From 81becd110baa68ee2b75e1d98e7eb801f281e50b Mon Sep 17 00:00:00 2001 From: Ryan Date: Sun, 9 Jun 2024 17:37:17 +0200 Subject: [PATCH] Small changes --- .../workflows/build-elasticsearch-7-17-19.yml | 2 +- .github/workflows/build-nginx-1-18.yml | 9 ++- docker-compose.yml | 79 +++++++++++-------- images/nginx/1.18/Dockerfile | 4 +- images/nginx/1.18/conf/nginx.production.conf | 10 +-- images/varnish/7.5.0-alpine/Dockerfile | 6 +- images/varnish/7.5.0-alpine/default.vcl | 29 +++---- 7 files changed, 78 insertions(+), 61 deletions(-) diff --git a/.github/workflows/build-elasticsearch-7-17-19.yml b/.github/workflows/build-elasticsearch-7-17-19.yml index b32c7b8bd..0a046086f 100644 --- a/.github/workflows/build-elasticsearch-7-17-19.yml +++ b/.github/workflows/build-elasticsearch-7-17-19.yml @@ -3,8 +3,8 @@ name: build-elasticsearch-7-17-19 on: push: paths: - - Dockerfile.base - .github/workflows/build-elasticsearch-7-17-19.yml + - images/elasticsearch/7.17.19/** branches: - feature/webgrip workflow_dispatch: diff --git a/.github/workflows/build-nginx-1-18.yml b/.github/workflows/build-nginx-1-18.yml index f91a955d3..22b968a55 100644 --- a/.github/workflows/build-nginx-1-18.yml +++ b/.github/workflows/build-nginx-1-18.yml @@ -1,6 +1,13 @@ name: build-nginx-1-18 -on: workflow_dispatch +on: + push: + paths: + - .github/workflows/build-nginx-1-18.yml + - images/nginx/1.18/** + branches: + - feature/webgrip + workflow_dispatch: jobs: nginx-1-18: diff --git a/docker-compose.yml b/docker-compose.yml index 434297679..e1ab2c0c1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,12 +15,14 @@ services: image: webgrip/magento-nginx:1.18 labels: - "traefik.enable=true" - - "traefik.http.routers.your-service.rule=Host(`docker-magento.test`)" - - "traefik.http.routers.your-service.entrypoints=websecure" - - "traefik.http.routers.your-service.tls.certresolver=myresolver" + - "traefik.http.routers.nginx.rule=Host(`docker-magento.test`)" + - "traefik.http.routers.nginx.entrypoints=websecure" + - "traefik.http.routers.nginx.tls=true" + - "traefik.http.routers.nginx.service=nginx" +# - "traefik.http.routers.docker-magento.tls.certresolver=myresolver" ports: - - "80:8000" - - "443:8443" + - "8081:8000" + - "8443:8443" depends_on: - php-fpm volumes: &appvolumes @@ -29,8 +31,11 @@ services: # - ~/.ssh/id_ed25519:/var/www/.ssh/id_ed25519:cached # - ~/.ssh/known_hosts:/var/www/.ssh/known_hosts:cached - ./src:/var/www/html + - ./images/nginx/1.18/conf/default.development.conf:/etc/nginx/conf.d/default.conf + - ./images/nginx/1.18/conf/nginx.development.conf:/etc/nginx/nginx.conf # - appdata:/var/www/html -# - sockdata:/sock +# - /var/run/docker.sock:/sock/docker.sock + - sockdata:/sock # - ssldata:/etc/nginx/certs #extra_hosts: &appextrahosts ## Selenium support, replace "magento.test" with URL of your site @@ -45,10 +50,19 @@ services: - 9003 volumes: - ./src:/var/www/html:rw + - sockdata:/sock +# - ./docker-compose/php-fpm/php.ini:/usr/local/etc/php/php.ini +# - ./docker-compose/php-fpm/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini +# - ./docker-compose/php-fpm/opcache.ini:/usr/local/etc/php/conf.d/opcache.ini +# - ./docker-compose/php-fpm/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz_custom.conf +# - ./docker-compose/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf +# - ./docker-compose/php-fpm/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz_custom.conf +# - ./docker-compose/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf +# - ./docker-compose/php-fpm/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz_custom.conf depends_on: - mysql - redis - - opensearch + - elasticsearch environment: PHP_IDE_CONFIG: "serverName=localhost" #extra_hosts: *appextrahosts @@ -78,28 +92,28 @@ services: # volumes: # - dbdata:/var/lib/mysql - opensearch: - image: webgrip/magento-opensearch:2.5 - build: - context: ./images/opensearch/2.5 - dockerfile: Dockerfile - ports: - - "9200:9200" - - "9300:9300" - volumes: - - opensearch-data:/usr/share/elasticsearch/data - environment: - ES_JAVA_OPTS: "-Xms2048m -Xmx2048m -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -Xss1m" - OPENSEARCH_JAVA_OPTS: "-Xms2048m -Xmx2048m" - discovery.type: single-node - cluster.routing.allocation.disk.threshold_enabled: false - script.painless.regex.enabled: true - bootstrap.memory_lock: true - network.host: 0.0.0.0 - cluster.name: opensearch-cluster - node.name: opensearch-node1 - index.blocks.read_only_allow_delete: true - # max_map_count: 262144 ## Uncomment the following line to increase the virtual memory map count +# opensearch: +# image: webgrip/magento-opensearch:2.5 +# build: +# context: ./images/opensearch/2.5 +# dockerfile: Dockerfile +# ports: +# - "9200:9200" +# - "9300:9300" +# volumes: +# - opensearch-data:/usr/share/elasticsearch/data +# environment: +# ES_JAVA_OPTS: "-Xms2048m -Xmx2048m -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -Xss1m" +# OPENSEARCH_JAVA_OPTS: "-Xms2048m -Xmx2048m" +# discovery.type: single-node +# cluster.routing.allocation.disk.threshold_enabled: false +# script.painless.regex.enabled: true +# bootstrap.memory_lock: true +# network.host: 0.0.0.0 +# cluster.name: opensearch-cluster +# node.name: opensearch-node1 +# index.blocks.read_only_allow_delete: true +# # max_map_count: 262144 ## Uncomment the following line to increase the virtual memory map count redis: image: redis:7.0-alpine @@ -168,20 +182,19 @@ services: varnish: - image: webgrip/mmagento-varnish:7.5.0-alpine + image: webgrip/magento-varnish:7.5.0-alpine container_name: varnish build: context: ./images/varnish/7.5.0-alpine dockerfile: Dockerfile ports: - "6081:6081" - volumes: - - ./default.vcl:/etc/varnish/default.vcl:ro depends_on: - nginx + volumes: + - ./images/varnish/7.5.0-alpine/default.vcl:/etc/varnish/default.vcl tmpfs: - /var/lib/varnish:exec # Optional: Use tmpfs for Varnish storage to increase cache responsiveness - command: "-p default_keep=300" environment: - VARNISH_SIZE=2G diff --git a/images/nginx/1.18/Dockerfile b/images/nginx/1.18/Dockerfile index 8c4605066..8d99a324a 100644 --- a/images/nginx/1.18/Dockerfile +++ b/images/nginx/1.18/Dockerfile @@ -23,7 +23,7 @@ RUN apk add --no-cache openssl && \ # Production-ready configuration FROM base AS production COPY ./conf/nginx.production.conf /etc/nginx/nginx.conf -COPY ./conf/default.production.conf /etc/nginx/conf.d/ +COPY ./conf/default.production.conf /etc/nginx/conf.d/default.conf EXPOSE 443 USER "${APP_USER}":"${APP_GROUP}" VOLUME /var/www @@ -49,7 +49,7 @@ COPY --from=mkcert-installer /usr/local/share/ca-certificates/mkcert /usr/local/ # Copy development-specific Nginx configuration COPY ./conf/nginx.development.conf /etc/nginx/nginx.conf -COPY ./conf/default.development.conf /etc/nginx/conf.d/ +COPY ./conf/default.development.conf /etc/nginx/conf.d/default.conf EXPOSE 443 USER "${APP_USER}":"${APP_GROUP}" diff --git a/images/nginx/1.18/conf/nginx.production.conf b/images/nginx/1.18/conf/nginx.production.conf index 2798cb1eb..94bf44556 100644 --- a/images/nginx/1.18/conf/nginx.production.conf +++ b/images/nginx/1.18/conf/nginx.production.conf @@ -18,11 +18,11 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - log_format error - '$remote_addr - $remote_user [$time_local] "$request" ' - '$status "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"' - '"$request_body" "$request_body_file"'; + log_format error + '$remote_addr - $remote_user [$time_local] "$request" ' + '$status "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"' + '"$request_body" "$request_body_file"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log error; diff --git a/images/varnish/7.5.0-alpine/Dockerfile b/images/varnish/7.5.0-alpine/Dockerfile index 3306da47a..bf9ad83a5 100644 --- a/images/varnish/7.5.0-alpine/Dockerfile +++ b/images/varnish/7.5.0-alpine/Dockerfile @@ -10,5 +10,9 @@ COPY ./default.vcl /etc/varnish/default.vcl # Expose port 6081 for Varnish HTTP traffic EXPOSE 6081 +# Create a non-root user and switch to it +RUN addgroup -S varnish && adduser -S varnish -G varnish +USER varnish + # Start Varnish daemon with specified storage, configuration file, and run it in foreground -CMD ["varnishd", "-F", "-f", "/etc/varnish/default.vcl", "-s", "malloc,256M"] +CMD ["varnishd", "-F", "-f", "/etc/varnish/default.vcl", "-s", "malloc,256M", "-p", "default_ttl=3600", "-p", "default_grace=3600", "-a", ":6081", "-n", "/var/cache/varnish"] diff --git a/images/varnish/7.5.0-alpine/default.vcl b/images/varnish/7.5.0-alpine/default.vcl index 43e2ea866..b588adc7f 100644 --- a/images/varnish/7.5.0-alpine/default.vcl +++ b/images/varnish/7.5.0-alpine/default.vcl @@ -1,6 +1,5 @@ # Very advanced implementation of default.vcl for a magento production server - vcl 4.1; import std; @@ -53,30 +52,24 @@ sub vcl_backend_response { if (bereq.http.cookie ~ "PHPSESSID") { unset beresp.http.set-cookie; } -} - -sub vcl_deliver { - if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; - } - else { - set resp.http.X-Cache = "MISS"; - } -} -sub vcl_backend_response { # Cache images and AVIF files if (bereq.url ~ "\.(jpeg|jpg|png|gif|ico|svg|avif)$") { set beresp.ttl = 1w; # Cache for 1 week set beresp.http.Cache-Control = "public, max-age=604800"; # 1 week in seconds } - # Existing code... - if (bereq.http.cookie ~ "PHPSESSID") { - unset beresp.http.set-cookie; + # Strip all cookies except the essentials + if (bereq.http.cookie) { + set bereq.http.cookie = regsuball(bereq.http.cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); } } -# Not sure about this -if (bereq.http.cookie) { - set bereq.http.cookie = regsuball(bereq.http.cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); // Strip all cookies except the essentials + +sub vcl_deliver { + if (obj.hits > 0) { + set resp.http.X-Cache = "HIT"; + } + else { + set resp.http.X-Cache = "MISS"; + } }