Last active
May 3, 2022 10:02
-
-
Save clivewalkden/05d6ba30969722340ebc958ae63824c1 to your computer and use it in GitHub Desktop.
GCP Packer default nginx config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuration file for db-sync (https://github.com/clivewalkden/bash-magento2-db-sync) | |
| remote_host={{remote_host}} | |
| remote_domain={{remote_domain}} | |
| remote_port={{remote_port}} | |
| remote_username={{remote_username}} | |
| remote_magento_dir={{remote_magento_dir}} | |
| remote_backup_dir={{remote_backup_dir}} | |
| remote_shared_deployment_dir={{remote_shared_deployment_dir}} | |
| local_backup_dir={{local_backup_dir}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6 | |
| vcl 4.1; | |
| import std; | |
| # The minimal Varnish version is 6.0 | |
| # For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https' | |
| backend default { | |
| .host = "localhost"; | |
| .port = "8080"; | |
| .first_byte_timeout = 600s; | |
| .probe = { | |
| .url = "/health_check.php"; | |
| .timeout = 2s; | |
| .interval = 5s; | |
| .window = 10; | |
| .threshold = 5; | |
| } | |
| } | |
| acl purge { | |
| "localhost"; | |
| "127.0.0.1"; | |
| "::1"; | |
| } | |
| sub vcl_recv { | |
| # Remove empty query string parameters | |
| # e.g.: www.example.com/index.html? | |
| if (req.url ~ "\?$") { | |
| set req.url = regsub(req.url, "\?$", ""); | |
| } | |
| # Remove port number from host header | |
| set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); | |
| # Sorts query string parameters alphabetically for cache normalization purposes | |
| set req.url = std.querysort(req.url); | |
| # Remove the proxy header to mitigate the httpoxy vulnerability | |
| # See https://httpoxy.org/ | |
| unset req.http.proxy; | |
| # Add X-Forwarded-Proto header when using https | |
| if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443)) { | |
| set req.http.X-Forwarded-Proto = "https"; | |
| } | |
| # Reduce grace to 300s if the backend is healthy | |
| # In case of an unhealthy backend, the original grace is used | |
| if (std.healthy(req.backend_hint)) { | |
| set req.grace = 300s; | |
| } | |
| # Purge logic to remove objects from the cache | |
| # Tailored to Magento's cache invalidation mechanism | |
| if (req.method == "PURGE") { | |
| if (client.ip !~ purge) { | |
| return (synth(405, "Method not allowed")); | |
| } | |
| # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header | |
| # has been added to the response in your backend server config. This is used, for example, by the | |
| # capistrano-magento2 gem for purging old content from varnish during it's deploy routine. | |
| if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) { | |
| return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required")); | |
| } | |
| if (req.http.X-Magento-Tags-Pattern) { | |
| ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern); | |
| } | |
| if (req.http.X-Pool) { | |
| ban("obj.http.X-Pool ~ " + req.http.X-Pool); | |
| } | |
| return (synth(200, "Purged")); | |
| } | |
| # Only handle relevant HTTP request methods | |
| if (req.method != "GET" && | |
| req.method != "HEAD" && | |
| req.method != "PUT" && | |
| req.method != "POST" && | |
| req.method != "PATCH" && | |
| req.method != "TRACE" && | |
| req.method != "OPTIONS" && | |
| req.method != "DELETE") { | |
| /* Non-RFC2616 or CONNECT which is weird. */ | |
| return (pipe); | |
| } | |
| # We only deal with GET and HEAD by default | |
| if (req.method != "GET" && req.method != "HEAD") { | |
| return (pass); | |
| } | |
| # Bypass shopping cart, checkout and search requests | |
| if (req.url ~ "/checkout" || req.url ~ "/catalogsearch") { | |
| return (pass); | |
| } | |
| # Bypass health check requests | |
| if (req.url ~ "^/(pub/)?(health_check.php)$") { | |
| return (pass); | |
| } | |
| # collect all cookies | |
| std.collect(req.http.Cookie); | |
| # Remove all marketing get parameters to minimize the cache objects | |
| if (req.url ~ "(\?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") { | |
| set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", ""); | |
| set req.url = regsub(req.url, "[?|&]+$", ""); | |
| } | |
| # Don't cache the authenticated GraphQL requests | |
| if (req.url ~ "/graphql" && req.http.Authorization ~ "^Bearer") { | |
| return (pass); | |
| } | |
| return (hash); | |
| } | |
| sub vcl_hash { | |
| # Add a cache variation based on the X-Magento-Vary cookie | |
| if (req.http.cookie ~ "X-Magento-Vary=") { | |
| hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1")); | |
| } else { | |
| hash_data(""); | |
| } | |
| # Create cache variations depending on the request protocol | |
| hash_data(req.http.X-Forwarded-Proto); | |
| # Create store and currency cache variations for GraphQL requests | |
| if (req.url ~ "/graphql") { | |
| hash_data(req.http.Store); | |
| hash_data(req.http.Content-Currency); | |
| } | |
| } | |
| sub vcl_backend_response { | |
| # Serve stale content for three days after object expiration | |
| # Perform asynchronous revalidation while stale content is served | |
| set beresp.grace = 3d; | |
| # All text-based content can be parsed as ESI | |
| if (beresp.http.content-type ~ "text") { | |
| set beresp.do_esi = true; | |
| } | |
| # Allow GZIP compression on all JavaScript files and all text-based content | |
| if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") { | |
| set beresp.do_gzip = true; | |
| } | |
| # Add debug headers | |
| if (beresp.http.X-Magento-Debug) { | |
| set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control; | |
| } | |
| # cache only successfully responses and 404s | |
| if (beresp.status != 200 && beresp.status != 404) { | |
| set beresp.ttl = 120s; | |
| set beresp.uncacheable = true; | |
| return (deliver); | |
| # Don't cache private responses | |
| } elsif (beresp.http.Cache-Control ~ "private") { | |
| set beresp.uncacheable = true; | |
| set beresp.ttl = 86400s; | |
| return (deliver); | |
| } | |
| # validate if we need to cache it and prevent from setting cookie | |
| if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) { | |
| unset beresp.http.set-cookie; | |
| } | |
| # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass | |
| if (beresp.ttl <= 0s || | |
| beresp.http.Surrogate-control ~ "no-store" || | |
| (!beresp.http.Surrogate-Control && | |
| beresp.http.Cache-Control ~ "no-cache|no-store") || | |
| beresp.http.Vary == "*") { | |
| # Mark as Hit-For-Pass for the next 2 minutes | |
| set beresp.ttl = 120s; | |
| set beresp.uncacheable = true; | |
| } | |
| return (deliver); | |
| } | |
| sub vcl_deliver { | |
| # Add debug headers | |
| if (resp.http.X-Magento-Debug) { | |
| if (obj.uncacheable) { | |
| set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE"; | |
| } else if (obj.hits) { | |
| set resp.http.X-Magento-Cache-Debug = "HIT"; | |
| set resp.http.Grace = req.http.grace; | |
| } else { | |
| set resp.http.X-Magento-Cache-Debug = "MISS"; | |
| } | |
| } else { | |
| unset resp.http.Age; | |
| } | |
| if (obj.uncacheable) { | |
| set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE"; | |
| } else if (obj.hits) { | |
| set resp.http.X-Magento-Cache-Debug = "HIT"; | |
| set resp.http.Grace = req.http.grace; | |
| } else { | |
| set resp.http.X-Magento-Cache-Debug = "MISS"; | |
| } | |
| # Not letting browser to cache non-static files. | |
| if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") { | |
| set resp.http.Pragma = "no-cache"; | |
| set resp.http.Expires = "-1"; | |
| set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0"; | |
| } | |
| unset resp.http.X-Magento-Debug; | |
| unset resp.http.X-Magento-Tags; | |
| unset resp.http.X-Powered-By; | |
| unset resp.http.Server; | |
| unset resp.http.X-Varnish; | |
| unset resp.http.Via; | |
| unset resp.http.Link; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| return [ | |
| 'backend' => [ | |
| 'frontName' => 'sozoadmin' | |
| ], | |
| 'crypt' => [ | |
| 'key' => '{{key}}' | |
| ], | |
| 'db' => [ | |
| 'table_prefix' => '', | |
| 'connection' => [ | |
| 'default' => [ | |
| 'host' => 'localhost', | |
| 'dbname' => 'mag2', | |
| 'username' => 'root', | |
| 'password' => '{{rootpassword}}', | |
| 'model' => 'mysql4', | |
| 'engine' => 'innodb', | |
| 'initStatements' => 'SET NAMES utf8;', | |
| 'active' => '1', | |
| 'profiler' => 1 | |
| ], | |
| 'wordpress' => [ | |
| 'host' => 'localhost', | |
| 'dbname' => 'wp', | |
| 'username' => 'root', | |
| 'password' => '{{rootpassword}}', | |
| 'active' => '1' | |
| ] | |
| ] | |
| ], | |
| 'resource' => [ | |
| 'default_setup' => [ | |
| 'connection' => 'default' | |
| ] | |
| ], | |
| 'x-frame-options' => 'SAMEORIGIN', | |
| 'MAGE_MODE' => 'developer', | |
| 'install' => [ | |
| 'date' => 'Wed, 16 Sep 2020 13:05:00 +0000' | |
| ], | |
| ]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream fastcgi_backend { | |
| server unix:/run/php-fpm/php-fpm.sock; | |
| } | |
| server { | |
| listen 8080; | |
| listen [::]:8080; | |
| server_name _; | |
| # Default nginx | |
| location / { | |
| root /usr/share/nginx/html; | |
| index index.html index.htm; | |
| } | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root /usr/share/nginx/html; | |
| } | |
| # EO: Default nginx | |
| #set $MAGE_ROOT /opt/magento/magento2; | |
| #include /opt/magento/magento2/nginx.wp.conf; | |
| #include /opt/magento/magento2/nginx.conf; | |
| } | |
| #server { | |
| # listen 443 ssl http2 default_server; | |
| # listen [::]:443 ssl http2 default_server; | |
| # server_name _; | |
| # ssl_certificate /etc/letsencrypt/live/{{hostname}}/fullchain.pem; | |
| # ssl_certificate_key /etc/letsencrypt/live/{{hostname}}/privkey.pem; | |
| # keepalive_timeout 300s; | |
| # client_max_body_size 10M; | |
| # http2_push_preload on; | |
| # http2_max_concurrent_pushes 25; | |
| # location / { | |
| # proxy_pass http://127.0.0.1; | |
| # proxy_buffers 16 16k; | |
| # proxy_buffer_size 32k; | |
| # proxy_busy_buffers_size 32k; | |
| # proxy_read_timeout 600s; | |
| # proxy_connect_timeout 70s; | |
| # proxy_set_header Host $http_host; | |
| # proxy_set_header X-Forwarded-Host $http_host; | |
| # proxy_set_header X-Real-IP $remote_addr; | |
| # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| # proxy_set_header X-Forwarded-Proto https; | |
| # proxy_set_header X-Forwarded-Port 443; | |
| # proxy_set_header Ssl-Offloaded "1"; | |
| # } | |
| # location /kibana { | |
| # proxy_pass http://localhost:5601; | |
| # proxy_http_version 1.1; | |
| # proxy_set_header Upgrade $http_upgrade; | |
| # proxy_set_header Connection 'upgrade'; | |
| # proxy_set_header Host $host; | |
| # proxy_cache_bypass $http_upgrade; | |
| # } | |
| #} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream fastcgi_backend { | |
| server unix:/run/php-fpm/php-fpm.sock; | |
| } | |
| # Update the {url}, after lets encrypt has generated the cert you can comment out the include in 80 uncomment the 301 | |
| server { | |
| listen 80 default_server; | |
| server_name _; | |
| set $MAGE_ROOT /opt/magento/magento2; | |
| include /opt/magento/magento2/nginx.conf; | |
| #return 301 https://{url}$request_uri; | |
| } | |
| # Uncomment this entire block after SSL generated. | |
| #server { | |
| # listen 443 ssl http2 default_server; | |
| # server_name _; | |
| # ssl_certificate /etc/letsencrypt/live/{url}/fullchain.pem; | |
| # ssl_certificate_key /etc/letsencrypt/live/{url}/privkey.pem; | |
| # set $MAGE_ROOT /opt/magento/magento2; | |
| # include /opt/magento/magento2/nginx.conf; | |
| # include /opt/magento/magento2/nginx.wp.conf; | |
| #} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Varnish Cache, a high-performance HTTP accelerator | |
| After=network-online.target nss-lookup.target | |
| [Service] | |
| Type=forking | |
| KillMode=process | |
| # Maximum number of open files (for ulimit -n) | |
| LimitNOFILE=131072 | |
| # Locked shared memory - should suffice to lock the shared memory log | |
| # (varnishd -l argument) | |
| # Default log size is 80MB vsl + 1M vsm + header -> 82MB | |
| # unit is bytes | |
| LimitMEMLOCK=85983232 | |
| # Enable this to avoid "fork failed" on reload. | |
| TasksMax=infinity | |
| # Maximum size of the corefile. | |
| LimitCORE=infinity | |
| ExecStart=/usr/sbin/varnishd \ | |
| -a :80 \ | |
| -a localhost:6082 \ | |
| -p feature=+http2 \ | |
| -p http_req_hdr_len=64k \ | |
| -p http_resp_hdr_len=64k \ | |
| -p http_resp_size=128k \ | |
| -p workspace_backend=256k \ | |
| -f /etc/varnish/default.vcl \ | |
| -S /etc/varnish/secret \ | |
| -s malloc,4G | |
| ExecReload=/usr/sbin/varnishreload | |
| Restart=on-failure | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment