ExternalVendorCode/devilbox
1
0
Fork 0
mirror of https://github.com/cytopia/devilbox.git synced 2025-04-13 22:03:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #512 from cytopia/varnish-ssl-offloading

Browse Source 
Varnish SSL offloading with HAProxy
This commit is contained in:
cytopia 2019-02-28 13:51:18 +01:00 committed by GitHub
commit b92d9900ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 195 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.devilbox/www/config.php
View File

@ -14,7 +14,7 @@ putenv('RES_OPTIONS=retrans:1 retry:1 timeout:1 attempts:1');
$DEVILBOX_VERSION = 'v0.15';
$DEVILBOX_DATE = '2019-02-23';
$DEVILBOX_DATE = '2019-02-27';
$DEVILBOX_API_PAGE = 'devilbox-api/status.json';
//

12
.devilbox/www/htdocs/vhosts.php
View File

@ -110,6 +110,14 @@
*/
function checkDns(vhost) {
var xhttp = new XMLHttpRequest();
var proto;
var port;
var name = vhost + '.<?php echo loadClass('Httpd')->getTldSuffix();?>'
var url = window.location.href.split("/");
var tmp = url[2].split(":");
proto = url[0];
port = tmp.length == 2 ? ':' + tmp[1] : '';
// Timeout after XXX seconds and mark it invalid DNS
xhttp.timeout = <?php echo loadClass('Helper')->getEnv('DNS_CHECK_TIMEOUT');?>000;
@ -125,12 +133,12 @@
if (el_valid.innerHTML != 'WARN') {
el_valid.innerHTML = 'OK';
}
el_href.innerHTML = '<a target="_blank" href="//'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?>">'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?></a>' + el_href.innerHTML;
el_href.innerHTML = '<a target="_blank" href="'+proto+'//'+name+port+'">'+name+port+'</a>' + el_href.innerHTML;
} else {
//console.log(vhost);
}
}
xhttp.open('POST', '//'+vhost+'.<?php echo loadClass('Httpd')->getTldSuffix().loadClass('Httpd')->getPort();?>/devilbox-api/status.json', true);
xhttp.open('POST', proto+'//'+name+port+'/devilbox-api/status.json', true);
xhttp.send();
// Timeout to abort in 1 second

1
CHANGELOG.md
View File

@ -42,6 +42,7 @@ major versions.
- RabbitMQ
- Solr
- Varnish
- HAProxy
- New binaries
- `blackfire`
- `dep` (Deployer)

46
README.md
View File

@ -5,7 +5,7 @@
![Devilbox](docs/img/banner.png)
**[Usage](#usage)** |
**[Available Container](#available-container)** |
**[Architecture](#architecture)** |
**[Community](#community)** |
**[Features](#feature-overview)** |
**[Intranet](#intranet-overview)** |
@ -56,16 +56,39 @@ Before updating the Devilbox ensure to always check for breaking changes until t
2. [Changelog](CHANGELOG.md)
3. [Updating](UPDATING.md)
## Available Container
## Architecture
The Devilbox ships the following pre-configured Docker container in any available version.
The Devilbox aims to be a swiss army knife for local development by providing you all the services
you would ever need. To get an idea about the architecture behind it and to also see what's available
have a look at the following diagrams and tables.
| Accel | Frontend | SQL | NoSQL | Queue & Search | ELK | Misc |
|---------|------------|------------|-----------|----------------|---------------|-----------|
| Varnish | Apache | MariaDB | Memcached | RabbitMQ | ElasticSearch | Bind |
| | Nginx | MySQL | MongoDB | Solr | Logstash | Blackfire |
| | PHP | PerconaDB | Redis | | Kibana | MailHog |
| | | PostgreSQL | | | | |
#### Smallest Stack
This is the smallest possible and fully functional stack you can run:
<img width="300" style="width:300px" title="Devilbox stack" src="https://raw.githubusercontent.com/devilbox/artwork/master/submissions_diagrams/cytopia/02/png/architecture-small.png" />
> [Devilbox artwork](https://github.com/devilbox/artwork)
#### Full Stack
To better understand what is actually possible have a look at the full example:
<img title="Devilbox stack" src="https://raw.githubusercontent.com/devilbox/artwork/master/submissions_diagrams/cytopia/01/png/architecture-full.png" />
> [Devilbox artwork](https://github.com/devilbox/artwork)
#### Available Container
The following table lists all integrated and pre-configured Docker container shipped by the Devilbox.
Only the webserver and PHP container are mandatory, all others are optional and don't need to be started.
Each of them is also available in multiple different versions in order to reflect your exact desired environment.
| Accel | Frontend | SQL | NoSQL | Queue | Search | ELK | Utils |
|---------|------------|------------|-----------|----------|--------|---------------|-----------|
| HAProxy | Apache | MariaDB | Memcached | RabbitMQ | Solr | ElasticSearch | Bind |
| Varnish | Nginx | MySQL | MongoDB | | | Logstash | Blackfire |
| | PHP | PerconaDB | Redis | | | Kibana | MailHog |
| | | PostgreSQL | | | | | |
> **Documentation:**
> [Available Container](https://devilbox.readthedocs.io/en/latest/readings/available-container.html)
@ -342,6 +365,7 @@ Additionally to the default stack, there are a variety of other services that ca
<th>MailHog</th>
<th>RabbitMQ</th>
<th>Solr</th>
<th>HAProxy</th>
<th>Varnish</th>
</tr>
</thead>
@ -352,6 +376,7 @@ Additionally to the default stack, there are a variety of other services that ca
<td><a target="_blank" title="MailHog v1.0.0" href="https://github.com/mailhog/MailHog">v1.0.0</a></td>
<td><a target="_blank" title="RabbitMQ 3.6" href="https://github.com/rabbitmq/rabbitmq-server">3.6</a></td>
<td><a target="_blank" title="Solr 5" href="https://github.com/apache/lucene-solr">5</a></td>
<td><a target="_blank" title="HAProxy 1.X" href="https://github.com/devilbox/docker-haproxy">1.X</a></td>
<td><a target="_blank" title="Varnish 4" href="https://github.com/devilbox/docker-varnish">4</a></td>
</tr>
<tr>
@ -360,6 +385,7 @@ Additionally to the default stack, there are a variety of other services that ca
<td><a target="_blank" title="MailHog latest" href="https://github.com/mailhog/MailHog">latest</a></td>
<td><a target="_blank" title="RabbitMQ 3.7" href="https://github.com/rabbitmq/rabbitmq-server">3.7</a></td>
<td><a target="_blank" title="Solr 6" href="https://github.com/apache/lucene-solr">6</a></td>
<td></td>
<td><a target="_blank" title="Varnish 5" href="https://github.com/devilbox/docker-varnish">5</a></td>
</tr>
<tr>
@ -368,6 +394,7 @@ Additionally to the default stack, there are a variety of other services that ca
<td></td>
<td><a target="_blank" title="RabbitMQ latest" href="https://github.com/rabbitmq/rabbitmq-server">latest</a></td>
<td><a target="_blank" title="Solr 7" href="https://github.com/apache/lucene-solr">7</a></td>
<td></td>
<td><a target="_blank" title="Varnish 6" href="https://github.com/devilbox/docker-varnish">6</a></td>
</tr>
<tr>
@ -376,6 +403,7 @@ Additionally to the default stack, there are a variety of other services that ca
<td></td>
<td></td>
<td><a target="_blank" title="Solr latest" href="https://github.com/apache/lucene-solr">latest</a></td>
<td></td>
<td><a target="_blank" title="Varnish latest" href="https://github.com/devilbox/docker-varnish">latest</a></td>
</tr>
</tbody>

27
compose/docker-compose.override.yml-all
View File

@ -90,7 +90,7 @@ services:
# Varnish
# -----------------------------------------------------------------------------------------------
varnish:
image: devilbox/varnish:${VARNISH_SERVER:-6}
image: devilbox/varnish:${VARNISH_SERVER:-6}-0.3
hostname: varnish
ports:
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_VARNISH:-6081}:6081"
@ -110,6 +110,31 @@ services:
- php
- httpd
haproxy:
image: devilbox/haproxy:0.2
hostname: haproxy
ports:
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_HAPROXY:-8080}:80"
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_HAPROXY_SSL:-8443}:443"
networks:
app_net:
ipv4_address: 172.16.238.231
environment:
- BACKEND_ADDR=varnish
- BACKEND_PORT=6081
- DEVILBOX_UI_SSL_CN
- TLD_SUFFIX
volumes:
# Certificate Authority public key
- ${DEVILBOX_PATH}/ca:/ca:rw${MOUNT_OPTIONS}
# Mount custom mass virtual hosting
- ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd:rw${MOUNT_OPTIONS}
depends_on:
- bind
- php
- httpd
- varnish
# -----------------------------------------------------------------------------------------------
# ELK Stack
# -----------------------------------------------------------------------------------------------

27
compose/docker-compose.override.yml-varnish
View File

@ -7,7 +7,7 @@ services:
# Varnish
# -----------------------------------------------------------------------------------------------
varnish:
image: devilbox/varnish:${VARNISH_SERVER:-6}
image: devilbox/varnish:${VARNISH_SERVER:-6}-0.3
hostname: varnish
ports:
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_VARNISH:-6081}:6081"
@ -26,3 +26,28 @@ services:
- bind
- php
- httpd
haproxy:
image: devilbox/haproxy:0.2
hostname: haproxy
ports:
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_HAPROXY:-8080}:80"
- "${LOCAL_LISTEN_ADDR}${HOST_PORT_HAPROXY_SSL:-8443}:443"
networks:
app_net:
ipv4_address: 172.16.238.231
environment:
- BACKEND_ADDR=varnish
- BACKEND_PORT=6081
- DEVILBOX_UI_SSL_CN
- TLD_SUFFIX
volumes:
# Certificate Authority public key
- ${DEVILBOX_PATH}/ca:/ca:rw${MOUNT_OPTIONS}
# Mount custom mass virtual hosting
- ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd:rw${MOUNT_OPTIONS}
depends_on:
- bind
- php
- httpd
- varnish

40
docs/_includes/snippets/additional-container.rst
View File

@ -1,19 +1,21 @@
+---------------------------+-----------+-----------+----------------+
| Container | Name | Hostname | IP Address |
+===========================+===========+===========+================+
| Blackfire | blackfire | blackfire | 172.16.238.200 |
+---------------------------+-----------+-----------+----------------+
| MailHog | mailhog | mailhog | 172.16.238.201 |
+---------------------------+-----------+-----------+----------------+
| RabbitMQ | rabbit | rabbit | 172.16.238.210 |
+---------------------------+-----------+-----------+----------------+
| Solr | solr | solr | 172.16.238.220 |
+---------------------------+-----------+-----------+----------------+
| Varnish | varnish | varnish | 172.16.238.230 |
+---------------------------+-----------+-----------+----------------+
| ELK: Elastic Search | elastic | elastic | 172.16.238.240 |
+---------------------------+-----------+-----------+----------------+
| ELK: Logstash | logstash | logstash | 172.16.238.241 |
+---------------------------+-----------+-----------+----------------+
| ELK: Kibana | kibana | kibana | 172.16.238.242 |
+---------------------------+-----------+-----------+----------------+
+-------------------------------------+-----------+-----------+----------------+
| Container | Name | Hostname | IP Address |
+=====================================+===========+===========+================+
| Blackfire | blackfire | blackfire | 172.16.238.200 |
+-------------------------------------+-----------+-----------+----------------+
| MailHog | mailhog | mailhog | 172.16.238.201 |
+-------------------------------------+-----------+-----------+----------------+
| RabbitMQ | rabbit | rabbit | 172.16.238.210 |
+-------------------------------------+-----------+-----------+----------------+
| Solr | solr | solr | 172.16.238.220 |
+-------------------------------------+-----------+-----------+----------------+
| Varnish | varnish | varnish | 172.16.238.230 |
+-------------------------------------+-----------+-----------+----------------+
| HAProxy (SSL offloader for Varnish) | haproxy | haproxy | 172.16.238.231 |
+-------------------------------------+-----------+-----------+----------------+
| ELK: Elastic Search | elastic | elastic | 172.16.238.240 |
+-------------------------------------+-----------+-----------+----------------+
| ELK: Logstash | logstash | logstash | 172.16.238.241 |
+-------------------------------------+-----------+-----------+----------------+
| ELK: Kibana | kibana | kibana | 172.16.238.242 |
+-------------------------------------+-----------+-----------+----------------+

79
docs/custom-container/enable-varnish.rst
View File

@ -8,6 +8,10 @@ Enable and configure Varnish
This section will guide you through getting Varnish integrated into the Devilbox.
As Varnish itself does not handle HTTPS, its Docker Compose override definition also defines an
optional HAProxy that can be started and run in front of Varnish to provide HTTPS support and take
care of the SSL offloading before requests hit Varnish.
.. seealso::
* |ext_lnk_varnish_github|
* |ext_lnk_varnish_dockerhub|
@ -29,8 +33,8 @@ Available overwrites
.. include:: /_includes/snippets/docker-compose-override-tree-view.rst
Varnish settings
----------------
Stack settings
--------------
In case of Varnish, the file is ``compose/docker-compose.override.yml-varnish``. This file
must be copied into the root of the Devilbox git directory.
@ -40,6 +44,13 @@ must be copied into the root of the Devilbox git directory.
+=======================+======================================================================================================+
| Example compose file | ``compose/docker-compose.override.yml-all`` or |br| ``compose/docker-compose.override.yml-varnish`` |
+-----------------------+------------------------------------------------------------------------------------------------------+
Varnish
^^^^^^^
+-----------------------+------------------------------------------------------------------------------------------------------+
| What | How and where |
+=======================+======================================================================================================+
| Container IP address | ``172.16.238.230`` |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Container host name | ``varnish`` |
@ -55,11 +66,35 @@ must be copied into the root of the Devilbox git directory.
| Further configuration | none |
+-----------------------+------------------------------------------------------------------------------------------------------+
Varnish env variables
---------------------
HAProxy
^^^^^^^
+-----------------------+------------------------------------------------------------------------------------------------------+
| What | How and where |
+=======================+======================================================================================================+
| Container IP address | ``172.16.238.231`` |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Container host name | ``haproxy`` |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Container name | ``haproxy`` |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Mount points | none |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Exposed port | ``8080`` for HTTP and ``8443`` for HTTPS (can be changed via ``.env``) |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Available at | ``http://localhost:8080``, ``http://localhost:8443`` (or via ``http:<project>.<TLD>:8080|8443``) |
+-----------------------+------------------------------------------------------------------------------------------------------+
| Further configuration | none |
+-----------------------+------------------------------------------------------------------------------------------------------+
Stack env variables
-------------------
Additionally the following ``.env`` variables can be created for easy configuration:
Varnish
^^^^^^^
+------------------------------+-----------------------------------------------+--------------------------------------------------------------------+
| Variable | Default value | Description |
+==============================+===============================================+====================================================================+
@ -74,6 +109,16 @@ Additionally the following ``.env`` variables can be created for easy configurat
| ``VARNISH_PARAMS`` | ``-p default_ttl=3600 -p default_grace=3600`` | Additional Varnish startup parameter. |
+------------------------------+-----------------------------------------------+--------------------------------------------------------------------+
HAProxy
^^^^^^^
+------------------------------+-----------------------------------------------+-------------------------------------------------------------------------------+
| Variable | Default value | Description |
+==============================+===============================================+===============================================================================+
| ``HOST_PORT_HAPROXY`` | ``8080`` | Controls the host port on which HTTP requests will be available for HAProxy. |
+------------------------------+-----------------------------------------------+-------------------------------------------------------------------------------+
| ``HOST_PORT_HAPROXY_SSL`` | ``8443`` | Controls the host port on which HTTPS requests will be available for HAProxy. |
+------------------------------+-----------------------------------------------+-------------------------------------------------------------------------------+
Instructions
============
@ -97,8 +142,8 @@ Copy the Varnish Docker Compose overwrite file into the root of the Devilbox git
2. Adjust ``.env`` settings (optional)
--------------------------------------
Varnish is using sane defaults, which can be changed by adding variables to the ``.env`` file
and assigning custom values.
Varnish and HAProxy are using sane defaults, which can be changed by adding variables to the
``.env`` file and assigning custom values.
Add the following variables to ``.env`` and adjust them to your needs:
@ -116,6 +161,11 @@ Add the following variables to ``.env`` and adjust them to your needs:
VARNISH_PARAMS=-p default_ttl=3600 -p default_grace=3600
HOST_PORT_VARNISH=6081
# HAProxy settings
HOST_PORT_HAPROXY=8080
HOST_PORT_HAPROXY_SSL=8443
.. seealso:: :ref:`env_file`
@ -154,13 +204,25 @@ For this example we will assume you are using Varnish 6
The final step is to start the Devilbox with Varnish.
.. seealso:: :ref:`start_the_devilbox`
4.1 Varnish only
^^^^^^^^^^^^^^^^
Let's assume you want to start ``php``, ``httpd``, ``bind``, ``varnish``.
.. code-block:: bash
host> docker-compose up -d php httpd bind varnish
.. seealso:: :ref:`start_the_devilbox`
4.2 HTTPS offloading with HAProxy in front of Varnish
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you also want full HTTPS support, simply start HAproxy as well with Varnish.
.. code-block:: bash
host> docker-compose up -d php httpd bind haproxy varnish
TL;DR
@ -185,6 +247,9 @@ directory:
echo "VARNICS_CACHE_SIZE=128m" >> .env
echo "VARNISH_PARAMS=-p default_ttl=3600 -p default_grace=3600" >> .env
echo "HOST_PORT_VARNISH=6081" >> .env
echo "# HAProxy settings" >> .env
echo "HOST_PORT_HAPROXY=8080" >> .env
echo "HOST_PORT_HAPROXY_SSL=8443" >> .env
# Start container
docker-compose up -d php httpd bind varnish

2
docs/support/troubleshooting.rst
View File

@ -69,7 +69,7 @@ experience similar issues as well, check for any unattended Windows updates or
updates to Docker itself. If those exist, try to revert them and see if that was the cause.
I heard many bug stories from fellow Windows users so far.
A good contact point for that is the Docker forum itself: https://forums.docker.com/c/docker-for-windows
A good contact point for that is the Docker forum itself: https://forums.docker.com/c/docker-desktop-for-windows
A few general things you should always do before attempting to open up issues are: