From eb1b9567df23cbec4ee082af3e333a863b0e702d Mon Sep 17 00:00:00 2001 From: Jeremy Gonyea Date: Thu, 3 Oct 2019 16:54:05 -0400 Subject: [PATCH 1/4] Updated for latest ddev version (#2676) --- webserver-configs/nginx-ddev-site.conf | 140 +++++++++++++++---------- 1 file changed, 82 insertions(+), 58 deletions(-) diff --git a/webserver-configs/nginx-ddev-site.conf b/webserver-configs/nginx-ddev-site.conf index e75cf2ff1..be3cf3721 100644 --- a/webserver-configs/nginx-ddev-site.conf +++ b/webserver-configs/nginx-ddev-site.conf @@ -2,7 +2,7 @@ # You can override ddev's configuration by placing an edited copy # of this config (or one of the other ones) in .ddev/nginx-site.conf -# See https://ddev.readthedocs.io/en/latest/users/extend/customization-extendibility/#providing-custom-nginx-configuration +# See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#providing-custom-nginx-configuration # Set https to 'on' if x-forwarded-proto is https map $http_x_forwarded_proto $fcgi_https { @@ -11,11 +11,16 @@ map $http_x_forwarded_proto $fcgi_https { } server { - listen 80; ## listen for ipv4; this line is default and implied - listen [::]:80 default ipv6only=on; ## listen for ipv6 - # The NGINX_DOCROOT variable is substituted with + listen 80; + listen [::]:80 default ipv6only=on; + + # The WEBSERVER_DOCROOT variable is substituted with # its value when the container is started. - root $NGINX_DOCROOT; + root $WEBSERVER_DOCROOT; + + include /etc/nginx/monitoring.conf; + + index index.php index.htm index.html; # Make site accessible from http://localhost/ @@ -23,15 +28,20 @@ server { # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; - error_log /var/log/nginx/error.log info; + error_log /dev/stdout info; access_log /var/log/nginx/access.log; + ## Begin - Index + # for subfolders, simply adjust: + # `location /subfolder {` + # and the rewrite to use `/subfolder/index.php` location / { - absolute_redirect off; try_files $uri $uri/ /index.php?$query_string; } + ## End - Index - # pass the PHP scripts to FastCGI server listening on socket + + # pass the PHP scripts to FastCGI server listening on socket location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; @@ -42,38 +52,78 @@ server { fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; include fastcgi_params; - fastcgi_intercept_errors on; + fastcgi_intercept_errors off; # fastcgi_read_timeout should match max_execution_time in php.ini fastcgi_read_timeout 10m; fastcgi_param SERVER_NAME $host; fastcgi_param HTTPS $fcgi_https; } - # Expire rules for static content - # Feed - location ~* \.(?:rss|atom|cache)$ { - expires 1h; - } + ## Begin - Security + # deny all direct access for these folders + location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } + # deny running scripts inside core system folders + location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + # deny running scripts inside user folder + location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + # deny access to specific files in the root folder + location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } + ## End - Security - # Media: images, icons, video, audio, HTC - location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { - expires 1M; - access_log off; - add_header Cache-Control "public"; - } + include /mnt/ddev_config/nginx/*.conf; +} - # Prevent clients from accessing hidden files (starting with a dot) - # This is particularly important if you store .htpasswd files in the site hierarchy - # Access to `/.well-known/` is allowed. - # https://www.mnot.net/blog/2010/04/07/well-known - # https://tools.ietf.org/html/rfc5785 - location ~* /\.(?!well-known\/) { - deny all; - } - # Prevent clients from accessing to backup/config/source files - location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { - deny all; +server { + listen 443 ssl; + listen [::]:443 default ipv6only=on; + + # The WEBSERVER_DOCROOT variable is substituted with + # its value when the container is started. + root $WEBSERVER_DOCROOT; + + ssl_certificate /etc/ssl/certs/master.crt; + ssl_certificate_key /etc/ssl/certs/master.key; + + include /etc/nginx/monitoring.conf; + + + index index.php index.htm index.html; + + # Make site accessible from http://localhost/ + server_name _; + + # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html + sendfile off; + error_log /dev/stdout info; + access_log /var/log/nginx/access.log; + + ## Begin - Index + # for subfolders, simply adjust: + # `location /subfolder {` + # and the rewrite to use `/subfolder/index.php` + location / { + try_files $uri $uri/ /index.php?$query_string; + } + ## End - Index + + + # pass the PHP scripts to FastCGI server listening on socket + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm.sock; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_intercept_errors off; + # fastcgi_read_timeout should match max_execution_time in php.ini + fastcgi_read_timeout 10m; + fastcgi_param SERVER_NAME $host; + fastcgi_param HTTPS $fcgi_https; } ## Begin - Security @@ -88,31 +138,5 @@ server { ## End - Security - ## provide a health check endpoint - location /healthcheck { - access_log off; - stub_status on; - keepalive_timeout 0; # Disable HTTP keepalive - return 200; - } - - error_page 400 401 /40x.html; - location = /40x.html { - root /usr/share/nginx/html; - } - - location ~ ^/(fpmstatus|ping)$ { - access_log off; - stub_status on; - keepalive_timeout 0; # Disable HTTP keepalive - allow 127.0.0.1; - allow all; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_pass unix:/run/php-fpm.sock; - } - - + include /mnt/ddev_config/nginx/*.conf; } - From feeee9ef8625be8c63013bc73784f18244d20b19 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Tue, 15 Oct 2019 19:00:25 +0300 Subject: [PATCH 2/4] Fixed PHP 7.1 bug in Flex --- CHANGELOG.md | 4 +++- system/src/Grav/Common/Media/Traits/MediaTrait.php | 2 +- system/src/Grav/Common/Page/Page.php | 2 +- system/src/Grav/Framework/Flex/Traits/FlexMediaTrait.php | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b677f7e58..32f49c898 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,9 @@ ## mm/dd/2019 1. [](#improved) - * Safer file handling + customizable null char replacment in `CsvFormatter::decode()` + * Safer file handling + customizable null char replacement in `CsvFormatter::decode()` +1. [](#bugfix) + * Fixed PHP 7.1 bug in Flex # v1.6.16 ## 09/19/2019 diff --git a/system/src/Grav/Common/Media/Traits/MediaTrait.php b/system/src/Grav/Common/Media/Traits/MediaTrait.php index c65f87da6..dc6550dbf 100644 --- a/system/src/Grav/Common/Media/Traits/MediaTrait.php +++ b/system/src/Grav/Common/Media/Traits/MediaTrait.php @@ -125,5 +125,5 @@ trait MediaTrait /** * @return string */ - abstract protected function getCacheKey(); + abstract protected function getCacheKey(): string; } diff --git a/system/src/Grav/Common/Page/Page.php b/system/src/Grav/Common/Page/Page.php index 173035981..f59665ff5 100644 --- a/system/src/Grav/Common/Page/Page.php +++ b/system/src/Grav/Common/Page/Page.php @@ -1200,7 +1200,7 @@ class Page implements PageInterface /** * @return string */ - protected function getCacheKey() + protected function getCacheKey(): string { return $this->id(); } diff --git a/system/src/Grav/Framework/Flex/Traits/FlexMediaTrait.php b/system/src/Grav/Framework/Flex/Traits/FlexMediaTrait.php index 8b2270604..c894634c6 100644 --- a/system/src/Grav/Framework/Flex/Traits/FlexMediaTrait.php +++ b/system/src/Grav/Framework/Flex/Traits/FlexMediaTrait.php @@ -342,5 +342,5 @@ trait FlexMediaTrait abstract public function getFlexDirectory(): FlexDirectory; - abstract public function getStorageKey(); + abstract public function getStorageKey(): string; } From d11772b6819015082185818e5c2d75c0b6d36c5e Mon Sep 17 00:00:00 2001 From: Djamil Legato Date: Wed, 16 Oct 2019 11:02:44 -0700 Subject: [PATCH 3/4] Change of Behavior: `Inflector::hyphenize` will now automatically trim dashes at beginning and end of a string. --- CHANGELOG.md | 1 + system/src/Grav/Common/Inflector.php | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32f49c898..012ea9475 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ 1. [](#improved) * Safer file handling + customizable null char replacement in `CsvFormatter::decode()` + * Change of Behavior: `Inflector::hyphenize` will now automatically trim dashes at beginning and end of a string. 1. [](#bugfix) * Fixed PHP 7.1 bug in Flex diff --git a/system/src/Grav/Common/Inflector.php b/system/src/Grav/Common/Inflector.php index a24bbfd84..eca93c197 100644 --- a/system/src/Grav/Common/Inflector.php +++ b/system/src/Grav/Common/Inflector.php @@ -193,6 +193,8 @@ class Inflector $regex3 = preg_replace('/([0-9])([A-Z])/', '\1-\2', $regex2); $regex4 = preg_replace('/[^A-Z^a-z^0-9]+/', '-', $regex3); + $regex4 = trim($regex4, '-'); + return strtolower($regex4); } From bc1dd2a7b4f82d3942b6227e92ca7dfd9edf0cbb Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 16 Oct 2019 23:40:08 +0300 Subject: [PATCH 4/4] Added working ETag (304 Not Modified) support based on the final rendered HTML --- CHANGELOG.md | 2 ++ system/src/Grav/Common/Grav.php | 14 +++++++++++++- system/src/Grav/Common/Page/Page.php | 4 ++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 012ea9475..e5f258008 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # v1.6.17 ## mm/dd/2019 +1. [](#new) + * Added working ETag (304 Not Modified) support based on the final rendered HTML 1. [](#improved) * Safer file handling + customizable null char replacement in `CsvFormatter::decode()` * Change of Behavior: `Inflector::hyphenize` will now automatically trim dashes at beginning and end of a string. diff --git a/system/src/Grav/Common/Grav.php b/system/src/Grav/Common/Grav.php index 009d57de5..9cb74cc18 100644 --- a/system/src/Grav/Common/Grav.php +++ b/system/src/Grav/Common/Grav.php @@ -247,9 +247,21 @@ class Grav extends Container $collection = new RequestHandler($this->middleware, $default, $container); $response = $collection->handle($this['request']); + $body = $response->getBody(); + + // Handle ETag and If-None-Match headers. + if ($response->getHeaderLine('ETag') === '1') { + $etag = md5($body); + $response = $response->withHeader('ETag', $etag); + + if ($this['request']->getHeaderLine('If-None-Match') === $etag) { + $response = $response->withStatus(304); + $body = ''; + } + } $this->header($response); - echo $response->getBody(); + echo $body; $debugger->render(); diff --git a/system/src/Grav/Common/Page/Page.php b/system/src/Grav/Common/Page/Page.php index f59665ff5..199660852 100644 --- a/system/src/Grav/Common/Page/Page.php +++ b/system/src/Grav/Common/Page/Page.php @@ -529,9 +529,9 @@ class Page implements PageInterface $headers['Last-Modified'] = $last_modified_date; } - // Calculate ETag based on the raw file + // Ask Grav to calculate ETag from the final content. if ($this->eTag()) { - $headers['ETag'] = '"' . md5($this->raw() . $this->modified()).'"'; + $headers['ETag'] = '1'; } // Set Vary: Accept-Encoding header