Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
This is rough documentation on how to add SSL support to your Varnish+Turpentine site using either Pound or Nginx. It hasn't been thoroughly tested, but I did not find any notable problems with it on my dev site.
- Requires Magento CE version >= 184.108.40.206 (or the equivalent version of Magento EE)
- Using HTTPS in the unsecure base URL will not work, Magento will get stuck in a redirect loop because of an issue (see https://www.varnish-cache.org/trac/ticket/1333). At least, this fix is not available for varnish 3
Setup SSL Wrapper
TimeOut 3600 ListenHTTPS Address <Varnish listener IP> Port 443 Cert "<path to your SSL cert .pem>" xHTTP 2 RewriteLocation 1 Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP" AddHeader "Ssl-Offloaded: 1" End Service BackEnd Address <Varnish listener IP> Port <Varnish listener port, probably 80 or 8080> End End
The important lines are the
line which disables SSLv2 and some weak ciphers for PCI compliance and the
AddHeader "Ssl-Offloaded: 1" line which will add a header to let Magento
know that this request is secure even though Magento will see it as a plain
See issue #35
Adjust Apache Configuration
Add to either Magento's
.htaccess file or your VirtualHost:
SetEnvIf Ssl-Offloaded 1 HTTPS=on
Adjust Magento Configuration
System > Configuration > Web > Secure change the Offloader header
HTTP_SSL_OFFLOADED (from the default
SSL_OFFLOADED) and make
sure the Base URL has
https for the protocol, then save.
And you're done! It should just work. Note that Varnish will cache the HTTP and HTTPS pages separately. This could be changed but I'm not sure it's a good idea.
This issue has useful information from @ADDISON74 and make be useful depending on your approach and environment.