Mise en place de vernis avec Nginx sur plusieurs sites

J’essayais de configurer Varnish 4.1 avec Nginx 1.12.2 sur Ubuntu 16.04 ces deux derniers jours. Je lis la documentation et de nombreuses sources différentes mais je n’arrive pas à bien comprendre. Le site Web est dans une boucle de redirection et lorsque j’utilise la commande: varnishd -f /etc/varnish/default.vcl -d Je reçois cette erreur: Impossible d’ouvrir le socket:: 80: Adresse déjà utilisée.

Pour clarifier, j’essaie de configurer nginx pour recevoir HTTPS (également HTTP redirec vers HTTPS) pour l’envoyer à Varnish, puis retourner à nginx si un cache manque. Merci d’avance à tous ceux qui peuvent me diriger dans la bonne direction.

J’ai configuré mon nginx pour qu’il ressemble à ceci (/etc/nginx/sites-available/fujiorganics.com):

server { listen 80; listen 443 ssl http2; # managed by Certbot ssl_certificatee /etc/letsencrypt/live/fujiorganics.com/fullchain.pem; # managed by Certbot ssl_certificatee_key /etc/letsencrypt/live/fujiorganics.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot if ($scheme != "https") { return 301 https://$host$request_uri; } # managed by Certbot root /var/www/fujiorganics.com/html; index index.php index.html index.htm; server_name fujiorganics.com www.fujiorganics.com; # Proxy Pass to Varnish # Add headers to recognize SSL location / { proxy_pass http://127.0.0.2; # Pass a bunch of headers to the downstream server, so they'll know what's going on. proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Most web apps can be configured to read this header and understand that the current session is actually HTTPS. proxy_set_header X-Forwarded-Proto https; # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here. proxy_redirect off; } } 

Et mes fichiers de configuration de vernis ressemblent à ceci (/etc/varnish/default.vcl):

• Problème de serveur NGinx
• Délais de demande sur les blocs de serveur DigitalOcean NGINX
• Nginx sert du contenu statique derrière la page authentifiée
• nginx: Refuser tous les fichiers dans le répertoire
• obtenir “expérience de cartographie en nuage” et demande POST inattendue sur le serveur dans le journal nginx

  vcl 4.0; # List of upstream proxies we trust to set X-Forwarded-For correctly. backend default { .host = "127.0.0.1"; .port = "8080"; } backend fujiorganics { .host = "127.0.0.2"; .port = "8080"; } sub vcl_recv { # Remove any Google Analytics based cookies set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", ""); # Remove Optimizely Cookies set req.http.Cookie = regsuball(req.http.Cookie, "optim.=[^;]+(; )?", ""); # Remove Gauges Cookies set req.http.Cookie = regsuball(req.http.Cookie, "_gau.=[^;]+(; )?", ""); # Remove a ";" prefix in the cookie if present set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", ""); # Are there cookies left with only spaces or that are empty? if (req.http.cookie ~ "^\s*$") { unset req.http.cookie; } if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { /* Non-RFC2616 or CONNECT which is weird. */ return (pipe); } if (req.method != "GET" && req.method != "HEAD") { /* We only deal with GET and HEAD by default */ return (pass); } if ( (req.http.host ~ "^(?i)fujiorganics.com") && req.http.X-Forwarded-Proto !~ "(?i)https") { set req.backend_hint = fujiorganics; set req.http.x-redir = "https://" + req.http.host + req.url; return (synth(750, "")); } return (hash); } # handles redirecting from http to https sub vcl_synth { if (resp.status == 750) { set resp.status = 301; set resp.http.Location = req.http.x-redir; return(deliver); } } sub vcl_backend_response { set beresp.ttl = 10s; set beresp.grace = 1h; } sub vcl_deliver { if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed set resp.http.X-Cache = "HIT"; } else { set resp.http.X-Cache = "MISS"; } } 

Et ceci (/etc/systemd/system/varnish.service.d/customexec.conf):

 [Service] ExecStart= ExecStart=/usr/sbin/varnishd -a :8080 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s default,1G 

Enfin ce bloc serveur est contenu dans le même fichier que le premier lsited ci-dessus

 server { listen 8080; listen [::]:8080; root /var/www/fujiorganics.com/html; index index.php index.html index.htm; server_name 127.0.0.2; location / { try_files $uri $uri/ =404; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { include snippets/fastcgi-php.conf; # With php7.0-cgi alone: #fastcgi_pass 127.0.0.1:9000; # With php7.0-fpm: fastcgi_pass unix:/run/php/php7.2-fpm.sock; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } } 

Je peux confirmer que le site fonctionne parfaitement sans la redirection du vernis.

• URL insensible à la casse dans nginx
• Obtenir la chaîne de requête dans le site Web nginx et uwsgi
• Accédez à NGINX sur routeur depuis le WAN
• nginx répond avec 404 introuvable (application à une seule page)
• Pourquoi la page d’accueil de Nginx est-elle disponible même si je n’ai pas exécuté nginx?