From 4f184bd609cb099462cd0d682d4e4d962dd0be14 Mon Sep 17 00:00:00 2001 From: William Hearn Date: Tue, 30 Jul 2024 00:23:27 -0400 Subject: [PATCH] feat(varnish): Correct usage of Varnish Port --- charts/drupal/Chart.yaml | 2 +- charts/drupal/README.md | 11 ++++++----- charts/drupal/values.yaml | 10 +++++----- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/charts/drupal/Chart.yaml b/charts/drupal/Chart.yaml index 0456d35..1d36d78 100644 --- a/charts/drupal/Chart.yaml +++ b/charts/drupal/Chart.yaml @@ -1,7 +1,7 @@ name: drupal apiVersion: v2 type: application -version: 1.0.0-beta11 +version: 1.0.0-beta12 appVersion: 5.2.3 description: Drupal 10 variant of the Web Experience Toolkit (WxT). keywords: diff --git a/charts/drupal/README.md b/charts/drupal/README.md index 6f2fee3..1b13147 100644 --- a/charts/drupal/README.md +++ b/charts/drupal/README.md @@ -1,6 +1,6 @@ # drupal -![Version: 1.0.0-beta11](https://img.shields.io/badge/Version-1.0.0--beta11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.2.3](https://img.shields.io/badge/AppVersion-5.2.3-informational?style=flat-square) +![Version: 1.0.0-beta12](https://img.shields.io/badge/Version-1.0.0--beta12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.2.3](https://img.shields.io/badge/AppVersion-5.2.3-informational?style=flat-square) Drupal 10 variant of the Web Experience Toolkit (WxT). @@ -237,12 +237,13 @@ helm install --name drupal -f values-.yaml |-----|------|---------|-------------| | postgresql.auth.database | string | `"wxt"` | | | postgresql.auth.enablePostgresUser | bool | `true` | | -| postgresql.auth.password | string | `""` | | -| postgresql.auth.postgresPassword | string | `""` | | +| postgresql.auth.password | string | `"example"` | | +| postgresql.auth.postgresPassword | string | `"example"` | | | postgresql.auth.username | string | `"wxt"` | | | postgresql.enabled | bool | `false` | | | postgresql.image.tag | string | `"14.3.0-debian-11-r3"` | | -| postgresql.primary.configuration | string | `"listen_addresses='*'\nmax_connections=200\nshared_buffers='512MB'\nwork_mem='2048MB'\neffective_cache_size='512MB'\nmaintenance_work_mem='32MB'\nmin_wal_size='512MB'\nmax_wal_size='512MB'\nwal_buffer='8048kB'\nbytea_output='escape'"` | | +| postgresql.primary.configuration | string | `""` | | +| postgresql.primary.extendedConfiguration | string | `"listen_addresses='*'\nmax_connections=200\nshared_buffers='512MB'\nwork_mem='2048MB'\neffective_cache_size='512MB'\nmaintenance_work_mem='32MB'\nmin_wal_size='512MB'\nmax_wal_size='512MB'\nbytea_output='escape'"` | | | postgresql.primary.persistence.enabled | bool | `true` | | | postgresql.primary.persistence.size | string | `"128Gi"` | | | postgresql.volumePermissions.enabled | bool | `true` | | @@ -329,7 +330,7 @@ helm install --name drupal -f values-.yaml | varnish.enabled | bool | `false` | | | varnish.nodeSelector | object | `{}` | | | varnish.resources | object | `{}` | | -| varnish.service.port | int | `80` | | +| varnish.service.port | int | `8080` | | | varnish.service.type | string | `"ClusterIP"` | | | varnish.tolerations | list | `[]` | | | varnish.varnishConfigContent | string | `"vcl 4.0;\n\nimport std;\nimport directors;\n\nbackend nginx {\n .host = \"{{ include \"backend.fullname\" . }}-nginx\";\n .host_header = \"{{ include \"backend.fullname\" . }}-nginx\";\n .port = \"8080\";\n}\n\nsub vcl_init {\n new backends = directors.round_robin();\n backends.add_backend(nginx);\n}\n\nsub vcl_recv {\n set req.http.X-Forwarded-Host = req.http.Host;\n if (!req.http.X-Forwarded-Proto) {\n set req.http.X-Forwarded-Proto = \"http\";\n }\n\n # Answer healthcheck\n if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n return (synth(700, \"HEALTHCHECK\"));\n }\n\n # Answer splashpage\n # if (req.url == \"/\") {\n # return (synth(701, \"SPLASH\"));\n # }\n\n set req.backend_hint = backends.backend();\n\n # Always cache certain file types\n # Remove cookies that Drupal doesn't care about\n if (req.url ~ \"(?i)\\.(asc|dat|tgz|png|gif|jpeg|jpg|ico|swf|css|js)(\\?.*)?$\") {\n unset req.http.Cookie;\n } else if (req.http.Cookie) {\n set req.http.Cookie = \";\" + req.http.Cookie;\n set req.http.Cookie = regsuball(req.http.Cookie, \"; +\", \";\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=\", \"; \\1=\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";[^ ][^;]*\", \"\");\n set req.http.Cookie = regsuball(req.http.Cookie, \"^[; ]+|[; ]+$\", \"\");\n if (req.http.Cookie == \"\") {\n unset req.http.Cookie;\n } else {\n return (pass);\n }\n }\n # If POST, PUT or DELETE, then don't cache\n if (req.method == \"POST\" || req.method == \"PUT\" || req.method == \"DELETE\") {\n return (pass);\n }\n # Happens before we check if we have this in cache already.\n #\n # Typically you clean up the request here, removing cookies you don't need,\n # rewriting the request, etc.\n return (hash);\n #return (pass);\n}\n\nsub vcl_backend_fetch {\n # NEW\n set bereq.http.Host = \"{{ include \"backend.fullname\" . }}-nginx\";\n\n # Don't add 127.0.0.1 to X-Forwarded-For\n set bereq.http.X-Forwarded-For = regsub(bereq.http.X-Forwarded-For, \"(, )?127\\.0\\.0\\.\\d$\", \"\");\n}\n\nsub vcl_backend_response {\n if (beresp.http.Location && beresp.http.Location !~ \"^https://api.twitter.com/\") {\n set beresp.http.Location = regsub(\n beresp.http.Location,\n \"^https?://[^/]+/\",\n bereq.http.X-Forwarded-Proto + \"://\" + bereq.http.X-Forwarded-Host + \"/\"\n );\n }\n # Only cache select response codes\n if (beresp.status == 200 || beresp.status == 203 || beresp.status == 204 || beresp.status == 206 || beresp.status == 300 || beresp.status == 301 || beresp.status == 404 || beresp.status == 405 || beresp.status == 410 || beresp.status == 414 || beresp.status == 501) {\n # Cache for 5 minutes\n set beresp.ttl = 5m;\n set beresp.grace = 12h;\n set beresp.keep = 24h;\n } else {\n set beresp.ttl = 0s;\n }\n}\n\nsub vcl_deliver {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Comment these for easier Drupal cache tag debugging in development.\n unset resp.http.Cache-Tags;\n unset resp.http.X-Drupal-Cache-Contexts;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net data:; font-src 'self' *.example.ca https://fonts.gstatic.com\";\n\n # Add CORS Headers\n # if (req.http.Origin ~ \"(?i)\\.example\\.ca$\") {\n # if (req.url ~ \"\\.(ttd|woff|woff2)(\\?.*)?$\") {\n # set resp.http.Access-Control-Allow-Origin = \"*\";\n # set resp.http.Access-Control-Allow-Methods = \"GET\";\n # }\n # }\n\n # Add X-Frame-Options\n # if (req.url ~ \"^/(en/|fr/)?media/\") {\n # set resp.http.X-Frame-Options = \"SAMEORIGIN\";\n # } else {\n # set resp.http.X-Frame-Options = \"DENY\";\n # }\n\n set resp.http.X-Content-Type-Options = \"nosniff\";\n set resp.http.X-XSS-Protection = \"1; mode=block\";\n set resp.http.Strict-Transport-Security = \"max-age=2629800\";\n\n if (req.http.host ~ \"site.example.ca\") {\n set resp.http.X-Robots-Tag = \"noindex, nofollow\";\n }\n\n if (req.url ~ \"^/(en/|fr/)?(search/|recherche/)site/\") {\n set resp.http.X-Robots-Tag = \"noindex, nofollow\";\n }\n\n # Happens when we have all the pieces we need, and are about to send the\n # response to the client.\n #\n # You can do accounting or modifying the final object here.\n if (obj.hits > 0) {\n set resp.http.X-Cache = \"HIT\";\n } else {\n set resp.http.X-Cache = \"MISS\";\n }\n # Handle errors\n if ( (resp.status >= 500 && resp.status <= 599)\n || resp.status == 400\n || resp.status == 401\n || resp.status == 403\n || resp.status == 404) {\n return (synth(resp.status));\n }\n}\n\nsub vcl_synth {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca data:;\";\n # set resp.http.X-Content-Type-Options = \"nosniff\";\n # set resp.http.X-Frame-Options = \"DENY\";\n # set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n set resp.http.Strict-Transport-Security = \"max-age=2629800\";\n\n # if (resp.status >= 500 && resp.status <= 599) {\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n # return (deliver);\n # } elseif (resp.status == 400) { # 400 - Bad Request\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/400.html\"));\n # return (deliver);\n # } elseif (resp.status == 401) { # 401 - Unauthorized\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/401.html\"));\n # return (deliver);\n # } elseif (resp.status == 403) { # 403 - Forbidden\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/403.html\"));\n # return (deliver);\n # } elseif (resp.status == 404) { # 404 - Not Found\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/404.html\"));\n # return (deliver);\n # } else\n if (resp.status == 700) { # Respond to healthcheck\n set resp.status = 200;\n set resp.http.Content-Type = \"text/plain\";\n synthetic ( {\"OK\"} );\n return (deliver);\n }\n # elseif (resp.status == 701) { # Respond to splash\n # set resp.status = 200;\n # set resp.http.Content-Type = \"text/html\";\n # synthetic(std.fileread(\"/splash/index.html\"));\n # return (deliver);\n # }\n}\n\n##\n# ERROR HANDLING\n##\n# sub vcl_backend_error {\n# set beresp.http.Content-Type = \"text/html; charset=utf-8\";\n# synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n# return (deliver);\n# }\n"` | | diff --git a/charts/drupal/values.yaml b/charts/drupal/values.yaml index eec51c1..7ef1546 100644 --- a/charts/drupal/values.yaml +++ b/charts/drupal/values.yaml @@ -768,16 +768,17 @@ postgresql: tag: 14.3.0-debian-11-r3 auth: enablePostgresUser: true - postgresPassword: "" + postgresPassword: "example" username: "wxt" - password: "" + password: "example" database: "wxt" primary: persistence: enabled: true # storageClass: managed-premium size: 128Gi - configuration: |- + configuration: "" + extendedConfiguration: |- listen_addresses='*' max_connections=200 shared_buffers='512MB' @@ -786,7 +787,6 @@ postgresql: maintenance_work_mem='32MB' min_wal_size='512MB' max_wal_size='512MB' - wal_buffer='8048kB' bytea_output='escape' volumePermissions: enabled: true @@ -863,7 +863,7 @@ varnish: imagePullPolicy: IfNotPresent service: type: ClusterIP - port: 80 + port: 8080 resources: {} # requests: # memory: "512Mi"