apache + varnish + nginx + ssl + wordpress redirect all http traffic to https

I have a web server running centos 6.7 apache 2.2/whm varnish 4 and nginx. This is a shared server with many websites on it. I have varnish/apache taking care of all non-https request, and I have nginx taking care of any SSL terminations and then handing it off to varnish/apache. Everything is running great for http and https request except redirecting. I have e-commerce store that I want to force all http request to https request. I can’t seem to get it to work properly. I’ve tried several different configurations inside my .htaccess file with no luck.

heres my current setup:

Read More

/etc/varnish/default.vcl

 # Default backend definition. Set this to point to your content server.
backend default {
    .host = "MY SERVERS IP";
    .port = "8080";
}

sub vcl_recv {

 # Remove any Google Analytics based cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");

  # Remove Optimizely Cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "optim.=[^;]+(; )?", "");
  # Remove Gauges Cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "_gau.=[^;]+(; )?", "");

  # Remove a ";" prefix in the cookie if present
  set req.http.Cookie = regsuball(req.http.Cookie, "^;s*", "");

  # Are there cookies left with only spaces or that are empty?
  if (req.http.cookie ~ "^s*$") {
    unset req.http.cookie;
  }

   if (req.restarts == 0) {
    if (req.http.x-forwarded-for) {
      set req.http.X-Forwarded-For =
        req.http.X-Forwarded-For + ", " + client.ip;
      } else {
    set req.http.X-Forwarded-For = client.ip;
      }
  }

  if (req.method != "GET" &&
      req.method != "HEAD" &&
      req.method != "PUT" &&
      req.method != "POST" &&
      req.method != "TRACE" &&
      req.method != "OPTIONS" &&
      req.method != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
   }
   if (req.method != "GET" && req.method != "HEAD") {
        /* We only deal with GET and HEAD by default */
      return (pass);
  }

  if ( (req.http.host ~ "^(?i)smashing_ssl_one.tutorials.eoms") && req.http.X-Forwarded-Proto !~$
        set req.http.x-redir = "https://" + req.http.host + req.url;
        return (synth(750, ""));
  }
 return (hash);
}

# handles redirecting from http to https
sub vcl_synth {
  if (resp.status == 750) {
    set resp.status = 301;
    set resp.http.Location = req.http.x-redir;
    return(deliver);
  }
}

sub vcl_backend_response {
  set beresp.ttl = 10s;
  set beresp.grace = 1h;
}

sub vcl_deliver {
  if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disab$
    set resp.http.X-Cache = "HIT";
  } else {
    set resp.http.X-Cache = "MISS";
  }
}

/etc/nginx/conf.d

server {
    listen *:443 ssl;

    ssl on;
    server_name ampedlogic.com;
    ssl_certificate /etc/nginx/ssl/ampedlogic.com.crt;
    ssl_certificate_key /etc/nginx/ssl/ampedlogic.com.key;

    location / {
        proxy_pass http://127.0.0.1:80;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;


        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Host $host;
    }
}

etc/syscongif/varnish

      #Configuration file for varnish
      #
      # /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
      # shell script fragment.
      #

      # Maximum number of open files (for ulimit -n)
      NFILES=131072

      # Locked shared memory (for ulimit -l)
      # Default log size is 82MB + header
      MEMLOCK=82000

      # Maximum number of threads (for ulimit -u)
      NPROCS="unlimited"

      # Maximum size of corefile (for ulimit -c). Default in Fedora is 0
      # DAEMON_COREFILE_LIMIT="unlimited"

      # Set this to 1 to make init script reload try to switch vcl without restart.
      # To make this work, you need to set the following variables
      # explicit: VARNISH_VCL_CONF, VARNISH_ADMIN_LISTEN_ADDRESS,
      # VARNISH_ADMIN_LISTEN_PORT, VARNISH_SECRET_FILE, or in short,
      # use Alternative 3, Advanced configuration, below
      RELOAD_VCL=1

      # This file contains 4 alternatives, please use only one.

      ## Alternative 1, Minimal configuration, no VCL
      #
      # Listen on port 6081, administration on localhost:6082, and forward to
      # content server on localhost:8080.  Use a fixed-size cache file.
      #
      #DAEMON_OPTS="-a :6081 
      #             -T localhost:6082 
      #             -b localhost:8080 
      #             -u varnish -g varnish 
      #             -s file,/var/lib/varnish/varnish_storage.bin,1G"


      ## Alternative 2, Configuration with VCL
      #
      # Listen on port 6081, administration on localhost:6082, and forward to
      # one content server selected by the vcl file, based on the request.  Use a
      # fixed-size cache file.
      #
      #DAEMON_OPTS="-a :6081 
      #             -T localhost:6082 
      #             -f /etc/varnish/default.vcl 
      #             -u varnish -g varnish 
      #             -S /etc/varnish/secret 
      #             -s file,/var/lib/varnish/varnish_storage.bin,1G"


      ## Alternative 3, Advanced configuration
      #
      # See varnishd(1) for more information.
      #
      # # Main configuration file. You probably want to change it :)
      VARNISH_VCL_CONF=/etc/varnish/default.vcl
      #
      # # Default address and port to bind to
      # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
      # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
      #VARNISH_LISTEN_ADDRESS=
      VARNISH_LISTEN_PORT=80
      #
      # # Telnet admin interface listen address and port
      VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
      VARNISH_ADMIN_LISTEN_PORT=6082
      #
       # # Shared secret file for admin interface
     VARNISH_SECRET_FILE=/etc/varnish/secret
      #
      # # The minimum number of worker threads to start
      VARNISH_MIN_THREADS=50
      #
      # # The Maximum number of worker threads to start
      VARNISH_MAX_THREADS=1000
      #
      # # Idle timeout for worker threads
      VARNISH_THREAD_TIMEOUT=120
      #
      # # Cache file size: in bytes, optionally using k / M / G / T suffix,
      # # or in percentage of available disk space using the % suffix.
      VARNISH_STORAGE_SIZE=1000M
      #
      # # Backend storage specification
      VARNISH_STORAGE="malloc,${VARNISH_STORAGE_SIZE}"
      #
      # # Default TTL used when the backend does not specify one
      VARNISH_TTL=120
      #
      # # DAEMON_OPTS is used by the init script.  If you add or remove options, make
      # # sure you update this section, too.
      # # sure you update this section, too.
      DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} 
                   -f ${VARNISH_VCL_CONF} 
                   -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} 
                   -t ${VARNISH_TTL} 
                   -p thread_pool_min=${VARNISH_MIN_THREADS} 
                   -p thread_pool_max=${VARNISH_MAX_THREADS} 
                   -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} 
                   -u varnish -g varnish 
                   -S ${VARNISH_SECRET_FILE} 
                   -s ${VARNISH_STORAGE}"
      #


      ## Alternative 4, Do It Yourself. See varnishd(1) for more information.
      #
      # DAEMON_OPTS=""

wp-config.php

        if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS']='on';

Related posts

2 comments

  1. Put the following in your .htaccess:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule .* https://host.com/$1 [L,R=301]
    

    This will force all http requests inside of apache to redirect to https, preserving the URI

  2. For any WordPress application write these line into wp-config.php file.

    $_SERVER[‘HTTPS’] = “on”;

    For any PHP and laravel application write these line into .env file.

    $_SERVER[‘HTTPS’] = “on”;

Comments are closed.