Estoy tratando de instalar barniz con ssl desde este enlace: https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8/
Hice todo como publicar, pero ahora tengo el mensaje "No se puede acceder a este sitio. Example.com se negó a conectar" error. Solo me falta algo, estoy seguro, pero no sé dónde.
Aquí / etc / nginx / sites-available / default:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com www.example.com;
port_in_redirect off;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS "on";
access_log /var/www/html/logs/access.log;
error_log /var/www/html/logs/error.log notice;
}
}
server {
listen 8080;
listen [::]:8080;
server_name example.com www.example.com;
root /var/www/html;
index index.php;
port_in_redirect off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}
Aquí está / etc / default / varnish (acabo de cambiar estas líneas):
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/custom.vcl \
-S /etc/varnish/secret \
-s malloc,1G"
aquí /etc/varnish/custom.vcl
vcl 4.0;
backend default {
.host = "localhost";
.port = "8080";
}
acl purger {
"localhost";
"142.93.244.9";
}
sub vcl_recv {
if (client.ip != "127.0.0.1" && req.http.host ~ "example.com") {
set req.http.x-redir = "https://www.example.com" + req.url;
return(synth(850, ""));
}
if (req.method == "PURGE") {
if (!client.ip ~ purger) {
return(synth(405, "This IP is not allowed to send PURGE requests."));
}
return (purge);
}
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.http.Authorization || req.method == "POST") {
return (pass);
}
if (req.url ~ "/feed") {
return (pass);
}
if (req.url ~ "wp-admin|wp-login") {
return (pass);
}
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");
if (req.http.cookie == "") {
unset req.http.cookie;
}
}
#end of vcl_recv
sub vcl_synth {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 302;
return (deliver);
}
}
sub vcl_purge {
set req.method = "GET";
set req.http.X-Purger = "Purged";
return (restart);
}
sub vcl_backend_response {
set beresp.ttl = 24h;
set beresp.grace = 1h;
if (bereq.url !~ "wp-admin|wp-login|product|cart|checkout|my-account|/?remove_item=") {
unset beresp.http.set-cookie;
}
}
sub vcl_deliver {
if (req.http.X-Purger) {
set resp.http.X-Purger = req.http.X-Purger;
}
}
/lib/systemd/system/varnish.service (acabo de cambiar estas líneas)
ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/custom.vcl
ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/custom.vcl -S /etc/varnish/secret -s malloc,1G
Gracias por ayudar
1
¿Qué espera lograr con "return (synth (850," "));" ?
Gerard H. Pille
En realidad no estoy seguro, pero creo que es parte de la redirección de HTTP a HTTPS
more
Si no me equivoco, el 850 debería ser un código de retorno HTTP válido, en su caso tal vez un 301 o 302, para que el navegador siga la redirección.
Gerard H. Pille