prod docker compose fixes.
This commit is contained in:
@@ -32,18 +32,14 @@ server {
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/www.rstat.net;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_pass http://varnish:80;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
#location / {
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $http_host;
|
||||
|
||||
# proxy_pass http://varnish:80;
|
||||
# proxy_redirect off;
|
||||
#}
|
||||
}
|
||||
|
||||
# intermediate configuration
|
||||
|
||||
@@ -8,8 +8,8 @@ import dynamic;
|
||||
import std;
|
||||
|
||||
backend default {
|
||||
.host = "ghost";
|
||||
.port = "2368";
|
||||
.host = "rstat-dashboard";
|
||||
.port = "5000";
|
||||
}
|
||||
|
||||
acl purge {
|
||||
@@ -23,7 +23,7 @@ sub vcl_recv {
|
||||
if (!client.ip ~ purge) {
|
||||
return(synth(403, "Not allowed."));
|
||||
}
|
||||
ban("req.http.host == its.pkhamre.com");
|
||||
ban("req.http.host == rstat.net");
|
||||
return(synth(200, "Cache cleared"));
|
||||
}
|
||||
|
||||
@@ -33,16 +33,6 @@ sub vcl_recv {
|
||||
return(hash);
|
||||
}
|
||||
|
||||
# Don't cache if these cookies are present
|
||||
if (req.http.Cookie ~ "ghost-members-ssr" || req.http.Cookie ~ "ghost-admin-api-session") {
|
||||
return(pass);
|
||||
}
|
||||
|
||||
# Don't cache these paths
|
||||
if (req.url ~ "^/(ghost|members|p)/") {
|
||||
return(pass);
|
||||
}
|
||||
|
||||
# Remove all cookies for other requests
|
||||
unset req.http.Cookie;
|
||||
return(hash);
|
||||
@@ -50,7 +40,7 @@ sub vcl_recv {
|
||||
|
||||
sub vcl_backend_response {
|
||||
# Cache static files and other content in Varnish for 1 year
|
||||
set beresp.ttl = 1y;
|
||||
set beresp.ttl = 1m;
|
||||
# Enable stale content serving
|
||||
set beresp.grace = 24h;
|
||||
# Preserve the origin's Cache-Control header for client-side caching
|
||||
|
||||
39
config/varnish/hit-miss.vcl
Normal file
39
config/varnish/hit-miss.vcl
Normal file
@@ -0,0 +1,39 @@
|
||||
sub vcl_recv {
|
||||
unset req.http.x-cache;
|
||||
}
|
||||
|
||||
sub vcl_hit {
|
||||
set req.http.x-cache = "hit";
|
||||
if (obj.ttl <= 0s && obj.grace > 0s) {
|
||||
set req.http.x-cache = "hit graced";
|
||||
}
|
||||
}
|
||||
|
||||
sub vcl_miss {
|
||||
set req.http.x-cache = "miss";
|
||||
}
|
||||
|
||||
sub vcl_pass {
|
||||
set req.http.x-cache = "pass";
|
||||
}
|
||||
|
||||
sub vcl_pipe {
|
||||
set req.http.x-cache = "pipe uncacheable";
|
||||
}
|
||||
|
||||
sub vcl_synth {
|
||||
set req.http.x-cache = "synth synth";
|
||||
# comment the following line to omit the x-cache header in the response
|
||||
set resp.http.x-cache = req.http.x-cache;
|
||||
}
|
||||
|
||||
sub vcl_deliver {
|
||||
if (obj.uncacheable) {
|
||||
set req.http.x-cache = req.http.x-cache + " uncacheable" ;
|
||||
} else {
|
||||
set req.http.x-cache = req.http.x-cache + " cached" ;
|
||||
}
|
||||
|
||||
# comment the following line to omit the x-cache header in the response
|
||||
set resp.http.x-cache = req.http.x-cache;
|
||||
}
|
||||
@@ -7,36 +7,7 @@ services:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
restart: always
|
||||
environment:
|
||||
- FLASK_ENV=production
|
||||
- FLASK_APP=rstat_tool.app:create_app
|
||||
- RSTAT_CONFIG_FILE=/app/config/config.py
|
||||
volumes:
|
||||
- ./reddit_stocks:/usr/share/app/reddit_stocks.db:ro
|
||||
ports:
|
||||
- "5000:5000"
|
||||
|
||||
nginx:
|
||||
image: nginx:1.29.0
|
||||
restart: always
|
||||
volumes:
|
||||
- ./config/nginx:/etc/nginx/conf.d:ro
|
||||
- ./config/certbot:/etc/nginx/ssl:ro
|
||||
- ./public:/usr/share/nginx:ro
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
|
||||
varnish:
|
||||
image: varnish:7.7.1
|
||||
restart: always
|
||||
volumes:
|
||||
- ./config/varnish/default.vcl:/etc/varnish/default.vcl:ro"
|
||||
tmpfs:
|
||||
- /var/lib/varnish/varnishd:exec
|
||||
|
||||
certbot:
|
||||
image: certbot/certbot:v4.1.1
|
||||
volumes:
|
||||
- ./config/certbot:/etc/letsencrypt:rw
|
||||
- ./public/certbot:/usr/share/nginx/certbot:rw
|
||||
|
||||
@@ -13,6 +13,15 @@ services:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
|
||||
varnish:
|
||||
image: varnish:7.7.1
|
||||
restart: always
|
||||
volumes:
|
||||
- ./config/varnish/default.vcl:/etc/varnish/default.vcl:ro"
|
||||
- ./config/varnish/hit-miss.vcl:/etc/varnish/hit-miss.vcl:ro"
|
||||
tmpfs:
|
||||
- /var/lib/varnish/varnishd:exec
|
||||
|
||||
certbot:
|
||||
image: certbot/certbot:v4.1.1
|
||||
volumes:
|
||||
|
||||
Reference in New Issue
Block a user