I have a server on Ubuntu 20.04.6 using Nginx with ssl and Varnish 6.2.1. I'm getting the error:
400 Bad Request The plain HTTP request was sent to HTTPS port nginx/1.18.0 (Ubuntu)
My /etc/nginx/sites-available/file:
server {
listen 91 ssl http2;
server_name my_site_name;
# varnish proxy
location / {
proxy_pass http://127.0.0.1:6081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/my_site_name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my_site_name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
My /etc/varnish/default.vcl:
vcl 4.0;
backend default {
.host = "my_https_site";
.port = "85";
}
sub vcl_recv {
if (client.ip != "127.0.0.1" && req.http.host ~ "my_host.by") {
set req.http.x-redir = "https://my_https_site" + req.url;
return(synth(850, ""));
}
}
sub vcl_deliver {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 301;
return (deliver);
}
}
My /etc/default/varnish:
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
As I see the result from command varnishstat works fine, receive the data.
Varnish log (backend "varnishlog -b"):
* << BeReq >> 98394
- Begin bereq 98393 fetch
- VCL_use boot
- Timestamp Start: 1682520086.557505 0.000000 0.000000
- BereqMethod GET
- BereqURL /
- BereqProtocol HTTP/1.1
- BereqHeader Host: my_host
- BereqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- BereqHeader sec-ch-ua-mobile: ?0
- BereqHeader sec-ch-ua-platform: "Linux"
- BereqHeader upgrade-insecure-requests: 1
- BereqHeader user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- BereqHeader accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
- BereqHeader sec-fetch-site: none
- BereqHeader sec-fetch-mode: navigate
- BereqHeader sec-fetch-user: ?1
- BereqHeader sec-fetch-dest: document
- BereqHeader accept-language: en-US,en;q=0.9,ru;q=0.8
- BereqHeader X-Forwarded-For: 127.0.0.1
- BereqHeader Accept-Encoding: gzip
- BereqHeader X-Varnish: 98394
- VCL_call BACKEND_FETCH
- VCL_return fetch
- BackendOpen 26 default 181.122.19.2 85 181.122.19.2 33736
- BackendStart 181.122.19.2 85
- Timestamp Bereq: 1682520086.557843 0.000338 0.000338
- Timestamp Beresp: 1682520086.558193 0.000688 0.000350
- BerespProtocol HTTP/1.1
- BerespStatus 400
- BerespReason Bad Request
- BerespHeader Server: nginx/1.18.0 (Ubuntu)
- BerespHeader Date: Wed, 26 Apr 2023 14:41:26 GMT
- BerespHeader Content-Type: text/html
- BerespHeader Content-Length: 666
- BerespHeader Connection: close
- TTL RFC -1 10 0 1682520087 1682520087 1682520086 0 0 cacheable
- VCL_call BACKEND_RESPONSE
- TTL VCL 120 10 0 1682520087 cacheable
- TTL VCL 120 10 0 1682520087 uncacheable
- VCL_return deliver
- Filters
- Storage malloc Transient
- Fetch_Body 3 length stream
- BackendClose 26 default
- Timestamp BerespBody: 1682520086.558474 0.000969 0.000281
- Length 666
- BereqAcct 657 0 657 161 666 827
- End
Client log:
* << Request >> 98399
- Begin req 98398 rxreq
- Timestamp Start: 1682521060.864589 0.000000 0.000000
- Timestamp Req: 1682521060.864589 0.000000 0.000000
- VCL_use boot
- ReqStart 127.0.0.1 35458 a0
- ReqMethod GET
- ReqURL /favicon.ico
- ReqProtocol HTTP/1.1
- ReqHeader Connection: upgrade
- ReqHeader Host: my_host
- ReqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- ReqHeader sec-ch-ua-mobile: ?0
- ReqHeader user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- ReqHeader sec-ch-ua-platform: "Linux"
- ReqHeader accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
- ReqHeader sec-fetch-site: same-origin
- ReqHeader sec-fetch-mode: no-cors
- ReqHeader sec-fetch-dest: image
- ReqHeader referer: https://alva.by:91/
- ReqHeader accept-encoding: gzip, deflate, br
- ReqHeader accept-language: en-US,en;q=0.9,ru;q=0.8
- ReqHeader X-Forwarded-For: 127.0.0.1
- VCL_call RECV
- VCL_return hash
- ReqUnset accept-encoding: gzip, deflate, br
- ReqHeader Accept-Encoding: gzip
- VCL_call HASH
- VCL_return lookup
- VCL_call MISS
- VCL_return fetch
- Link bereq 98400 fetch
- Timestamp Fetch: 1682521060.865292 0.000702 0.000702
- RespProtocol HTTP/1.1
- RespStatus 400
- RespReason Bad Request
- RespHeader Server: nginx/1.18.0 (Ubuntu)
- RespHeader Date: Wed, 26 Apr 2023 14:57:40 GMT
- RespHeader Content-Type: text/html
- RespHeader Content-Length: 666
- RespHeader X-Varnish: 98399
- RespHeader Age: 0
- RespHeader Via: 1.1 varnish (Varnish/6.2)
- VCL_call DELIVER
- VCL_return deliver
- Timestamp Process: 1682521060.865304 0.000715 0.000012
- Filters
- RespHeader Connection: keep-alive
- Timestamp Resp: 1682521060.865364 0.000775 0.000061
- ReqAcct 568 0 568 224 666 890
- End
I tried lots of things such as changing default.vcl file, changing sites-available's file and so on.
P.S. Ports are opened.
I solved the problem. It's because I use NOT Varnish Enterprise, it's not free. But, I realize how to work with that on my PC with nginx. So there is some notes (maybe it'll help someone).
How do requests work with nginx?
You send request to your remote (or local) server with a defined port (for example 80) via a web browser -> "https://myServer:80"
Then nginx sends it to varnsih on 6081 port (by default)
Varnish does its logic and sends it forward to your backend localhost
Then it goes on reverse path.
So, if you worked with your site you wouldn't use other remote origins for cashing, right?
So, in /etc/varnish/default.vcl use http protocol.
P.S. Now I'm researching how I can use varnish with docker, bcz docker use its own network.
Hope, that will help someone