Varnish在使用SSL终止Nginx的子页面上不起作用

Question

我在设置Varnish和Nginx SSL终止方面遇到了一个非常奇怪的问题。

对于主页（mywebsite.com），http（重定向到https）和https与Varnish的配合良好。检查主页标题时，我可以看到Varnish缓存正在工作，并且带有年龄标题的MISS和HIT。

但是，当检查子页面时，我只能看到这样的标题：

HTTP/1.1 301 Moved Permanently
Date: Sun, 01 Jul 2018 12:54:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=; expires=Mon, 01-Jul-19 12:54:43 GMT; path=/; domain=.mywebsite.com; HttpOnly
X-Varnish: 65542
Location: https://mywebsite.com/subpage/
Server: cloudflare
CF-RAY:

HTTP/1.1 200 OK
Date: Sun, 01 Jul 2018 12:54:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: __cfduid=; expires=Mon, 01-Jul-19 12:54:43 GMT; path=/; domain=.mywebsite.com; HttpOnly
Vary: Accept-Encoding, Cookie
X-Powered-By: PHP/7.0.28
Link: <https://mywebsite.com/wp-json/>; rel="https://api.w.org/"
Cache-Control: public, max-age=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY:

我已经搜索了很多，但是几乎找不到任何原因。我不知道为什么因为http版本显示Varnish可以正常工作，但在https版本中却不能。

请至少帮助我找出此问题的原因。

这是我的配置：

Nginx服务器块：

# HTTP server
server {
    listen 81;
    server_name  localhost;
    include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}
include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-vhosts.conf";

# HTTPS server
server {
   listen       443 ssl;
   server_name  localhost;
   ...
   location / {
        proxy_pass http://127.0.0.1:80;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Host $host;
        proxy_set_header HTTPS "on";
        proxy_redirect off;
        proxy_http_version 1.1;
   }
   #include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";
   include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}

这是我的vcl文件：

...
sub vcl_recv {
    ...
    #Redirect
    if ( (req.http.host ~ "^(?i)www.mywebsite.com" || req.http.host ~ "^(?i)mywebsite.com") && req.http.X-Forwarded-Proto !~ "(?i)https") {
                return (synth(750, ""));
    }
    # Remove has_js and Cloudflare/Google Analytics __* cookies.
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
    # Remove a ";" prefix, if present.
    set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
    ...
}

sub vcl_synth {
    if (resp.status == 750) {
        set resp.status = 301;
        set resp.http.Location = "https://mywebsite.com" + req.url;
        return(deliver);
    }
}

sub vcl_hash {
    hash_data(req.url);
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }
    return (lookup);
}

我在nginx配置的http中也有此块：

#config for Cloudflare
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 127.0.0.1;
#use any of the following two
#real_ip_header CF-Connecting-IP;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

这是wp-config.php中的内容：

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
     $_SERVER['HTTPS']='on';
define('FORCE_SSL_ADMIN', true);