{"id":618,"date":"2013-01-19T19:59:33","date_gmt":"2013-01-19T18:59:33","guid":{"rendered":"http:\/\/blog.jeremm.fr\/?p=618"},"modified":"2014-09-24T21:12:01","modified_gmt":"2014-09-24T19:12:01","slug":"cache-https-avec-varnish-et-pound","status":"publish","type":"post","link":"https:\/\/blog.jeremm.fr\/?p=618","title":{"rendered":"Cache HTTPS avec varnish et pound"},"content":{"rendered":"

Varnish ne supporte pas le https, si vous voulez quand m\u00eame l’utiliser il faut mettre un autre reverse-proxy devant qui supporte le https.
\nOn peut utiliser pound.
\n– Installation :<\/p>\n

apt-get install pound<\/pre>\n
– Activation : <\/p>\n
sed -i 's\/startup=0\/startup=1\/' \/etc\/default\/pound <\/pre>\n
– Configuration \/etc\/pound\/pound.cfg :<\/p>\n
## see pound(8) for details\r\n\r\nUser            \"www-data\"\r\nGroup           \"www-data\"\r\n\r\nLogLevel        0\r\n\r\nAlive           30\r\nTimeOut 120\r\nConnTO 5\r\nGrace 120\r\n\r\nControl \"\/var\/run\/pound\/poundctl.socket\"\r\n\r\n## listen, redirect and ... to:\r\nListenHTTPS\r\n        Address 0.0.0.0\r\n        Port    443\r\n        Cert    \"\/etc\/ssl\/blog.jeremm.fr.pem\"\r\n        xHTTP           0\r\n        AddHeader \"X-Forwarded-Proto: https\"\r\n        Service\r\n                BackEnd \r\n                        Address 127.0.0.1\r\n                        Port    80\r\n                End\r\n                Session\r\n                        Type IP\r\n                        TTL 60\r\n                End\r\n        End\r\nEnd\r\n<\/pre>\n
– Le fichier pem doit contenir dans l’ordre : la cl\u00e9 priv\u00e9e, le certificat, le certificat de l’autorit\u00e9 de certification.
\n– Au niveau du backend, il faut mettre l’ip et le port o\u00f9 se trouve le varnish.
\n– D\u00e9finissez plusieurs blocs Backend pour load-balancer les requ\u00eates sur 2 varnishs.<\/p>\n
Au niveau du varnish, ajoutez dans le vcl_recv :<\/p>\n
if (!req.http.x-forwarded-proto) {<\/pre>\n
 et <\/p>\n
}<\/pre>\n
 autour du bloc qui ajoute le X-Forwarded-For car il est d\u00e9j\u00e0 ajout\u00e9 par pound.<\/p>\n
Ajoutez ensuite dans le vcl_hash : <\/p>\n
if (req.http.x-forwarded-proto) {\r\n        hash_data(req.http.x-forwarded-proto);\r\n}<\/pre>\n
Ensuite au niveau du code il faut que les liens et appels \u00e0 d’autres objets (images,css,js,…) se fassent en https.
\nSouvent les codes php le font d\u00e9j\u00e0 en d\u00e9tectant le protocole gr\u00e2ce \u00e0 <\/p>\n
$_SERVER['HTTPS'] ou $_SERVER['SERVER_PORT']<\/pre>\n
Il faut utiliser le <\/p>\n
$_SERVER['HTTP_X_FORWARDED_PROTO'])<\/pre>\n
Ou ajouter sur le vhost apache2 :<\/p>\n
SetEnvIf X-Forwarded-Proto https HTTPS on<\/pre>\n
P.S. (20\/01\/2013) : La version 2.5 de pound fournie par les d\u00e9p\u00f4ts squeeze semble avoir une fuite m\u00e9moire. Pr\u00e9f\u00e9rez la version 2.6 qu’il faudra compiler http:\/\/www.apsis.ch\/pound\/Pound-2.6.tgz<\/p>\n","protected":false},"excerpt":{"rendered":"
Varnish ne supporte pas le https, si vous voulez quand m\u00eame l’utiliser il faut mettre un autre reverse-proxy devant qui supporte le https. On peut utiliser pound. – Installation : apt-get install pound – Activation : sed -i ‘s\/startup=0\/startup=1\/’ \/etc\/default\/pound – Configuration \/etc\/pound\/pound.cfg : ## see pound(8) for details User \u00ab\u00a0www-data\u00a0\u00bb Group \u00ab\u00a0www-data\u00a0\u00bb LogLevel 0 […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[72,71,9],"_links":{"self":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/618"}],"collection":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=618"}],"version-history":[{"count":34,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/618\/revisions"}],"predecessor-version":[{"id":884,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/618\/revisions\/884"}],"wp:attachment":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}