinux alt-php.

and i want to ask how will user clear cache if they want to?
 
does this work with cloudlinux mod_lsapi? we're using cloudlinux alt-php.

What are you asking about? If you are using CloudLinux why would you want nginx+varnish+apache? If you are deadly sure you need it, then I don't see any reason why it would not work under CloudLinux. And still I would rather avoid using nginx+varnish+apache on any Linux OS for shared hosting.

and i want to ask how will user clear cache if they want to?

Read official docs for Varnish. CloudLinux can offer better solutions for their users.
 
Back
Top