A Symfony 2.3 app is on a web server with nginx over port 80. Varnish4 is running on a front-end server on port 80 with Nginx on port 443 as an SSL terminator. This is also tested with Varnish3 with the same results. Mostly this works very well!
After a few minutes some of the ESIs return a 403 Forbidden error with full Symfony template. I believe this is happening when cached fragments expire.
I can force the issue by:
- Restarting Varnish to clear the cache
- Loading a page over HTTP (all OK)
- Loading the page over HTTPS (all OK)
- Waiting for some ESIs to expire from cache
- Loading the page over HTTPS (error happens here)
- Loading the page over HTTP (all OK)
I can also force the issue by doing step 2 over HTTPS and step 5 over HTTP.
Therefore I believe the issue is related to the ESI protocol not matching the original page's protocol. Has anyone come across this problem before, or can help diagnose/fix?
Trusted proxies is the #1 culprit for 403 forbidden errors, but I have added 127.0.0.1 and the IP address of the front-end server to my trusted proxies list in app/config/config.yml. I can confirm things get far worse if I remove the trusted proxies list.
