From c27406ed29ee5db9e28a7608f663785e187b159f Mon Sep 17 00:00:00 2001
From: Stefan Wieczorek <stefan.wieczorek@mgt-commerce.com>
Date: Wed, 28 Sep 2022 11:39:02 +0200
Subject: [PATCH] .

---
 v2-varnish/Drupal/Drupal 8 | 107 +++++++++---------------------------
 v2-varnish/Drupal/Drupal 9 | 109 ++++++++++---------------------------
 2 files changed, 56 insertions(+), 160 deletions(-)

diff --git a/v2-varnish/Drupal/Drupal 8 b/v2-varnish/Drupal/Drupal 8
index 0691846..e7fc8a7 100755
--- a/v2-varnish/Drupal/Drupal 8	
+++ b/v2-varnish/Drupal/Drupal 8	
@@ -1,10 +1,32 @@
-#{"rootDirectory":"web","phpVersion":"8.0","varnishCacheSettings":{"cacheLifetime":"604800","controller":"drupal","excludes":["^\/admin\/","^\/user\/"],"excludedParams":["__SID","noCache"]}}
+#{"rootDirectory":"web","phpVersion":"8.0"}
 server {
-  listen 8080;
-  listen [::]:8080;
+  listen 80;
+  listen [::]:80;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  {{ssl_certificate_key}}
+  {{ssl_certificate}}
   {{server_name}}
   {{root}}
 
+  {{nginx_access_log}}
+  {{nginx_error_log}}
+
+  if ($scheme != "https") {
+    rewrite ^ https://$host$uri permanent;
+  }
+
+  location ~ /.well-known {
+    auth_basic off;
+    allow all;
+  }
+
+  location ~ (^|/)\. {
+    return 403;
+  }
+
+  {{settings}}
+
   location ~ ^/sites/.*/files/styles/ {
     try_files $uri @rewrite;
   }
@@ -49,87 +71,12 @@ server {
     try_files $uri =404;
     fastcgi_read_timeout 3600;
     fastcgi_send_timeout 3600;
-    fastcgi_param HTTPS "on";
+    fastcgi_param HTTPS $fastcgi_https;
     fastcgi_pass 127.0.0.1:{{php_fpm_port}};
     fastcgi_param PHP_VALUE "{{php_settings}}";
   }
 
-  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
-    add_header Access-Control-Allow-Origin "*";
-    expires max;
-    access_log off;
-  }
-
-  if (-f $request_filename) {
-    break;
-  }
-}
-
-server {
-  listen 80;
-  listen [::]:80;
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-  {{ssl_certificate_key}}
-  {{ssl_certificate}}
-  {{server_name}}
-  {{root}}
-
-  {{nginx_access_log}}
-  {{nginx_error_log}}
-
-  if ($scheme != "https") {
-    rewrite ^ https://$host$uri permanent;
-  }
-
-  location ~ /.well-known {
-    auth_basic off;
-    allow all;
-  }
-
-  rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
-
-  location ~ (^|/)\. {
-    return 403;
-  }
-
-  {{settings}}
-
-  location ~/(admin/|user/|status.php|update.php|cron.php) {
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:8080;
-    proxy_max_temp_file_size 0;
-    proxy_connect_timeout      7200;
-    proxy_send_timeout         7200;
-    proxy_read_timeout         7200;
-    proxy_buffer_size          128k;
-    proxy_buffers              4 256k;
-    proxy_busy_buffers_size    256k;
-    proxy_temp_file_write_size 256k;
-  }
-
-  location / {
-    {{varnish_proxy_pass}}
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_hide_header X-Varnish;
-    proxy_redirect off;
-    proxy_max_temp_file_size 0;
-    proxy_connect_timeout      720;
-    proxy_send_timeout         720;
-    proxy_read_timeout         720;
-    proxy_buffer_size          128k;
-    proxy_buffers              4 256k;
-    proxy_busy_buffers_size    256k;
-    proxy_temp_file_write_size 256k;
-  }
-
-  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
+  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|ico|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
     add_header Access-Control-Allow-Origin "*";
     expires max;
     access_log off;
diff --git a/v2-varnish/Drupal/Drupal 9 b/v2-varnish/Drupal/Drupal 9
index ee1d917..add8c84 100755
--- a/v2-varnish/Drupal/Drupal 9	
+++ b/v2-varnish/Drupal/Drupal 9	
@@ -1,10 +1,34 @@
-#{"rootDirectory":"web","phpVersion":"8.1","varnishCacheSettings":{"cacheLifetime":"604800","controller":"drupal","excludes":["^\/admin\/","^\/user\/"],"excludedParams":["__SID","noCache"]}}
+#{"rootDirectory":"web","phpVersion":"8.1"}
 server {
-  listen 8080;
-  listen [::]:8080;
+  listen 80;
+  listen [::]:80;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  {{ssl_certificate_key}}
+  {{ssl_certificate}}
   {{server_name}}
   {{root}}
 
+  {{nginx_access_log}}
+  {{nginx_error_log}}
+
+  if ($scheme != "https") {
+    rewrite ^ https://$host$uri permanent;
+  }
+
+  location ~ /.well-known {
+    auth_basic off;
+    allow all;
+  }
+  
+  rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
+
+  location ~ (^|/)\. {
+    return 403;
+  }
+
+  {{settings}}
+
   location ~ ^/sites/.*/files/styles/ {
     try_files $uri @rewrite;
   }
@@ -49,87 +73,12 @@ server {
     try_files $uri =404;
     fastcgi_read_timeout 3600;
     fastcgi_send_timeout 3600;
-    fastcgi_param HTTPS "on";
+    fastcgi_param HTTPS $fastcgi_https;
     fastcgi_pass 127.0.0.1:{{php_fpm_port}};
     fastcgi_param PHP_VALUE "{{php_settings}}";
   }
 
-  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
-    add_header Access-Control-Allow-Origin "*";
-    expires max;
-    access_log off;
-  }
-
-  if (-f $request_filename) {
-    break;
-  }
-}
-
-server {
-  listen 80;
-  listen [::]:80;
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-  {{ssl_certificate_key}}
-  {{ssl_certificate}}
-  {{server_name}}
-  {{root}}
-
-  {{nginx_access_log}}
-  {{nginx_error_log}}
-
-  if ($scheme != "https") {
-    rewrite ^ https://$host$uri permanent;
-  }
-
-  location ~ /.well-known {
-    auth_basic off;
-    allow all;
-  }
-
-  rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
-
-  location ~ (^|/)\. {
-    return 403;
-  }
-
-  {{settings}}
-
-  location ~/(admin/|user/|status.php|update.php|cron.php) {
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:8080;
-    proxy_max_temp_file_size 0;
-    proxy_connect_timeout      7200;
-    proxy_send_timeout         7200;
-    proxy_read_timeout         7200;
-    proxy_buffer_size          128k;
-    proxy_buffers              4 256k;
-    proxy_busy_buffers_size    256k;
-    proxy_temp_file_write_size 256k;
-  }
-
-  location / {
-    {{varnish_proxy_pass}}
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_hide_header X-Varnish;
-    proxy_redirect off;
-    proxy_max_temp_file_size 0;
-    proxy_connect_timeout      720;
-    proxy_send_timeout         720;
-    proxy_read_timeout         720;
-    proxy_buffer_size          128k;
-    proxy_buffers              4 256k;
-    proxy_busy_buffers_size    256k;
-    proxy_temp_file_write_size 256k;
-  }
-
-  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
+  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|ico|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf)$ {
     add_header Access-Control-Allow-Origin "*";
     expires max;
     access_log off;