feat(varnish): Correct usage of Varnish Port

drupalwxt · Jul 30, 2024 · 4f184bd · 4f184bd
1 parent 1cbcc9d
commit 4f184bd
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 11 deletions.
diff --git a/charts/drupal/Chart.yaml b/charts/drupal/Chart.yaml
@@ -1,7 +1,7 @@
 name: drupal
 apiVersion: v2
 type: application
-version: 1.0.0-beta11
+version: 1.0.0-beta12
 appVersion: 5.2.3
 description: Drupal 10 variant of the Web Experience Toolkit (WxT).
 keywords:

diff --git a/charts/drupal/README.md b/charts/drupal/README.md
@@ -1,6 +1,6 @@
 # drupal
 
-![Version: 1.0.0-beta11](https://img.shields.io/badge/Version-1.0.0--beta11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.2.3](https://img.shields.io/badge/AppVersion-5.2.3-informational?style=flat-square)
+![Version: 1.0.0-beta12](https://img.shields.io/badge/Version-1.0.0--beta12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.2.3](https://img.shields.io/badge/AppVersion-5.2.3-informational?style=flat-square)
 
 Drupal 10 variant of the Web Experience Toolkit (WxT).
 
@@ -237,12 +237,13 @@ helm install --name drupal -f values-<override>.yaml
 |-----|------|---------|-------------|
 | postgresql.auth.database | string | `"wxt"` |  |
 | postgresql.auth.enablePostgresUser | bool | `true` |  |
-| postgresql.auth.password | string | `""` |  |
-| postgresql.auth.postgresPassword | string | `""` |  |
+| postgresql.auth.password | string | `"example"` |  |
+| postgresql.auth.postgresPassword | string | `"example"` |  |
 | postgresql.auth.username | string | `"wxt"` |  |
 | postgresql.enabled | bool | `false` |  |
 | postgresql.image.tag | string | `"14.3.0-debian-11-r3"` |  |
-| postgresql.primary.configuration | string | `"listen_addresses='*'\nmax_connections=200\nshared_buffers='512MB'\nwork_mem='2048MB'\neffective_cache_size='512MB'\nmaintenance_work_mem='32MB'\nmin_wal_size='512MB'\nmax_wal_size='512MB'\nwal_buffer='8048kB'\nbytea_output='escape'"` |  |
+| postgresql.primary.configuration | string | `""` |  |
+| postgresql.primary.extendedConfiguration | string | `"listen_addresses='*'\nmax_connections=200\nshared_buffers='512MB'\nwork_mem='2048MB'\neffective_cache_size='512MB'\nmaintenance_work_mem='32MB'\nmin_wal_size='512MB'\nmax_wal_size='512MB'\nbytea_output='escape'"` |  |
 | postgresql.primary.persistence.enabled | bool | `true` |  |
 | postgresql.primary.persistence.size | string | `"128Gi"` |  |
 | postgresql.volumePermissions.enabled | bool | `true` |  |
@@ -329,7 +330,7 @@ helm install --name drupal -f values-<override>.yaml
 | varnish.enabled | bool | `false` |  |
 | varnish.nodeSelector | object | `{}` |  |
 | varnish.resources | object | `{}` |  |
-| varnish.service.port | int | `80` |  |
+| varnish.service.port | int | `8080` |  |
 | varnish.service.type | string | `"ClusterIP"` |  |
 | varnish.tolerations | list | `[]` |  |
 | varnish.varnishConfigContent | string | `"vcl 4.0;\n\nimport std;\nimport directors;\n\nbackend nginx {\n  .host = \"{{ include \"backend.fullname\" . }}-nginx\";\n  .host_header = \"{{ include \"backend.fullname\" . }}-nginx\";\n  .port = \"8080\";\n}\n\nsub vcl_init {\n  new backends = directors.round_robin();\n  backends.add_backend(nginx);\n}\n\nsub vcl_recv {\n  set req.http.X-Forwarded-Host = req.http.Host;\n  if (!req.http.X-Forwarded-Proto) {\n    set req.http.X-Forwarded-Proto = \"http\";\n  }\n\n  # Answer healthcheck\n  if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n    return (synth(700, \"HEALTHCHECK\"));\n  }\n\n  # Answer splashpage\n  # if (req.url == \"/\") {\n  #   return (synth(701, \"SPLASH\"));\n  # }\n\n  set req.backend_hint = backends.backend();\n\n  # Always cache certain file types\n  # Remove cookies that Drupal doesn't care about\n  if (req.url ~ \"(?i)\\.(asc|dat|tgz|png|gif|jpeg|jpg|ico|swf|css|js)(\\?.*)?$\") {\n    unset req.http.Cookie;\n  } else if (req.http.Cookie) {\n    set req.http.Cookie = \";\" + req.http.Cookie;\n    set req.http.Cookie = regsuball(req.http.Cookie, \"; +\", \";\");\n    set req.http.Cookie = regsuball(req.http.Cookie, \";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=\", \"; \\1=\");\n    set req.http.Cookie = regsuball(req.http.Cookie, \";[^ ][^;]*\", \"\");\n    set req.http.Cookie = regsuball(req.http.Cookie, \"^[; ]+|[; ]+$\", \"\");\n    if (req.http.Cookie == \"\") {\n        unset req.http.Cookie;\n    } else {\n        return (pass);\n    }\n  }\n  # If POST, PUT or DELETE, then don't cache\n  if (req.method == \"POST\" || req.method == \"PUT\" || req.method == \"DELETE\") {\n    return (pass);\n  }\n  # Happens before we check if we have this in cache already.\n  #\n  # Typically you clean up the request here, removing cookies you don't need,\n  # rewriting the request, etc.\n  return (hash);\n  #return (pass);\n}\n\nsub vcl_backend_fetch {\n  # NEW\n  set bereq.http.Host = \"{{ include \"backend.fullname\" . }}-nginx\";\n\n  # Don't add 127.0.0.1 to X-Forwarded-For\n  set bereq.http.X-Forwarded-For = regsub(bereq.http.X-Forwarded-For, \"(, )?127\\.0\\.0\\.\\d$\", \"\");\n}\n\nsub vcl_backend_response {\n  if (beresp.http.Location && beresp.http.Location !~ \"^https://api.twitter.com/\") {\n    set beresp.http.Location = regsub(\n      beresp.http.Location,\n      \"^https?://[^/]+/\",\n      bereq.http.X-Forwarded-Proto + \"://\" + bereq.http.X-Forwarded-Host + \"/\"\n    );\n  }\n  # Only cache select response codes\n  if (beresp.status == 200 || beresp.status == 203 || beresp.status == 204 || beresp.status == 206 || beresp.status == 300 || beresp.status == 301 || beresp.status == 404 || beresp.status == 405 || beresp.status == 410 || beresp.status == 414 || beresp.status == 501) {\n    # Cache for 5 minutes\n    set beresp.ttl = 5m;\n    set beresp.grace = 12h;\n    set beresp.keep = 24h;\n  } else {\n    set beresp.ttl = 0s;\n  }\n}\n\nsub vcl_deliver {\n  # Remove identifying information\n  unset resp.http.Server;\n  unset resp.http.X-Powered-By;\n  unset resp.http.X-Varnish;\n  unset resp.http.Via;\n\n  # Comment these for easier Drupal cache tag debugging in development.\n  unset resp.http.Cache-Tags;\n  unset resp.http.X-Drupal-Cache-Contexts;\n\n  # Add Content-Security-Policy\n  # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca  *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net data:; font-src 'self' *.example.ca https://fonts.gstatic.com\";\n\n  # Add CORS Headers\n  # if (req.http.Origin ~ \"(?i)\\.example\\.ca$\") {\n  #   if (req.url ~ \"\\.(ttd|woff|woff2)(\\?.*)?$\") {\n  #     set resp.http.Access-Control-Allow-Origin = \"*\";\n  #     set resp.http.Access-Control-Allow-Methods = \"GET\";\n  #   }\n  # }\n\n  # Add X-Frame-Options\n  # if (req.url ~ \"^/(en/|fr/)?media/\") {\n  #   set resp.http.X-Frame-Options = \"SAMEORIGIN\";\n  # } else {\n  #   set resp.http.X-Frame-Options = \"DENY\";\n  # }\n\n  set resp.http.X-Content-Type-Options = \"nosniff\";\n  set resp.http.X-XSS-Protection = \"1; mode=block\";\n  set resp.http.Strict-Transport-Security = \"max-age=2629800\";\n\n  if (req.http.host ~ \"site.example.ca\") {\n    set resp.http.X-Robots-Tag = \"noindex, nofollow\";\n  }\n\n  if (req.url ~ \"^/(en/|fr/)?(search/|recherche/)site/\") {\n    set resp.http.X-Robots-Tag = \"noindex, nofollow\";\n  }\n\n  # Happens when we have all the pieces we need, and are about to send the\n  # response to the client.\n  #\n  # You can do accounting or modifying the final object here.\n  if (obj.hits > 0) {\n    set resp.http.X-Cache = \"HIT\";\n  } else {\n    set resp.http.X-Cache = \"MISS\";\n  }\n  # Handle errors\n  if ( (resp.status >= 500 && resp.status <= 599)\n    || resp.status == 400\n    || resp.status == 401\n    || resp.status == 403\n    || resp.status == 404) {\n    return (synth(resp.status));\n  }\n}\n\nsub vcl_synth {\n  # Remove identifying information\n  unset resp.http.Server;\n  unset resp.http.X-Powered-By;\n  unset resp.http.X-Varnish;\n  unset resp.http.Via;\n\n  # Add Content-Security-Policy\n  # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca data:;\";\n  # set resp.http.X-Content-Type-Options = \"nosniff\";\n  # set resp.http.X-Frame-Options = \"DENY\";\n  # set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n  set resp.http.Strict-Transport-Security = \"max-age=2629800\";\n\n  # if (resp.status >= 500 && resp.status <= 599) {\n  #   set resp.http.Content-Type = \"text/html; charset=utf-8\";\n  #   synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n  #   return (deliver);\n  # } elseif (resp.status == 400) { # 400 - Bad Request\n  #   set resp.http.Content-Type = \"text/html; charset=utf-8\";\n  #   synthetic(std.fileread(\"/data/configuration/varnish/errors/400.html\"));\n  #   return (deliver);\n  # } elseif (resp.status == 401) { # 401 - Unauthorized\n  #   set resp.http.Content-Type = \"text/html; charset=utf-8\";\n  #   synthetic(std.fileread(\"/data/configuration/varnish/errors/401.html\"));\n  #   return (deliver);\n  # } elseif (resp.status == 403) { # 403 - Forbidden\n  #   set resp.http.Content-Type = \"text/html; charset=utf-8\";\n  #   synthetic(std.fileread(\"/data/configuration/varnish/errors/403.html\"));\n  #   return (deliver);\n  # } elseif (resp.status == 404) { # 404 - Not Found\n  #   set resp.http.Content-Type = \"text/html; charset=utf-8\";\n  #   synthetic(std.fileread(\"/data/configuration/varnish/errors/404.html\"));\n  #   return (deliver);\n  # } else\n  if (resp.status == 700) { # Respond to healthcheck\n    set resp.status = 200;\n    set resp.http.Content-Type = \"text/plain\";\n    synthetic ( {\"OK\"} );\n    return (deliver);\n  }\n  # elseif (resp.status == 701) { # Respond to splash\n  #   set resp.status = 200;\n  #   set resp.http.Content-Type = \"text/html\";\n  #   synthetic(std.fileread(\"/splash/index.html\"));\n  #   return (deliver);\n  # }\n}\n\n##\n# ERROR HANDLING\n##\n# sub vcl_backend_error {\n#   set beresp.http.Content-Type = \"text/html; charset=utf-8\";\n#   synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n#   return (deliver);\n# }\n"` |  |

diff --git a/charts/drupal/values.yaml b/charts/drupal/values.yaml
@@ -768,16 +768,17 @@ postgresql:
     tag: 14.3.0-debian-11-r3
   auth:
     enablePostgresUser: true
-    postgresPassword: ""
+    postgresPassword: "example"
     username: "wxt"
-    password: ""
+    password: "example"
     database: "wxt"
   primary:
     persistence:
       enabled: true
       # storageClass: managed-premium
       size: 128Gi
-    configuration: |-
+    configuration: ""
+    extendedConfiguration: |-
       listen_addresses='*'
       max_connections=200
       shared_buffers='512MB'
@@ -786,7 +787,6 @@ postgresql:
       maintenance_work_mem='32MB'
       min_wal_size='512MB'
       max_wal_size='512MB'
-      wal_buffer='8048kB'
       bytea_output='escape'
   volumePermissions:
     enabled: true
@@ -863,7 +863,7 @@ varnish:
     imagePullPolicy: IfNotPresent
   service:
     type: ClusterIP
-    port: 80
+    port: 8080
   resources: {}
   #  requests:
   #    memory: "512Mi"