Varnish vs Nginx configuration added

DOCUMENTATION/content/documentation/index.md

@@ -674,6 +674,7 @@ You may wanna change the default security configuration, so go to `http://localh
 
 <br>
 <a name="Use-Redis"></a>
+
 ## Use Redis
 
 1 - First make sure you run the Redis Container (`redis`) with the `docker-compose up` command.
@@ -761,12 +762,81 @@ Read the [Laravel official documentation](https://laravel.com/docs/5.7/redis#con
 ```
 
 
-
-
-
+<br>
+<a name="Use-Varnish"></a>
+
+## Use Varnish
+
+The goal was to proxy request to varnish server using nginx. So only nginx has been configured for Varnish proxy.
+Nginx is on port 80 or 443. Nginx sends request through varnish server and varnish server sends request back to nginx on port 81 (external port is defined in `VARNISH_BACKEND_PORT`). 
+
+The idea was taken from this [post](https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8/) 
+
+The Varnish configuration was developed and tested for Wordpress only. Probably it works with other systems.
+
+#### Steps to configure varnish proxy server:
+1. You have to set domain name for VARNISH_PROXY1_BACKEND_HOST variable.
+2. If you want to use varnish for different domains, you have to add new configuration section in your env file.
+    ``` 
+    VARNISH_PROXY1_CACHE_SIZE=128m
+    VARNISH_PROXY1_BACKEND_HOST=replace_with_your_domain.name
+    VARNISH_PROXY1_SERVER=SERVER1
+    ``` 
+3. Then you have to add new config section into docker-compose.yml with related variables:
+    ```
+    custom_proxy_name:
+          container_name: custom_proxy_name
+          build: ./varnish
+          expose:
+            - ${VARNISH_PORT}
+          environment:
+            - VARNISH_CONFIG=${VARNISH_CONFIG}
+            - CACHE_SIZE=${VARNISH_PROXY2_CACHE_SIZE}
+            - VARNISHD_PARAMS=${VARNISHD_PARAMS}
+            - VARNISH_PORT=${VARNISH_PORT}
+            - BACKEND_HOST=${VARNISH_PROXY2_BACKEND_HOST}
+            - BACKEND_PORT=${VARNISH_BACKEND_PORT}
+            - VARNISH_SERVER=${VARNISH_PROXY2_SERVER}
+          ports:
+            - "${VARNISH_PORT}:${VARNISH_PORT}"
+          links:
+            - workspace
+          networks:
+            - frontend
+    ``` 
+4. change your varnish config and add nginx configuration. Example Nginx configuration is here: `nginx/sites/laravel_varnish.conf.example`.
+5. `varnish/default.vcl` is old varnish configuration, which was used in the previous version. Use `default_wordpress.vcl` instead.
+
+#### How to run:
+1. Rename `default_wordpress.vcl` to `default.vcl`
+2. `docker-compose up -d nginx`
+3. `docker-compose up -d proxy`
+
+Keep in mind that varnish server must be built after Nginx cause varnish checks domain affordability.
+
+#### FAQ:
+
+1. How to purge cache? <br>
+run from any cli: <br>`curl -X PURGE https://yourwebsite.com/`.
+2. How to reload varnish?<br>
+`docker container exec proxy varnishreload`
+3. Which varnish commands are allowed?
+    - varnishadm     
+    - varnishd      
+    - varnishhist    
+    - varnishlog     
+    - varnishncsa    
+    - varnishreload  
+    - varnishstat    
+    - varnishtest    
+    - varnishtop
+4. How to reload Nginx?<br>
+`docker exec Nginx nginx -t`<br>
+`docker exec Nginx nginx -s reload`
 
 <br>
 <a name="Use-Mongo"></a>
+
 ## Use Mongo
 
 1 - First install `mongo` in the Workspace and the PHP-FPM Containers:

docker-compose.yml

@@ -291,6 +291,7 @@ services:
       ports:
         - "${NGINX_HOST_HTTP_PORT}:80"
         - "${NGINX_HOST_HTTPS_PORT}:443"
+        - "${VARNISH_BACKEND_PORT}:81"
       depends_on:
         - php-fpm
       networks:
@@ -836,6 +837,7 @@ services:
 
 ### Varnish ##########################################
     proxy:
+      container_name: proxy
       build: ./varnish
       expose:
         - ${VARNISH_PORT}
@@ -847,12 +849,15 @@ services:
         - BACKEND_HOST=${VARNISH_PROXY1_BACKEND_HOST}
         - BACKEND_PORT=${VARNISH_BACKEND_PORT}
         - VARNISH_SERVER=${VARNISH_PROXY1_SERVER}
+      ports:
+        - "${VARNISH_PORT}:${VARNISH_PORT}"
       links:
         - workspace
       networks:
         - frontend
 
     proxy2:
+      container_name: proxy2
       build: ./varnish
       expose:
         - ${VARNISH_PORT}
@@ -864,6 +869,8 @@ services:
         - BACKEND_HOST=${VARNISH_PROXY2_BACKEND_HOST}
         - BACKEND_PORT=${VARNISH_BACKEND_PORT}
         - VARNISH_SERVER=${VARNISH_PROXY2_SERVER}
+      ports:
+        - "${VARNISH_PORT}:${VARNISH_PORT}"
       links:
         - workspace
       networks:

env-example

@@ -364,8 +364,8 @@ MAILDEV_SMTP_PORT=25
 ### VARNISH ###############################################
 
 VARNISH_CONFIG=/etc/varnish/default.vcl
-VARNISH_PORT=8080
-VARNISH_BACKEND_PORT=8888
+VARNISH_PORT=6081
+VARNISH_BACKEND_PORT=81
 VARNISHD_PARAMS=-p default_ttl=3600 -p default_grace=3600
 
 ### Varnish ###############################################

nginx/Dockerfile

@@ -18,6 +18,8 @@ RUN apk update \
     && apk add --no-cache openssl \
     && apk add --no-cache bash
 
+RUN apk add --no-cache curl
+
 RUN set -x ; \
     addgroup -g 82 -S www-data ; \
     adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
@@ -39,4 +41,4 @@ ADD ./startup.sh /opt/startup.sh
 RUN sed -i 's/\r//g' /opt/startup.sh
 CMD ["/bin/bash", "/opt/startup.sh"]
 
-EXPOSE 80 443
+EXPOSE 80 81 443

nginx/sites/laravel_varnish.conf.example

@@ -0,0 +1,110 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name www.laravel.test;
+    rewrite ^(.*) https://laravel.test$1/ permanent;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name laravel.test;
+    rewrite ^(.*) https://laravel.test$1/ permanent;
+}
+
+server {
+    listen 443 ssl ;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/ssl/laravel.test.crt;
+    ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
+    server_name www.laravel.test;
+    rewrite ^(.*) https://laravel.test$1/ permanent;
+}
+
+server {
+    server_name laravel.test;
+
+    # For https
+    listen 443 ssl ;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/ssl/laravel.test.crt;
+    ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
+
+    port_in_redirect off;
+
+    add_header Strict-Transport-Security "max-age=31536000";
+    add_header X-Content-Type-Options nosniff;
+
+    location / {
+         proxy_pass http://proxy:6081;
+         proxy_set_header Host $http_host;
+         proxy_set_header X-Forwarded-Host $http_host;
+         proxy_set_header X-Real-IP $remote_addr;
+         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header X-Forwarded-Proto https;
+         proxy_set_header HTTPS "on";
+         proxy_redirect     off;
+    }
+}
+
+server {
+    server_name laravel.test;
+
+    listen 81;
+    listen [::]:81;
+
+    root /var/www/laravel.test/www;
+
+    index index.php index.html index.htm;
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_max_temp_file_size 4m;
+        fastcgi_pass php-upstream;
+
+        # Additional configs
+        fastcgi_pass_header Set-Cookie;
+        fastcgi_pass_header Cookie;
+        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+        try_files $uri /index.php =404;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_param  PATH_INFO $fastcgi_path_info;
+        fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
+        fastcgi_param HTTPS on;
+
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+
+        fastcgi_intercept_errors on;
+
+        #fixes timeouts
+        fastcgi_read_timeout 600;
+        include fastcgi_params;
+    }
+
+    # Caching
+    location ~* \.(ico|jpg|webp|jpeg|gif|css|png|js|ico|bmp|zip|woff)$ {
+        access_log off;
+        log_not_found off;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+        expires 14d;
+    }
+
+    location ~* \.(php|html)$ {
+        access_log on;
+        log_not_found on;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+        expires 14d;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}

varnish/Dockerfile

@@ -1,16 +1,8 @@
-FROM debian:latest
-
-LABEL maintainer="ZeroC0D3 Team<[email protected]>"
+FROM varnish:6.3
 
 # Set Environment Variables
 ENV DEBIAN_FRONTEND noninteractive
 
-# Install Dependencies
-RUN apt-get update && apt-get install -y apt-utils && apt-get upgrade -y
-RUN mkdir /home/site && mkdir /home/site/cache
-RUN apt-get install -y varnish
-RUN rm -rf /var/lib/apt/lists/*
-
 # Setting Configurations
 ENV VARNISH_CONFIG  /etc/varnish/default.vcl
 ENV CACHE_SIZE      128m

varnish/default.vcl

@@ -52,6 +52,7 @@ sub vcl_init {
     # vdir.add_backend(servern);
 }
 
+# This function is used when a request is send by a HTTP client (Browser)
 sub vcl_recv {
     # Called at the beginning of a request, after the complete request has been received and parsed.
     # Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable,
@@ -75,8 +76,12 @@ sub vcl_recv {
             # Not from an allowed IP? Then die with an error.
             return (synth(405, "This IP is not allowed to send PURGE requests."));
         }
-    # If you got this stage (and didn't error out above), purge the cached result
-        return (purge);
+
+        ban("req.http.host == " + req.http.host);
+        # Throw a synthetic page so the request won't go to the backend.
+        return(synth(200, "Ban added"));
+        # If allowed, do a cache_lookup -> vlc_hit() or vlc_miss()
+        #return (purge);
     }
 
     # Only deal with "normal" types