Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

SSL_Support

Kevin Horst edited this page · 7 revisions

This is rough documentation on how to add SSL support to your Varnish+Turpentine site using either Pound or Nginx. It hasn't been thoroughly tested, but I did not find any notable problems with it on my dev site.

Caveats:

  • Requires Magento CE version >= 1.6.2.0 (or the equivilent version of Magento EE)
  • Using HTTPS in the unsecure base URL will not work, Magento will get stuck in a redirect loop because of an issue (see https://www.varnish-cache.org/trac/ticket/1333). At least, this fix is not available for varnish 3

Setup SSL Wrapper

Using Pound

Example config:

TimeOut 3600

ListenHTTPS
    Address <Varnish listener IP>
    Port    443
    Cert    "<path to your SSL cert .pem>"
    xHTTP   2
    RewriteLocation 1
    Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP"
    AddHeader "Ssl-Offloaded: 1"
End

Service
    BackEnd
        Address <Varnish listener IP>
        Port    <Varnish listener port, probably 80 or 8080>
    End
End

The important lines are the Ciphers "RC4:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW:!EXP" line which disables SSLv2 and some weak ciphers for PCI compliance and the AddHeader "Ssl-Offloaded: 1" line which will add a header to let Magento know that this request is secure even though Magento will see it as a plain HTTP request.

Using Nginx

See issue #35

Adjust Apache Configuration

Add to either Magento's .htaccess file or your VirtualHost:

SetEnvIf Ssl-Offloaded 1 HTTPS=on

Adjust Magento Configuration

Under System > Configuration > Web > Secure change the Offloader header value to HTTP_SSL_OFFLOADED (from the default SSL_OFFLOADED) and make sure the Base URL has https for the protocol, then save.

And you're done! It should just work. Note that Varnish will cache the HTTP and HTTPS pages separately. This could be changed but I'm not sure it's a good idea.

Something went wrong with that request. Please try again.