Skip to content

Drupal Vhost updates + Varnish, and Sendy Vhost. #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
StirStudios wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Drupal Vhost updates + Varnish, and Sendy Vhost. #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
eea1337
Drupal Vhost updates + Varnish, and Sendy Vhost.
StirStudios Jan 21, 2024
9409e6b
Tabs to spaces
StirStudios Jan 21, 2024
d329a7a
Update Drupal 10
StirStudios Apr 25, 2024
214f3b5
Update Drupal 9
StirStudios Apr 25, 2024
9f8ae5a
Update Drupal 9
StirStudios Apr 25, 2024
8580f6b
Merge branch 'cloudpanel-io:master' into master
StirStudios Jul 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 87 additions & 17 deletions v2-varnish/Drupal/Drupal 10
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,38 +20,69 @@ server {
auth_basic off;
allow all;
}

rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ \..*/.*\.php$ {
return 403;
}

location ~ ^/sites/.*/private/ {
return 403;
}

# Block access to scripts in site files directory.
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}

# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}

{{settings}}

location ~ ^/sites/.*/files/styles/ {
location ~ ^/sites/.*/files/(css|js|styles)/ {
try_files $uri @rewrite;
}

location / {
try_files $uri /index.php?$query_string;
}

location @rewrite {
rewrite ^ /index.php;
}

location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
# Handle private files through Drupal.
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}

# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}

# Enforce clean URLs
if ($request_uri ~* "^(.*/)index\.php/(.*)") {
return 307 $1$2;
}

index index.php index.html;

location ~ ^/update.php {
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
Expand All @@ -65,26 +96,65 @@ server {
fastcgi_param PHP_VALUE "{{php_settings}}";
}

location ~ \.php$ {
location / {
{{varnish_proxy_pass}}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Varnish;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_connect_timeout 720;
proxy_send_timeout 720;
proxy_read_timeout 720;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}

# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}

location ~* \.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
add_header Access-Control-Allow-Origin "*";
try_files $uri @rewrite;
expires max;
access_log off;
}

if (-f $request_filename) {
break;
}
}

server {
listen 8080;
listen [::]:8080;
{{server_name}}
{{root}}

try_files $uri $uri/ /index.php?$args;
index index.php index.html;

location ~ \.php$|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}

location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|ico|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
add_header Access-Control-Allow-Origin "*";
try_files $uri @rewrite;
expires max;
access_log off;
}

if (-f $request_filename) {
break;
}
Expand Down
107 changes: 89 additions & 18 deletions v2-varnish/Drupal/Drupal 9
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,38 +20,69 @@ server {
auth_basic off;
allow all;
}

rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ \..*/.*\.php$ {
return 403;
}

location ~ ^/sites/.*/private/ {
return 403;
}

# Block access to scripts in site files directory.
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}

# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}

{{settings}}

location ~ ^/sites/.*/files/styles/ {
location ~ ^/sites/.*/files/(css|js|styles)/ {
try_files $uri @rewrite;
}

location / {
try_files $uri /index.php?$query_string;
}

location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
rewrite ^ /index.php;
}

location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
# Handle private files through Drupal.
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}

# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}

# Enforce clean URLs
if ($request_uri ~* "^(.*/)index\.php/(.*)") {
return 307 $1$2;
}

index index.php index.html;

location ~ ^/update.php {
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
Expand All @@ -65,26 +96,66 @@ server {
fastcgi_param PHP_VALUE "{{php_settings}}";
}

location ~ \.php$ {
location / {
{{varnish_proxy_pass}}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Varnish;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_connect_timeout 720;
proxy_send_timeout 720;
proxy_read_timeout 720;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}

# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}

location ~* \.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
add_header Access-Control-Allow-Origin "*";
try_files $uri @rewrite;
expires max;
access_log off;
}

if (-f $request_filename) {
break;
}
}

server {
listen 8080;
listen [::]:8080;
{{server_name}}
{{root}}

try_files $uri $uri/ /index.php?$args;
index index.php index.html;

location ~ \.php$|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_pass 127.0.0.1:{{php_fpm_port}};
fastcgi_param PHP_VALUE "{{php_settings}}";
}

location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|ico|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
add_header Access-Control-Allow-Origin "*";
expires max;
access_log off;
}

if (-f $request_filename) {
break;
}
}
}
Loading