.

2026-05-18 16:33:30 +08:00 · 2022-09-27 16:17:11 +02:00
parent a2e52fa64e
commit 249e0170f3
2 changed files with 128 additions and 56 deletions
--- a/v2-varnish/Drupal/Drupal
+++ b/v2-varnish/Drupal/Drupal
@@ -1,32 +1,10 @@
-#{"rootDirectory":"web","phpVersion":"8.0"}
+#{"rootDirectory":"web","phpVersion":"8.0","varnishCacheSettings":{"cacheLifetime":"604800","controller":"generic","excludes":["^\/admin\/"],"excludedParams":["__SID","noCache"]}}
 server {
-  listen 80;
-  listen [::]:80;
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-  {{ssl_certificate_key}}
-  {{ssl_certificate}}
+  listen 8080;
+  listen [::]:8080;
  {{server_name}}
  {{root}}

-  {{nginx_access_log}}
-  {{nginx_error_log}}
-
-  if ($scheme != "https") {
-    rewrite ^ https://$host$uri permanent;
-  }
-
-  location ~ /.well-known {
-    auth_basic off;
-    allow all;
-  }
-
-  location ~ (^|/)\. {
-    return 403;
-  }
-
-  {{settings}}
-
  location ~ ^/sites/.*/files/styles/ {
    try_files $uri @rewrite;
  }
@@ -71,12 +49,71 @@ server {
    try_files $uri =404;
    fastcgi_read_timeout 3600;
    fastcgi_send_timeout 3600;
-    fastcgi_param HTTPS $fastcgi_https;
+    fastcgi_param HTTPS "on";
    fastcgi_pass 127.0.0.1:{{php_fpm_port}};
    fastcgi_param PHP_VALUE "{{php_settings}}";
  }

-  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|ico|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
+  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
+    add_header Access-Control-Allow-Origin "*";
+    expires max;
+    access_log off;
+  }
+
+  if (-f $request_filename) {
+    break;
+  }
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  {{ssl_certificate_key}}
+  {{ssl_certificate}}
+  {{server_name}}
+  {{root}}
+
+  {{nginx_access_log}}
+  {{nginx_error_log}}
+
+  if ($scheme != "https") {
+    rewrite ^ https://$host$uri permanent;
+  }
+
+  location ~ /.well-known {
+    auth_basic off;
+    allow all;
+  }
+
+  rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
+
+  location ~ (^|/)\. {
+    return 403;
+  }
+
+  {{settings}}
+
+  location / {
+    {{varnish_proxy_pass}}
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_hide_header X-Varnish;
+    proxy_redirect off;
+    proxy_max_temp_file_size 0;
+    proxy_connect_timeout      720;
+    proxy_send_timeout         720;
+    proxy_read_timeout         720;
+    proxy_buffer_size          128k;
+    proxy_buffers              4 256k;
+    proxy_busy_buffers_size    256k;
+    proxy_temp_file_write_size 256k;
+  }
+
+  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
    add_header Access-Control-Allow-Origin "*";
    expires max;
    access_log off;