cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix HTTPS caching - config-script now processes all domain configs

Browse Source 
Critical Bug Fix:
- Config-script was incomplete, only fixing main nginx.conf
- HTTPS traffic was bypassing Varnish (went directly to Apache:444)
- Now processes all per-domain configs to force HTTP backend protocol
- Enables true HTTPS caching via SSL termination at Nginx

Technical Changes:
- Added per-domain config processing loop to config-script
- Forces http://apache_backend_http_IP for all traffic (HTTP and HTTPS)
- Replaces $scheme://apache_backend_${scheme}_IP pattern
- Logs domain count and modifications for troubleshooting

Performance at Scale:
- Processes 200 domains in ~2-3 seconds (single sed per file)
- Runs after ea-nginx rebuilds (SSL changes, domain adds, updates)
- Efficient enough for large multi-tenant servers

Documentation:
- Added "Performance at Scale" section with timing estimates
- Clarified HTTPS caching actually works now
This commit is contained in:
cschantz
2026-01-21 20:09:48 -05:00
parent 849a112b5c
commit 27567c62ac
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/performance/nginx-varnish-manager.sh
+36
View File
@@ -335,6 +335,42 @@ else
log_message "Configuration already correct (points to port 6081). No action needed."
fi
# ============================================================================
# Force HTTPS traffic to use HTTP backend protocol (enables HTTPS caching)
# ============================================================================
# This processes all per-domain configs to force HTTP backend for both
# HTTP and HTTPS traffic. Without this, HTTPS bypasses Varnish.
#
# Original: $scheme://apache_backend_${scheme}_IP (HTTP->HTTP, HTTPS->HTTPS)
# Modified: http://apache_backend_http_IP (both use HTTP backend)
# ============================================================================
log_message "Processing per-domain configs to force HTTP backend for HTTPS..."
domain_count=0
modified_count=0
# Process all per-domain config files
for config_file in /etc/nginx/conf.d/users/*.conf; do
[ -f "$config_file" ] || continue
domain_count=$((domain_count + 1))
# Check if this domain needs fixing (uses scheme-based backend)
if grep -q '\$scheme://apache_backend_\${scheme}_' "$config_file" 2>/dev/null; then
# Force HTTP backend protocol for all traffic (enables HTTPS caching)
if sed -i 's|\$scheme://apache_backend_\${\?scheme\?}_|http://apache_backend_http_|g' "$config_file" 2>/dev/null; then
modified_count=$((modified_count + 1))
fi
fi
done
if [ $modified_count -gt 0 ]; then
log_message "SUCCESS: Modified $modified_count of $domain_count domain configs to use HTTP backend"
log_message "HTTPS traffic now routes through Varnish (SSL terminates at Nginx, HTTP to backend)"
else
log_message "All $domain_count domain configs already use HTTP backend. No changes needed."
fi
log_message "=== Config Script Completed ==="
exit 0
EOFSCRIPT