Magento 2 with Varnish Termination working but can't force HTTPS

markos · June 29, 2018, 8:40am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: leptokaropoulos.gr

I ran this command: Want to force HTTPS

It produced this output: My site has a warning in https://www.whynopadlock.com

My web server is (include version): Server version: Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

_az · June 29, 2018, 8:42am

markos · June 29, 2018, 8:43am

hey buddy. Good to see you again

markos · June 29, 2018, 8:47am

I used to have both base URLs (secure and unsecure) set to HTTPS but that gave me an error (redirect loop).

Now I have set the secure URL to https://lepto… and the unsecure to //lepto… (that worked fine at the time, and I had no error in whynotpadlock)

_az · June 29, 2018, 8:49am

You will probably need to forward X-Forwarded-Proto: http/https through Apache and Varnish through to Magento, otherwise Magento will not have any way of knowing what the actual protocol in-use is.

1. In your Apache HTTPS VirtualHost:

RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}

2. In your Apache HTTP VirtualHost:

SetEnvIf X-Forwarded-Proto https HTTPS=on

(Varnish should pass-through the header between the HTTPS and HTTP listener without losing/changing it … hopefully).

markos · June 29, 2018, 8:52am

I think I see what you are saying. Will take a look and report back.

Quick question. I need to redirect to a non-www version of the site also. Could I tackle both problems in the same manner?

_az · June 29, 2018, 8:58am

I updated my post with a suggested plan of action for what I remember from your previous thread.

The redirect thing, I dunno. You could realistically handle it at any level (HTTPS listener, Varnish or HTTP listener). It should be a pretty basic Apache rewrite.

markos · June 29, 2018, 9:20am

Well this is embarrassing but I wasn’t forcing HTTPS from Magento’s admin. There was also the option to set X-Forwarded-Proto

I think now I am all set. I will look into redirecting to non-www version.

PS. How could I tell if my certificate is updating? From Why not Padlock I see that the expiration date is in 50+ days so I think that it is updating.

_az · June 29, 2018, 9:21am

You could try certbot renew --dry-run to see whether it would renew successfully.

It should only be getting renewed at <30 days validity remaining.

markos · June 29, 2018, 9:54am

The certbot is renewing. My question was about the cron job. Anyway it probably is renewing

markos · June 29, 2018, 10:26am

Should I be worried that when giving http://leptokaropoulos.gr in Edge it isn’t redirecting to HTTPS?

system · July 29, 2018, 10:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.