Configuring SSL with Varnish in Magento 2

Configuring Varnish with SSL for Magento 2 can be a bit complex because Varnish traditionally does not handle SSL/TLS termination. To achieve SSL with Varnish in Magento 2, you typically use an SSL termination proxy (like Nginx or Apache) in front of Varnish. Here are the steps to set up Magento 2 with Varnish and SSL:

1. Set up an SSL/TLS Termination Proxy:

Install and configure a web server (e.g., Nginx or Apache) to handle SSL/TLS termination. This server will be responsible for SSL encryption and decryption. Here’s a simplified example using Nginx:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /path/to/your/ssl-certificate.crt;
    ssl_certificate_key /path/to/your/ssl-certificate.key;

    # Other SSL settings...

    location / {
        proxy_pass http://varnish_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Additional SSL-related settings...
}

Replace yourdomain.com, /path/to/your/ssl-certificate.crt, and /path/to/your/ssl-certificate.key with your actual domain and SSL certificate paths. Make sure to configure SSL settings according to your specific requirements.

2. Configure Magento 2 to Use the SSL/TLS Termination Proxy:

In your Magento 2 admin panel:

  • Go to Stores > Configuration.
  • Under General, select Web.
  • In the Base URLs (Secure) section, set the “Secure Base URL” to your HTTPS URL (e.g., https://yourdomain.com/).
  • Set “Use Secure URLs on Storefront” and “Use Secure URLs in Admin” to “Yes.”
  • Save the configuration.

3. Configure Varnish to Use the SSL/TLS Termination Proxy:

In your Varnish configuration (usually found in /etc/varnish/default.vcl), ensure that Varnish communicates with your SSL termination proxy (Nginx or Apache). For example:

backend default {
    .host = "127.0.0.1";
    .port = "8080"; // Adjust to match your proxy configuration.
}

Here, Varnish communicates with the SSL termination proxy over HTTP on port 8080.

4. Restart Services:

After making these changes, restart Nginx, Varnish, and your Magento 2 web server to apply the configurations:

sudo systemctl restart nginx
sudo systemctl restart varnish
sudo systemctl restart php-fpm  # Or your PHP service.

5. Test SSL Configuration:

Verify that your website is accessible over HTTPS, and check that SSL termination is working correctly.

6. Monitor and Optimize:

Regularly monitor your Magento store’s performance and SSL configuration to ensure everything is working as expected. Optimize as needed for better performance and security.

Please note that this is a simplified guide, and the exact steps may vary based on your server setup, SSL certificate provider, and Magento version. Always consult your specific server and Magento documentation for the most accurate instructions. Additionally, consider using a Content Delivery Network (CDN) for further performance optimization and SSL support.