Hello,
I dont know if this is possible or not but what I would like to do is configure nginx to act as both the SSL wrapper AND webserver for my magento website.
I followed these instructions: https://github.com/nexcess/magento-turpentine/issues/35
But what I find insane is that nginx is only being used as a reverse proxy and ssl, I'd like to ditch apache in favor of nginx altogether. To do this, I have to figure out how to configure nginx to act as both roles.
I've done different ports in the configuration but I get bad request.
Here is a visual:
nginx port 443 ----> varnish 6081 ----> nginx port 8080 (ssl)
Here is a sample of the configuration - is there anything obvious? or do I need to configure a seperate machine in order to achieve this?
website.conf
==============
upstream varnish {
server 127.0.0.1:6081;
server 127.0.0.1:8080 backup;
}
server {
server_name website.com www.website.com;
listen 443;
root /home/website/public_html;
index index.html index.htm index.php;
try_files $uri $uri/ @handler;
expires 30d;
}
ssl on;
ssl_certificate /home/website/server.crt;
ssl_certificate_key /home/website/server.key;
include conf.d/default_ssl_options.conf.inc;
include conf.d/magento_proxy_pass.conf.inc;
}
server {
server_name website.com www.website.com;
listen 8080 ssl;
root /home/website/public_html;
index index.html index.htm index.php;
try_files $uri $uri/ @handler;
expires 30d;
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
access_log /var/log/virtualmin/ncds.ca_access_log;
error_log /var/log/virtualmin/ncds.ca_error_log;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /home/ncds/public_html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /home/ncds/public_html;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/php-nginx/146819597818248.sock/socket;
}
ssl on;
ssl_certificate /home/website/server.crt;
ssl_certificate_key /home/website/server.key;
====
Thank you
SR
I dont know if this is possible or not but what I would like to do is configure nginx to act as both the SSL wrapper AND webserver for my magento website.
I followed these instructions: https://github.com/nexcess/magento-turpentine/issues/35
But what I find insane is that nginx is only being used as a reverse proxy and ssl, I'd like to ditch apache in favor of nginx altogether. To do this, I have to figure out how to configure nginx to act as both roles.
I've done different ports in the configuration but I get bad request.
Here is a visual:
nginx port 443 ----> varnish 6081 ----> nginx port 8080 (ssl)
Here is a sample of the configuration - is there anything obvious? or do I need to configure a seperate machine in order to achieve this?
website.conf
==============
upstream varnish {
server 127.0.0.1:6081;
server 127.0.0.1:8080 backup;
}
server {
server_name website.com www.website.com;
listen 443;
root /home/website/public_html;
index index.html index.htm index.php;
try_files $uri $uri/ @handler;
expires 30d;
}
ssl on;
ssl_certificate /home/website/server.crt;
ssl_certificate_key /home/website/server.key;
include conf.d/default_ssl_options.conf.inc;
include conf.d/magento_proxy_pass.conf.inc;
}
server {
server_name website.com www.website.com;
listen 8080 ssl;
root /home/website/public_html;
index index.html index.htm index.php;
try_files $uri $uri/ @handler;
expires 30d;
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
access_log /var/log/virtualmin/ncds.ca_access_log;
error_log /var/log/virtualmin/ncds.ca_error_log;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /home/ncds/public_html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /home/ncds/public_html;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/php-nginx/146819597818248.sock/socket;
}
ssl on;
ssl_certificate /home/website/server.crt;
ssl_certificate_key /home/website/server.key;
====
Thank you
SR