diff --git a/Dockerfile b/Dockerfile index a485d1d8..e2434b21 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ FROM wyveo/nginx-php-fpm:php74 RUN mkdir -p /var/lib/nginx/cache /usr/share/nginx/subdomain; cd /usr/share/nginx/subdomain ; mkdir www COPY wp/ /usr/share/nginx/subdomain/www +COPY ngx_http_cache_purge_module.so /usr/lib/nginx/modules/ RUN sed -i 's/;pm.status_path/pm.status_path/g' /etc/php/7.4/fpm/pool.d/www.conf +RUN sed -i -e '1iload_module modules/ngx_http_cache_purge_module.so;\' /etc/nginx/nginx.conf #RUN rm /etc/nginx/conf.d/default.conf #COPY build/default.conf /etc/nginx/conf.d/default.conf COPY redinessprobe-wp.sh /root/redinessprobe-wp.sh diff --git a/build/dev/web-default-conf-cm.yaml b/build/dev/web-default-conf-cm.yaml index 23d9c8b6..6af99ae1 100644 --- a/build/dev/web-default-conf-cm.yaml +++ b/build/dev/web-default-conf-cm.yaml @@ -9,49 +9,63 @@ data: default.conf: | # --------------------- - fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; # ----------------------------------------- fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_read_timeout 120; + fastcgi_cache_min_uses 1; + fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; - proxy_cache_valid 301 302 15m; + proxy_cache_valid 301 302 0m; server { + + # -------------------------- client_max_body_size 100m; + # ------------------------------- + listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name dev-medicalalert.com ""; - - return 301 https://www.$host$request_uri; + + return 301 https://www.dev-medicalalert.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - + } - + subdomain.conf: | server { + #----------------------------- client_max_body_size 100m; + # ------------------------ + client_body_timeout 1200; + client_header_timeout 600; + # --------------------------- + listen 80; listen [::]:80; - + server_name ~^(?.+)\.dev-medicalalert\.com$; - + if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; @@ -89,11 +103,18 @@ data: } #Don't cache the following URLs - if ($request_uri ~* "/(administrator/|wp-login.php)") - { + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml") { + set $no_cache 1; } + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { @@ -108,9 +129,9 @@ data: fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -141,22 +162,24 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } - location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; } # deny access to . files, for security diff --git a/build/prod/deployment.tpl b/build/prod/deployment.tpl index e8d61ee4..3123309c 100644 --- a/build/prod/deployment.tpl +++ b/build/prod/deployment.tpl @@ -83,8 +83,8 @@ spec: timeoutSeconds: 10 resources: limits: - cpu: 500m - memory: 1024Mi + cpu: 1000m + memory: 3072Mi requests: cpu: 300m memory: 700Mi diff --git a/build/prod/web-default-conf-cm.yaml b/build/prod/web-default-conf-cm.yaml index 3e359bef..c6bf5378 100644 --- a/build/prod/web-default-conf-cm.yaml +++ b/build/prod/web-default-conf-cm.yaml @@ -9,49 +9,60 @@ data: default.conf: | # --------------------- - fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; # ----------------------------------------- fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_read_timeout 120; + fastcgi_cache_min_uses 1; + fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; - proxy_cache_valid 301 302 15m; + proxy_cache_valid 301 302 0m; server { + + # -------------------------- client_max_body_size 100m; + # ------------------------------- + listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name medicalalert.com ""; - - return 301 https://www.$host$request_uri; + + return 301 https://www.medicalalert.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - + } - + subdomain.conf: | server { + #----------------------------- client_max_body_size 100m; + # ------------------------ + listen 80; listen [::]:80; - + server_name ~^(?.+)\.medicalalert\.com$; - + if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; @@ -89,11 +100,18 @@ data: } #Don't cache the following URLs - if ($request_uri ~* "/(administrator/|wp-login.php)") - { + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml") { + set $no_cache 1; } + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { @@ -109,7 +127,8 @@ data: include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -140,19 +159,24 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 5m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } - location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; } # deny access to . files, for security @@ -264,7 +288,6 @@ data: } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { - expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; @@ -279,6 +302,7 @@ data: log_not_found off; deny all; } + location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; diff --git a/build/qa/web-default-conf-cm.yaml b/build/qa/web-default-conf-cm.yaml index d7e4e815..9167d9a7 100644 --- a/build/qa/web-default-conf-cm.yaml +++ b/build/qa/web-default-conf-cm.yaml @@ -9,49 +9,60 @@ data: default.conf: | # --------------------- - fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; # ----------------------------------------- fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_read_timeout 120; + fastcgi_cache_min_uses 1; + fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; - proxy_cache_valid 301 302 15m; + proxy_cache_valid 301 302 0m; server { + + # -------------------------- client_max_body_size 100m; + # ------------------------------- + listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name qa-medicalalert.com ""; - - return 301 https://www.$host$request_uri; + + return 301 https://www.qa-medicalalert.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - + } - + subdomain.conf: | server { + #----------------------------- client_max_body_size 100m; + # ------------------------ + listen 80; listen [::]:80; - + server_name ~^(?.+)\.qa-medicalalert\.com$; - + if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; @@ -89,11 +100,18 @@ data: } #Don't cache the following URLs - if ($request_uri ~* "/(administrator/|wp-login.php)") - { + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml") { + set $no_cache 1; } + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { @@ -108,9 +126,9 @@ data: fastcgi_param SUBDOMAIN $subdomain; # $_SERVER["SUBDOMAIN"] include fastcgi_params; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -141,21 +159,24 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } - location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 60m; - fastcgi_cache_valid 301 1h; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; } # deny access to . files, for security @@ -269,7 +290,6 @@ data: } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { - expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 60m; @@ -285,6 +305,7 @@ data: log_not_found off; deny all; } + location ~ ^/(status|ping)$ { access_log off; allow 127.0.0.1; diff --git a/build/stage/web-default-conf-cm.yaml b/build/stage/web-default-conf-cm.yaml index 7568640f..1412406c 100644 --- a/build/stage/web-default-conf-cm.yaml +++ b/build/stage/web-default-conf-cm.yaml @@ -9,49 +9,60 @@ data: default.conf: | # --------------------- - fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; + fastcgi_cache_path /usr/share/nginx/subdomain/www/wp-content/uploads/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; # ----------------------------------------- fastcgi_intercept_errors on; fastcgi_ignore_client_abort on; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_read_timeout 120; + fastcgi_cache_min_uses 1; + fastcgi_cache_lock on; #fastcgi_index index.php; # -------------------------------- - + # Only cache positive responses proxy_cache_valid 200 1h; - proxy_cache_valid 301 302 15m; + proxy_cache_valid 301 302 0m; server { + + # -------------------------- client_max_body_size 100m; + # ------------------------------- + listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name stage-medicalalert.com ""; - - return 301 https://www.$host$request_uri; + + return 301 https://www.stage-medicalalert.com$request_uri; root /usr/share/nginx/subdomain/www; index index.php index.html index.htm; - + } - + subdomain.conf: | server { + #----------------------------- client_max_body_size 100m; + # ------------------------ + listen 80; listen [::]:80; - - server_name ~^(?.+)\.medicalalert\.com$; - + + server_name ~^(?.+)\.stage-medicalalert\.com$; + if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } - + root /usr/share/nginx/subdomain/$subdomain; index index.php index.html index.htm; sendfile off; @@ -89,11 +100,18 @@ data: } #Don't cache the following URLs - if ($request_uri ~* "/(administrator/|wp-login.php)") - { + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml") { + set $no_cache 1; } + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID if ($http_cookie = "PHPSESSID") { @@ -109,7 +127,8 @@ data: include fastcgi_params; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; @@ -140,19 +159,24 @@ data: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_cache MYAPP; - fastcgi_cache_valid 200 5m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 200 60m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } - location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; - fastcgi_cache_valid any 1m; + fastcgi_cache_valid 301 302 0m; + fastcgi_cache_valid any 1m; proxy_cache_background_update on; proxy_cache_lock on; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; } # deny access to . files, for security @@ -264,7 +288,6 @@ data: } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { - expires 7d; proxy_set_header X-Forwarded-Proto $scheme; fastcgi_cache MYAPP; fastcgi_cache_valid 200 60m; diff --git a/common-jobs-bitbucket.sh b/common-jobs-bitbucket.sh index 5030223a..42243818 100644 --- a/common-jobs-bitbucket.sh +++ b/common-jobs-bitbucket.sh @@ -259,7 +259,13 @@ kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mkdir -p / # ---------------------------------------------------------------------------------------------------------------------------------------------------- kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mkdir /tmp/uploads ;export FILE=`ls /tmp/*.zip`;unzip -o $FILE -d /tmp/uploads' kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; rclone sync /tmp/uploads/ /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads -q && echo ---sync-done--- ' -# -------------------------------------------------------------------------------------- +# ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------------------------------------- +kubectl exec common-job-pod -n $NAMESPACE -- sh -c '. /tmp/setenv.sh; mkdir /usr/share/nginx/subdomain/$SUBDOMAIN/wp-content/uploads/cache && echo ---CacheCreated---' +# ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- + + kubectl delete po common-job-pod -n $NAMESPACE cat script.log | egrep -v "Errors:|SQL|rewrite|Rewrite|warning|Warning|create mode" | egrep -i "not in gzip format|fail|fatal|exception|terminated|command not found|error|unexpected|cannot access|No such file" && exit 9 || echo VALIDATION_PASS_$opt diff --git a/ngx_http_cache_purge_module.so b/ngx_http_cache_purge_module.so new file mode 100644 index 00000000..db9d10f6 Binary files /dev/null and b/ngx_http_cache_purge_module.so differ