Author Topic: If i force SSL across my domain will I loose the benefits of Varnish/Nginx?  (Read 16602 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Hi, I have SSL's installed on my wordpress sites but only use https on the business pages (Account page & Checkout etc). I also make use of the default Varnish + Nginx reverse proxy setup doing its wonderful work with delivering web content in a speedy fashion.

If I force SLL across all my sites pages (I'm hearing this can help your google rank) will I loose the performance benefits of the Varnish + Nginx reverse proxy setup and if so is there a work around?

PS New to CWP and loving it btw :)
Web Design, Development & Web Hosting
https://6sense.com.au

Offline
*****
ssl only works with Apache (as of now).

you can manually configure nginx to run ssl on port 443.


Offline
*
OK thanks for the quick answer.

I value the varnish cache so I will leave the sites on http & will look out for any future updates.

Cheers :)
Web Design, Development & Web Hosting
https://6sense.com.au

Offline
*
I have just setup a VPS at scaleway. Running CWP.

I have install Varnish:80, NGINX:82 &:443, Apache :8181.

I setup a test WP site. Setup with Letsencrpyt certs. Setup Nginx with Http2. Using PHP7.

I test my site and it hits the varnish cache.

On pingdom I get faster than 92% of tested websites. (No caching plugins yet) http://tools.pingdom.com/fpt/ch6gYR/https://test.mariselaveludo.com

I loaded up 100 VU's from loadimpact over 3 different locations over a 5min period, results:

Page 1   Aggregated (World)   Auto generated from test.mariselaveludo.com   549   238.9ms   2.66s   3.74s   Add graph
Page 1   Ashburn, US (Amazon)   Auto generated from test.mariselaveludo.com   192   825.47ms   952.58ms   1.97s   Add graph
Page 1   Dublin, IE (Amazon)   Auto generated from test.mariselaveludo.com   190   238.9ms   283.49ms   466.53ms   Add graph
Page 1   Sydney, AU (Amazon)   Auto generated from test.mariselaveludo.com   167   3.28s   3.4s   3.74s   Add graph

Here is my varnishstat from that period:

Uptime mgt:     0+01:55:02                                                                                              Hitrate n:       10      100     1000
Uptime child:   0+01:55:02                                                                                                 avg(n):   0.0000   0.2450   0.2331

    NAME                                                                       CURRENT        CHANGE       AVERAGE        AVG_10       AVG_100      AVG_1000
MAIN.uptime                                                                 0+01:55:02
MAIN.sess_conn                                                                    4889          0.00           .            0.00          5.03          3.56
MAIN.client_req                                                                   4908          0.00           .            0.00          5.03          3.57
MAIN.cache_hit                                                                    4665          0.00           .            0.00          5.03          3.56
MAIN.cache_miss                                                                     46          0.00           .            0.00          0.00          0.00
MAIN.backend_reuse                                                                  49          0.00           .            0.00          0.00          0.00
MAIN.backend_recycle                                                                63          0.00           .            0.00          0.00          0.00


You can see that it hits Varnish cache. So I dont see a problem enabling https site wide.



Offline
*
I forgot to mention. I was running this on a 3 euro scaleway vps with 2 intel atom cores, 2GB ram and 50GB SSD. These graphs from New Relci at the time of testing

https://rpm.newrelic.com/public/charts/6Esp26alY6R
https://rpm.newrelic.com/public/charts/8bYlIM8F8gl
https://rpm.newrelic.com/public/charts/9FqmKU12fJj

Offline
*
madbradjohnson could you write short guide how to make NGINX listen on :443, please?

I tried to do it but it couldn't bind to this address.

Offline
*
I figured it out.

You have to disable apache listening on 443 in /usr/local/apache/conf.d/vhosts-ssl.conf (for example by removing it's content. BACKUP THIS FILE FIRST).

Then you have to add in the NGINX configuration file something like:

Code: [Select]
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;

Offline
*
I figured it out.

You have to disable apache listening on 443 in /usr/local/apache/conf.d/vhosts-ssl.conf (for example by removing it's content. BACKUP THIS FILE FIRST).

Then you have to add in the NGINX configuration file something like:

Code: [Select]
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;
I install nginx using option
Apache & Nginx Reverse Proxy (Nginx on port 80 and apache on port 8181)
After installation I've got this status:
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      25120/httpd         
tcp        0      0 xxx.xxx.194.99:80           0.0.0.0:*                   LISTEN      25140/nginx         
tcp        0      0 0.0.0.0:8181                0.0.0.0:*                   LISTEN      25120/httpd
What I have to change in my configuration files to make apache using nginx?..
I have 2 websites with different SSL certificates.
Sorry I am new into CWP.
« Last Edit: October 20, 2016, 11:51:36 PM by Pegasus »

Offline
*
I have just setup a VPS at scaleway. Running CWP.

I have install Varnish:80, NGINX:82 &:443, Apache :8181.

I setup a test WP site. Setup with Letsencrpyt certs. Setup Nginx with Http2. Using PHP7.

I test my site and it hits the varnish cache.

On pingdom I get faster than 92% of tested websites. (No caching plugins yet) http://tools.pingdom.com/fpt/ch6gYR/https://test.mariselaveludo.com

I loaded up 100 VU's from loadimpact over 3 different locations over a 5min period, results:

Page 1   Aggregated (World)   Auto generated from test.mariselaveludo.com   549   238.9ms   2.66s   3.74s   Add graph
Page 1   Ashburn, US (Amazon)   Auto generated from test.mariselaveludo.com   192   825.47ms   952.58ms   1.97s   Add graph
Page 1   Dublin, IE (Amazon)   Auto generated from test.mariselaveludo.com   190   238.9ms   283.49ms   466.53ms   Add graph
Page 1   Sydney, AU (Amazon)   Auto generated from test.mariselaveludo.com   167   3.28s   3.4s   3.74s   Add graph

Here is my varnishstat from that period:

Uptime mgt:     0+01:55:02                                                                                              Hitrate n:       10      100     1000
Uptime child:   0+01:55:02                                                                                                 avg(n):   0.0000   0.2450   0.2331

    NAME                                                                       CURRENT        CHANGE       AVERAGE        AVG_10       AVG_100      AVG_1000
MAIN.uptime                                                                 0+01:55:02
MAIN.sess_conn                                                                    4889          0.00           .            0.00          5.03          3.56
MAIN.client_req                                                                   4908          0.00           .            0.00          5.03          3.57
MAIN.cache_hit                                                                    4665          0.00           .            0.00          5.03          3.56
MAIN.cache_miss                                                                     46          0.00           .            0.00          0.00          0.00
MAIN.backend_reuse                                                                  49          0.00           .            0.00          0.00          0.00
MAIN.backend_recycle                                                                63          0.00           .            0.00          0.00          0.00


You can see that it hits Varnish cache. So I dont see a problem enabling https site wide.

Hey madbradjohnson, can you give me your nginx config? such as /etc/nginx/conf.d/yourdomain.com.conf

Offline
***
Yes, varnish does not support SSL.
However, you can set
nginx SSL : port 443 (as proxy server). You force https across domain at this step. Don't force https at back-end (Apache). Search Google how to force https on nginx
varnish : cache server
apache : backend

Visitor -> Nginx (https) -> Varnish -> Apache (dont force https using .htaccess at this step)

I confirm had been succeeding install https together with varnish. Please note, varnish only caches static content (images,js, CSS , html, text...), if you want to cache dynamic content, you need to cache it on your back-end first.

« Last Edit: February 17, 2018, 06:05:29 PM by locvfx »