This is rough documentation on how to add SSL support to your Varnish+Turpentine site using either Pound or Nginx. It hasn't been thoroughly tested, but I did not find any notable problems with it on my dev site.
TimeOut 3600 ListenHTTPS Address <Varnish listener IP> Port 443 Cert "<path to your SSL cert .pem>" xHTTP 2 RewriteLocation 1 Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP" AddHeader "Ssl-Offloaded: 1" End Service BackEnd Address <Varnish listener IP> Port <Varnish listener port, probably 80 or 8080> End End
The important lines are the
line which disables SSLv2 and some weak ciphers for PCI compliance and the
AddHeader "Ssl-Offloaded: 1" line which will add a header to let Magento
know that this request is secure even though Magento will see it as a plain
See issue #35
Add to either Magento's
.htaccess file or your VirtualHost:
SetEnvIf Ssl-Offloaded 1 HTTPS=on
System > Configuration > Web > Secure change the Offloader header
HTTP_SSL_OFFLOADED (from the default
SSL_OFFLOADED) and make
sure the Base URL has
https for the protocol, then save.
And you're done! It should just work. Note that Varnish will cache the HTTP and HTTPS pages separately. This could be changed but I'm not sure it's a good idea.