简体   繁体   中英

apache + varnish + nginx + ssl + wordpress redirect all http traffic to https

I have a web server running centos 6.7 apache 2.2/whm varnish 4 and nginx. This is a shared server with many websites on it. I have varnish/apache taking care of all non-https request, and I have nginx taking care of any SSL terminations and then handing it off to varnish/apache. Everything is running great for http and https request except redirecting. I have e-commerce store that I want to force all http request to https request. I can't seem to get it to work properly. I've tried several different configurations inside my .htaccess file with no luck.

heres my current setup:


 # Default backend definition. Set this to point to your content server.
backend default {
    .host = "MY SERVERS IP";
    .port = "8080";

sub vcl_recv {

 # Remove any Google Analytics based cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");

  # Remove Optimizely Cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "optim.=[^;]+(; )?", "");
  # Remove Gauges Cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "_gau.=[^;]+(; )?", "");

  # Remove a ";" prefix in the cookie if present
  set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");

  # Are there cookies left with only spaces or that are empty?
  if (req.http.cookie ~ "^\s*$") {
    unset req.http.cookie;

   if (req.restarts == 0) {
    if (req.http.x-forwarded-for) {
      set req.http.X-Forwarded-For =
        req.http.X-Forwarded-For + ", " + client.ip;
      } else {
    set req.http.X-Forwarded-For = client.ip;

  if (req.method != "GET" &&
      req.method != "HEAD" &&
      req.method != "PUT" &&
      req.method != "POST" &&
      req.method != "TRACE" &&
      req.method != "OPTIONS" &&
      req.method != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
   if (req.method != "GET" && req.method != "HEAD") {
        /* We only deal with GET and HEAD by default */
      return (pass);

  if ( (req.http.host ~ "^(?i)smashing_ssl_one.tutorials.eoms") && req.http.X-Forwarded-Proto !~$
        set req.http.x-redir = "https://" + req.http.host + req.url;
        return (synth(750, ""));
 return (hash);

# handles redirecting from http to https
sub vcl_synth {
  if (resp.status == 750) {
    set resp.status = 301;
    set resp.http.Location = req.http.x-redir;

sub vcl_backend_response {
  set beresp.ttl = 10s;
  set beresp.grace = 1h;

sub vcl_deliver {
  if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disab$
    set resp.http.X-Cache = "HIT";
  } else {
    set resp.http.X-Cache = "MISS";


server {
    listen *:443 ssl;

    ssl on;
    server_name ampedlogic.com;
    ssl_certificate /etc/nginx/ssl/ampedlogic.com.crt;
    ssl_certificate_key /etc/nginx/ssl/ampedlogic.com.key;

    location / {
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;

        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Host $host;


      #Configuration file for varnish
      # /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
      # shell script fragment.

      # Maximum number of open files (for ulimit -n)

      # Locked shared memory (for ulimit -l)
      # Default log size is 82MB + header

      # Maximum number of threads (for ulimit -u)

      # Maximum size of corefile (for ulimit -c). Default in Fedora is 0
      # DAEMON_COREFILE_LIMIT="unlimited"

      # Set this to 1 to make init script reload try to switch vcl without restart.
      # To make this work, you need to set the following variables
      # use Alternative 3, Advanced configuration, below

      # This file contains 4 alternatives, please use only one.

      ## Alternative 1, Minimal configuration, no VCL
      # Listen on port 6081, administration on localhost:6082, and forward to
      # content server on localhost:8080.  Use a fixed-size cache file.
      #DAEMON_OPTS="-a :6081 \
      #             -T localhost:6082 \
      #             -b localhost:8080 \
      #             -u varnish -g varnish \
      #             -s file,/var/lib/varnish/varnish_storage.bin,1G"

      ## Alternative 2, Configuration with VCL
      # Listen on port 6081, administration on localhost:6082, and forward to
      # one content server selected by the vcl file, based on the request.  Use a
      # fixed-size cache file.
      #DAEMON_OPTS="-a :6081 \
      #             -T localhost:6082 \
      #             -f /etc/varnish/default.vcl \
      #             -u varnish -g varnish \
      #             -S /etc/varnish/secret \
      #             -s file,/var/lib/varnish/varnish_storage.bin,1G"

      ## Alternative 3, Advanced configuration
      # See varnishd(1) for more information.
      # # Main configuration file. You probably want to change it :)
      # # Default address and port to bind to
      # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
      # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
      # # Telnet admin interface listen address and port
       # # Shared secret file for admin interface
      # # The minimum number of worker threads to start
      # # The Maximum number of worker threads to start
      # # Idle timeout for worker threads
      # # Cache file size: in bytes, optionally using k / M / G / T suffix,
      # # or in percentage of available disk space using the % suffix.
      # # Backend storage specification
      # # Default TTL used when the backend does not specify one
      # # DAEMON_OPTS is used by the init script.  If you add or remove options, make
      # # sure you update this section, too.
      # # sure you update this section, too.
                   -f ${VARNISH_VCL_CONF} \
                   -t ${VARNISH_TTL} \
                   -p thread_pool_min=${VARNISH_MIN_THREADS} \
                   -p thread_pool_max=${VARNISH_MAX_THREADS} \
                   -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} \
                   -u varnish -g varnish \
                   -S ${VARNISH_SECRET_FILE} \
                   -s ${VARNISH_STORAGE}"

      ## Alternative 4, Do It Yourself. See varnishd(1) for more information.
      # DAEMON_OPTS=""


        if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

Put the following in your .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://host.com/$1 [L,R=301]

This will force all http requests inside of apache to redirect to https, preserving the URI

For any WordPress application write these line into wp-config.php file.

$_SERVER['HTTPS'] = "on";

For any PHP and laravel application write these line into .env file.

$_SERVER['HTTPS'] = "on";

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM