Control Web Panel
WebPanel => SSL => Topic started by: 6Sense on May 05, 2016, 07:52:01 AM
-
Hi, I have SSL's installed on my wordpress sites but only use https on the business pages (Account page & Checkout etc). I also make use of the default Varnish + Nginx reverse proxy setup doing its wonderful work with delivering web content in a speedy fashion.
If I force SLL across all my sites pages (I'm hearing this can help your google rank) will I loose the performance benefits of the Varnish + Nginx reverse proxy setup and if so is there a work around?
PS New to CWP and loving it btw :)
-
ssl only works with Apache (as of now).
you can manually configure nginx to run ssl on port 443.
-
OK thanks for the quick answer.
I value the varnish cache so I will leave the sites on http & will look out for any future updates.
Cheers :)
-
I have just setup a VPS at scaleway. Running CWP.
I have install Varnish:80, NGINX:82 &:443, Apache :8181.
I setup a test WP site. Setup with Letsencrpyt certs. Setup Nginx with Http2. Using PHP7.
I test my site and it hits the varnish cache.
On pingdom I get faster than 92% of tested websites. (No caching plugins yet) http://tools.pingdom.com/fpt/ch6gYR/https://test.mariselaveludo.com (http://tools.pingdom.com/fpt/ch6gYR/https://test.mariselaveludo.com)
I loaded up 100 VU's from loadimpact over 3 different locations over a 5min period, results:
Page 1 Aggregated (World) Auto generated from test.mariselaveludo.com 549 238.9ms 2.66s 3.74s Add graph
Page 1 Ashburn, US (Amazon) Auto generated from test.mariselaveludo.com 192 825.47ms 952.58ms 1.97s Add graph
Page 1 Dublin, IE (Amazon) Auto generated from test.mariselaveludo.com 190 238.9ms 283.49ms 466.53ms Add graph
Page 1 Sydney, AU (Amazon) Auto generated from test.mariselaveludo.com 167 3.28s 3.4s 3.74s Add graph
Here is my varnishstat from that period:
Uptime mgt: 0+01:55:02 Hitrate n: 10 100 1000
Uptime child: 0+01:55:02 avg(n): 0.0000 0.2450 0.2331
NAME CURRENT CHANGE AVERAGE AVG_10 AVG_100 AVG_1000
MAIN.uptime 0+01:55:02
MAIN.sess_conn 4889 0.00 . 0.00 5.03 3.56
MAIN.client_req 4908 0.00 . 0.00 5.03 3.57
MAIN.cache_hit 4665 0.00 . 0.00 5.03 3.56
MAIN.cache_miss 46 0.00 . 0.00 0.00 0.00
MAIN.backend_reuse 49 0.00 . 0.00 0.00 0.00
MAIN.backend_recycle 63 0.00 . 0.00 0.00 0.00
You can see that it hits Varnish cache. So I dont see a problem enabling https site wide.
-
I forgot to mention. I was running this on a 3 euro scaleway vps with 2 intel atom cores, 2GB ram and 50GB SSD. These graphs from New Relci at the time of testing
https://rpm.newrelic.com/public/charts/6Esp26alY6R
https://rpm.newrelic.com/public/charts/8bYlIM8F8gl
https://rpm.newrelic.com/public/charts/9FqmKU12fJj
-
madbradjohnson could you write short guide how to make NGINX listen on :443, please?
I tried to do it but it couldn't bind to this address.
-
I figured it out.
You have to disable apache listening on 443 in /usr/local/apache/conf.d/vhosts-ssl.conf (for example by removing it's content. BACKUP THIS FILE FIRST).
Then you have to add in the NGINX configuration file something like:
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;
-
I figured it out.
You have to disable apache listening on 443 in /usr/local/apache/conf.d/vhosts-ssl.conf (for example by removing it's content. BACKUP THIS FILE FIRST).
Then you have to add in the NGINX configuration file something like:
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;
I install nginx using option
Apache & Nginx Reverse Proxy (Nginx on port 80 and apache on port 8181)
After installation I've got this status:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25120/httpd
tcp 0 0 xxx.xxx.194.99:80 0.0.0.0:* LISTEN 25140/nginx
tcp 0 0 0.0.0.0:8181 0.0.0.0:* LISTEN 25120/httpd
What I have to change in my configuration files to make apache using nginx?..
I have 2 websites with different SSL certificates.
Sorry I am new into CWP.
-
I have just setup a VPS at scaleway. Running CWP.
I have install Varnish:80, NGINX:82 &:443, Apache :8181.
I setup a test WP site. Setup with Letsencrpyt certs. Setup Nginx with Http2. Using PHP7.
I test my site and it hits the varnish cache.
On pingdom I get faster than 92% of tested websites. (No caching plugins yet) http://tools.pingdom.com/fpt/ch6gYR/https://test.mariselaveludo.com (http://tools.pingdom.com/fpt/ch6gYR/https://test.mariselaveludo.com)
I loaded up 100 VU's from loadimpact over 3 different locations over a 5min period, results:
Page 1 Aggregated (World) Auto generated from test.mariselaveludo.com 549 238.9ms 2.66s 3.74s Add graph
Page 1 Ashburn, US (Amazon) Auto generated from test.mariselaveludo.com 192 825.47ms 952.58ms 1.97s Add graph
Page 1 Dublin, IE (Amazon) Auto generated from test.mariselaveludo.com 190 238.9ms 283.49ms 466.53ms Add graph
Page 1 Sydney, AU (Amazon) Auto generated from test.mariselaveludo.com 167 3.28s 3.4s 3.74s Add graph
Here is my varnishstat from that period:
Uptime mgt: 0+01:55:02 Hitrate n: 10 100 1000
Uptime child: 0+01:55:02 avg(n): 0.0000 0.2450 0.2331
NAME CURRENT CHANGE AVERAGE AVG_10 AVG_100 AVG_1000
MAIN.uptime 0+01:55:02
MAIN.sess_conn 4889 0.00 . 0.00 5.03 3.56
MAIN.client_req 4908 0.00 . 0.00 5.03 3.57
MAIN.cache_hit 4665 0.00 . 0.00 5.03 3.56
MAIN.cache_miss 46 0.00 . 0.00 0.00 0.00
MAIN.backend_reuse 49 0.00 . 0.00 0.00 0.00
MAIN.backend_recycle 63 0.00 . 0.00 0.00 0.00
You can see that it hits Varnish cache. So I dont see a problem enabling https site wide.
Hey madbradjohnson, can you give me your nginx config? such as /etc/nginx/conf.d/yourdomain.com.conf
-
Yes, varnish does not support SSL.
However, you can set
nginx SSL : port 443 (as proxy server). You force https across domain at this step. Don't force https at back-end (Apache). Search Google how to force https on nginx
varnish : cache server
apache : backend
Visitor -> Nginx (https) -> Varnish -> Apache (dont force https using .htaccess at this step)
I confirm had been succeeding install https together with varnish. Please note, varnish only caches static content (images,js, CSS , html, text...), if you want to cache dynamic content, you need to cache it on your back-end first.