Nginx problema de configuración de barniz

0

Estoy tratando de instalar barniz con ssl desde este enlace: https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8/

Hice todo como publicar, pero ahora tengo el mensaje "No se puede acceder a este sitio. Example.com se negó a conectar" error. Solo me falta algo, estoy seguro, pero no sé dónde.

Aquí / etc / nginx / sites-available / default:

    server {
   listen  443 ssl;
   listen  [::]:443 ssl;
   server_name example.com  www.example.com;
   port_in_redirect off;

   ssl                  on;
   ssl_certificate      /etc/letsencrypt/live/example.com/fullchain.pem;
   ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:20m;
   ssl_session_timeout 60m;

   add_header Strict-Transport-Security "max-age=31536000";
   add_header X-Content-Type-Options nosniff;

   location / {
     proxy_pass http://127.0.0.1:80;
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
     proxy_set_header HTTPS "on";

     access_log /var/www/html/logs/access.log;
     error_log  /var/www/html/logs/error.log notice;
     }
}

server {
   listen 8080;
   listen [::]:8080;
   server_name example.com  www.example.com;
   root /var/www/html;
   index index.php;
   port_in_redirect off;

   location / {
      try_files $uri $uri/ /index.php?$args;
   }

   location ~ \.php$ {
       try_files $uri =404;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param HTTPS on;
       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
       }
}

Aquí está / etc / default / varnish (acabo de cambiar estas líneas):

DAEMON_OPTS="-a :80 \
            -T localhost:6082 \
            -f /etc/varnish/custom.vcl \
            -S /etc/varnish/secret \
            -s malloc,1G"

aquí /etc/varnish/custom.vcl

vcl 4.0;

backend default {
    .host = "localhost";
    .port = "8080";
}

acl purger {
    "localhost";
    "142.93.244.9";
}

sub vcl_recv {
if (client.ip != "127.0.0.1" && req.http.host ~ "example.com") {
    set req.http.x-redir = "https://www.example.com" + req.url;
return(synth(850, ""));
}

if (req.method == "PURGE") {
    if (!client.ip ~ purger) {
        return(synth(405, "This IP is not allowed to send PURGE requests."));
  }
return (purge);
}

if (req.restarts == 0) {
    if (req.http.X-Forwarded-For) {
        set req.http.X-Forwarded-For = client.ip;
  }
}

if (req.http.Authorization || req.method == "POST") {
return (pass);
}

if (req.url ~ "/feed") {
return (pass);
}

if (req.url ~ "wp-admin|wp-login") {
return (pass);
}

set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");

set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");

if (req.http.cookie == "") {
    unset req.http.cookie;
  }
}
#end of vcl_recv

sub vcl_synth {
 if (resp.status == 850) {
     set resp.http.Location = req.http.x-redir;
     set resp.status = 302;
     return (deliver);
 }
}

sub vcl_purge {
 set req.method = "GET";
 set req.http.X-Purger = "Purged";
 return (restart);
}

sub vcl_backend_response {
set beresp.ttl = 24h;

set beresp.grace = 1h;

if (bereq.url !~ "wp-admin|wp-login|product|cart|checkout|my-account|/?remove_item=") {
    unset beresp.http.set-cookie;
    }
}

sub vcl_deliver {
    if (req.http.X-Purger) {
        set resp.http.X-Purger = req.http.X-Purger;
    }
}

/lib/systemd/system/varnish.service (acabo de cambiar estas líneas)

ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/custom.vcl
ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/custom.vcl -S /etc/varnish/secret -s malloc,1G

Gracias por ayudar

more
fuente
1
¿Qué espera lograr con "return (synth (850," "));" ?
Gerard H. Pille
En realidad no estoy seguro, pero creo que es parte de la redirección de HTTP a HTTPS
more
Si no me equivoco, el 850 debería ser un código de retorno HTTP válido, en su caso tal vez un 301 o 302, para que el navegador siga la redirección.
Gerard H. Pille