Fertusco opened a new issue #1547: Nginx + Pagespeed + Varnish over SSL URL: https://github.com/apache/incubator-pagespeed-ngx/issues/1547 I'm running Nginx on port 80 redirecting (301) all traffic to the port 443 over SSL. This way, I proxy_pass to the Varnish on port 6081, witch send back the cached content or use Nginx on port 8000 as Backend. The ngx_pagespeed is "On" on server directive over port 443 and "Off" on server directive over port 8000. In that case, the ngx_pagespeed optimize the content delivered by varnish over the port 443. Is this a good approach? Redirect to SSL ``` server { listen 80; server_name www.mydomain.com.br mydomain.com.br; return 301 https://www.mydomain.com.br$request_uri; } ``` Server 443 SSL ``` server { listen 443 default ssl http2; server_name www.mydomain.com.br; ssl_certificate /etc/letsencrypt/live/mydomain.com.br/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mydomain.com.br/privkey.pem; access_log /srv/www/mydomain.com.br/logs/nginx.log main; error_log /srv/www/mydomain.com.br/logs/error.log; pagespeed on; pagespeed Domain https://www.griferelogios.com.br; pagespeed LoadFromFileMatch "^https?://www.griferelogios.com.br/" "/srv/www/griferelogios.com.br/public_html/"; pagespeed LoadFromFileRuleMatch allow \.css$; pagespeed LoadFromFileRuleMatch allow \.jpe?g$; pagespeed LoadFromFileRuleMatch allow \.png$; pagespeed LoadFromFileRuleMatch allow \.gif$; pagespeed LoadFromFileRuleMatch allow \.js$; location / { ## Execute PHP scripts proxy_pass http://127.0.0.1:6081; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTPS "on"; proxy_set_header Ssl-Offloaded "1"; proxy_set_header X-Forwarded-Proto $scheme; } } ``` Backend ``` server { listen 8000; server_name www.mydomain.com.br; access_log /srv/www/mydomain.com.br/logs/nginx.log main; error_log /srv/www/mydomain.com.br/logs/error.log; root /srv/www/mydomain.com.br/public_html; pagespeed off; location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; } location ~ "^/pagespeed_static/" { } location ~ "^/ngx_pagespeed_beacon$" { } location / { index index.html index.php; ## Allow a static html file to be shown first try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler expires 30d; ## Assume all files are cachable } ## These locations would be hidden by .htaccess normally location ^~ /app/ { deny all; } location ^~ /includes/ { deny all; } location ^~ /lib/ { deny all; } location ^~ /media/downloadable/ { deny all; } location ^~ /pkginfo/ { deny all; } location ^~ /report/config.xml { deny all; } location ^~ /var/ { deny all; } location ~* /rss/order/new { return 403; } location ~* /rss/catalog/notifystock { return 403; } location ~* /rss/catalog/review { return 403; } location ^~ /downloader/ { deny all; } location /var/export/ { ## Allow admins only to view export folder auth_basic "Restricted"; ## Message shown in login window auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword autoindex on; } location /. { ## Disable .htaccess and other hidden files return 404; } location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; allow all; } location @handler { ## Magento uses a common front handler rewrite / /index.php; } location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler rewrite ^(.*.php)/ $1 last; } location /home { rewrite ^ http://www.griferelogios.com.br permanent; } location ~ .php$ { ## Execute PHP scripts if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss expires off; ## Do not cache dynamic content fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores fastcgi_param MAGE_RUN_TYPE store; fastcgi_buffer_size 256k; fastcgi_buffers 8 256k; fastcgi_param HTTPS "on"; include fastcgi_params; ## See /etc/nginx/fastcgi_params } } ``` Ps: Varnish doesn't cache the content over "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" passing by directly to the backend.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services