If you are looking for ssl termination on varnish, i would assume you have enough knowledge of configuring varnish and looking into this you must be able to configure ssl termination including Client-IP forwarding.
Default location with 444 error would make sense to forward any unwated traffic, you may want to google it around if its not already in www.ashishnepal.com 😉
server {
### server port and name ###
listen 192.168.1.24:443;
ssl on;
server_name www.tikejhya.com;
### SSL log files ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
### SSL cert files ###
ssl_certificate /var/certs/tikejhya.com.crt;
ssl_certificate_key /var/certs/tikejhya.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
# Pass the request on to Varnish.
proxy_pass http://127.0.0.1;
# Pass a bunch of headers to the downstream server, so they’ll know what’s going on.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Most web apps can be configured to read this header and understand that the current session is actually HTTPS.
proxy_set_header X-Forwarded-Proto https;
# We expect the downsteam servers to redirect to the right hostname, so don’t do any rewrites here.
proxy_redirect off;
}
}