Aric Watson edited this page Dec 9, 2015 · 10 revisions

This is rough documentation on how to add SSL support to your Varnish+Turpentine site using either Pound or Nginx. It hasn't been thoroughly tested, but I did not find any notable problems with it on my dev site.


  • Requires Magento CE version >= (or the equivalent version of Magento EE)
  • Using HTTPS in the unsecure base URL will not work, Magento will get stuck in a redirect loop because of an issue (see At least, this fix is not available for varnish 3

Setup SSL Wrapper

Using Pound

Example config:

TimeOut 3600

    Address <Varnish listener IP>
    Port    443
    Cert    "<path to your SSL cert .pem>"
    xHTTP   2
    RewriteLocation 1
    Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP"
    AddHeader "Ssl-Offloaded: 1"

        Address <Varnish listener IP>
        Port    <Varnish listener port, probably 80 or 8080>

The important lines are the Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP" line which disables SSLv2 and some weak ciphers for PCI compliance and the AddHeader "Ssl-Offloaded: 1" line which will add a header to let Magento know that this request is secure even though Magento will see it as a plain HTTP request.

Using Nginx

See issue #35

Adjust Apache Configuration

Add to either Magento's .htaccess file or your VirtualHost:

SetEnvIf Ssl-Offloaded 1 HTTPS=on

Adjust Magento Configuration

Under System > Configuration > Web > Secure change the Offloader header value to HTTP_SSL_OFFLOADED (from the default SSL_OFFLOADED) and make sure the Base URL has https for the protocol, then save.

And you're done! It should just work. Note that Varnish will cache the HTTP and HTTPS pages separately. This could be changed but I'm not sure it's a good idea.

More Information

This issue has useful information from @ADDISON74 and make be useful depending on your approach and environment.