Magento 2 Full SSL with Varnish

Recently at Magebit we had customer with a heavily visited site that had a few seconds load time on its newly built Magento 2 site. Many parts that could be cached were not. The customer was upset that nobody would install Varnish for him as it does not support full SSL sites.

That is not true! You can use Varnish with full SSL Magento 2 site.

I did not find any explanatory posts about this so I wrote one. Hope it will help you understand why the proxy webserver is needed and how to make the Varnish work with your site that has all pages served securely via SSL.

While Varnish does not support SSL directly, it is possible to use the powerful Varnish cache features using nginx as a proxy. Below you can see an overview of a setup with Nginx and Varnish for full SSL Magento 2 site.

Magento 2 supports Varnish by default, no additional modules are needed for that. You just need a webserver that can act as a proxy and Varnish that will connect to Magento. We used nginx webserver.

Let’s go deeper in the steps mentioned above.

1. Visitor goes to your site

When a visitor connects to your website over SSL (with https://), the request goes to nginx webserver. The nginx webserver works as a proxy and passes the request to Varnish. If the visitor connects without SSL then he would be redirected to the SSL url via Varnish.

2. Request goes to Varnish

Now, Varnish will check if the request has cache or not (often described as Varnish HIT or MISS). Here the request goes further to the Magento 2 to get the response data if it is not in Varnish cache. If it is cached, Varnish will pass the cached data to nginx without a request to Magento.

3. Passing data back to nginx

This is pretty straight-forward. Once Varnish has a response it will be passed back to nginx so it can pass it forward to the visitor. This is required as Varnish does not support SSL directly. That is the reason nginx needs to stand in between so it can pass the response to the visitor over SSL.

4. Delivering the response to the visitor

Again, pretty simple here. Once nginx has the response data, it just needs to pass it over to the visitor over SSL securely as Varnish is not made for secure SSL responses.

Configuration

If you are a developer or just interested in the configurations we used for the solution mentioned above, here they are (but modified for this post, they are much more complex on the production environment we set them up on).

Varnish launch options:

DAEMON_OPTS="-a :80 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,1024m"

Varnish default.vcl should be exported from Magento 2 admin panel.

Nginx configuration for non-SSL:server { server_name example.com; listen 8080; set $MAGE_ROOT /var/www; set $MAGE_MODE production; include /var/www/nginx.conf.sample; }

Nginx configuration for SSL:server { server_name example.com; listen 443 ssl http2; ssl_certificate ....; ssl_certificate_key ....; location / { proxy_pass http://127.0.0.1; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; } }

Make sure you have enabled Varnish as a full page cache option in Magento admin panel and enjoy your fast site.

Need help? Feel free to get in touch with our 24/7 Magento support team via info@magebit.com and get somebody to set up Varnish with nginx as a proxy for you.