I am currently running Varnish in front of apache for all http traffic. I added stunnel so as to take advantage of the cache for HTTPS connections as well. So, for HTTPS, stunnel talks to varnish which then talks to Apache.
The problem is that when varnish returns a cached page to stunnel, stunnel sends it through HTTPS to the client, but the rest of the resources, eg css files, js files, etc, are requested by the client through plain HTTP. I guess this is due to the cached pages containing links to the resources with just HTTP.
My questions are:
Is this a common problem with reverse ssl proxies?
Is there any way to prevent this form happening?
Let's say I have a domain, www.example.com, and I want it to be accessible only via HTTPS, and I also want http://www.example.com not to return 404 but to redirect to https://www.example.com. How can this be done avoiding loops (ie varnish redirecting to stunnel which then requests the page again from varnish through HTTP, which in turn redirects again to stunnel etc). Is there maybe any way for stunnel to insert a header that varnish will look for so as not to perform any redirect if the header is present?