Added varnish with https support

README.md

@@ -4,6 +4,9 @@
 
 `brew install [email protected]`
 
-`/usr/local/etc/php/php`
+`vi /usr/local/etc/php/7.2/php.ini`
+- `memory_limit = 4096M`
 
-memory_limit to 4GB
+## Secure certificate
+
+Add [*.localhost.reachdigital.io.pem](./hitch/*.localhost.reachdigital.io.pem) to your keychain.

docker-compose.yml

@@ -1,7 +1,28 @@
 version: "3"
 
 services:
-  web:
+  hitch:
+    image: zazukoians/hitch
+    ports:
+      - '443:443'
+    volumes:
+      - ./hitch/*.localhost.reachdigital.io.pem:/etc/ssl/hitch/combined.pem
+    environment:
+      HITCH_PARAMS: '--backend=[varnish]:80 --frontend=[*]:443 --alpn-protos="h2,http/1.1"'
+
+  varnish:
+    image: hermsi/alpine-varnish
+    volumes:
+      - ./varnish/default.vcl:/etc/varnish/default.vcl:ro
+    ports:
+      - "80:80"
+      - "6082:6082"
+    environment:
+      VARNISH_PORT: 80
+      VARNISHD_ADDITIONAL_OPTS: '-p feature=+http2'
+      VARNISHLOG: 'true'
+
+  nginx:
     image: nginx:alpine
     volumes:
       - ./nginx/conf.d/default.conf:/etc/nginx/conf.d/default.template:ro
@@ -10,10 +31,9 @@ services:
     ports:
       - "8080:80"
     environment:
-      - NGINX_PORT=80
-      - PHP_PORT=9000
-      - FPM_ROOT=/Users/paulhachmang/Sites/iosr/src/pub
-    command: /bin/sh -c "envsubst '$$NGINX_PORT $$PHP_PORT $$FPM_ROOT' < /etc/nginx/conf.d/default.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
+      FPM_PORT: 9000
+      FPM_ROOT: '/Users/paulhachmang/Sites/iosr/src/pub'
+    command: /bin/sh -c "envsubst '$$FPM_PORT $$FPM_ROOT' < /etc/nginx/conf.d/default.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
 
   db:
     image: percona:5.7
@@ -37,15 +57,8 @@ services:
 #      - "443:8443"
 #    depends_on:
 #      - varnish
-#
-#  varnish:
-#    image: mage2click/magento-varnish:4.1
-#    ports:
-#      - "80:80"
-#      - "6082:6082"
-#    depends_on:
-#      - app
-##
+
+
 #  app:
 #    image: mage2click/magento-nginx:1.13
 #    environment:

hitch/*.localhost.reachdigital.io.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAe+gAwIBAgIJAKLd3OeF2wReMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
+BAMMHyoubG9jYWxob3N0LnJlYWNoZGlnaXRhbC5pby5wZW0wHhcNMjAwMTE0MTI1
+MDU1WhcNMzAwMTExMTI1MDU1WjAqMSgwJgYDVQQDDB8qLmxvY2FsaG9zdC5yZWFj
+aGRpZ2l0YWwuaW8ucGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1cVEG+53eaEpN9oTN2PiFozgbF61GHzF/Ux+Hw7CYXk1hIFbcIasYq9vWNNmIBJv
+XAJkHZzmBhD/ltJU2xNEGpNKpSk5fJWB9u6nPZNj0ic79cYz0HDKvWtnSFF7eg1N
+xO+ZtyzcAjYXC5BstM+zpd7KHyqaoC2YU2ImuDn/9Vo7fKekbXOKbjKImjtV07Du
+TWP08xiSrVQxDt91U3QzBODeCHeWXGW+YQhTG7zYvkUkuxRHYaMmH9EkKyoBvQ6W
+bZbsgn7uw/QGbRG6TqLivW/Fa//X6rpvB+65oPX9QhAkLxMuy3WbsBEfSwmB8ekv
+5HUEz/1jANbJWJ4Y39kQeQIDAQABozAwLjAsBgNVHREEJTAjghsqLmxvY2FsaG9z
+dC5yZWFjaGRpZ2l0YWwuaW+HBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAEeAVD+h
+Zvc9CgF9WFsvVbIbLMww1QRDZdJuLZWj7Nsc71bb5Zt96ozR9Is0vQz5Pkbb0Sb0
+B58xjQas1uROnm3ROWR0LWPmr1zPvc+laCnnWWEXMVd6RORSqr1Jn0WZslDCbYNG
+AEEe9lNDOe6+p39dDBwVQVkojDFb6XgAOTY1LAXVu4bKhx8iPYI1MsMsmuhguVJi
+SkrcU9Ak5woTe0RHbD5nA4MbA4sbcX5a/o6QYpoOSjr+hCQvjtF5Dpgl3/zIfzSC
+fDvHysYylVTUMGJnA7oKdh+HmjvML1fSEbxqbOPnXJHWDKvVr+xyMFiLg2VBorAX
+lrWn1SKgpxVnjgU=
+-----END CERTIFICATE-----

hitch/*.localhost.reachdigital.io.info

@@ -0,0 +1,53 @@
+SHA1 Fingerprint=28:3B:2E:C4:F9:8C:26:37:16:FE:54:1E:20:58:53:3A:94:AB:4D:FC
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11735779090938659934 (0xa2dddce785db045e)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=*.localhost.reachdigital.io.pem
+        Validity
+            Not Before: Jan 14 12:50:55 2020 GMT
+            Not After : Jan 11 12:50:55 2030 GMT
+        Subject: CN=*.localhost.reachdigital.io.pem
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d5:c5:44:1b:ee:77:79:a1:29:37:da:13:37:63:
+                    e2:16:8c:e0:6c:5e:b5:18:7c:c5:fd:4c:7e:1f:0e:
+                    c2:61:79:35:84:81:5b:70:86:ac:62:af:6f:58:d3:
+                    66:20:12:6f:5c:02:64:1d:9c:e6:06:10:ff:96:d2:
+                    54:db:13:44:1a:93:4a:a5:29:39:7c:95:81:f6:ee:
+                    a7:3d:93:63:d2:27:3b:f5:c6:33:d0:70:ca:bd:6b:
+                    67:48:51:7b:7a:0d:4d:c4:ef:99:b7:2c:dc:02:36:
+                    17:0b:90:6c:b4:cf:b3:a5:de:ca:1f:2a:9a:a0:2d:
+                    98:53:62:26:b8:39:ff:f5:5a:3b:7c:a7:a4:6d:73:
+                    8a:6e:32:88:9a:3b:55:d3:b0:ee:4d:63:f4:f3:18:
+                    92:ad:54:31:0e:df:75:53:74:33:04:e0:de:08:77:
+                    96:5c:65:be:61:08:53:1b:bc:d8:be:45:24:bb:14:
+                    47:61:a3:26:1f:d1:24:2b:2a:01:bd:0e:96:6d:96:
+                    ec:82:7e:ee:c3:f4:06:6d:11:ba:4e:a2:e2:bd:6f:
+                    c5:6b:ff:d7:ea:ba:6f:07:ee:b9:a0:f5:fd:42:10:
+                    24:2f:13:2e:cb:75:9b:b0:11:1f:4b:09:81:f1:e9:
+                    2f:e4:75:04:cf:fd:63:00:d6:c9:58:9e:18:df:d9:
+                    10:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:*.localhost.reachdigital.io, IP Address:127.0.0.1
+    Signature Algorithm: sha256WithRSAEncryption
+         47:80:54:3f:a1:66:f7:3d:0a:01:7d:58:5b:2f:55:b2:1b:2c:
+         cc:30:d5:04:43:65:d2:6e:2d:95:a3:ec:db:1c:ef:56:db:e5:
+         9b:7d:ea:8c:d1:f4:8b:34:bd:0c:f9:3e:46:db:d1:26:f4:07:
+         9f:31:8d:06:ac:d6:e4:4e:9e:6d:d1:39:64:74:2d:63:e6:af:
+         5c:cf:bd:cf:a5:68:29:e7:59:61:17:31:57:7a:44:e4:52:aa:
+         bd:49:9f:45:99:b2:50:c2:6d:83:46:00:41:1e:f6:53:43:39:
+         ee:be:a7:7f:5d:0c:1c:15:41:59:28:8c:31:5b:e9:78:00:39:
+         36:35:2c:05:d5:bb:86:ca:87:1f:22:3d:82:35:32:c3:2c:9a:
+         e8:60:b9:52:62:4a:4a:dc:53:d0:24:e7:0a:13:7b:44:47:6c:
+         3e:67:03:83:1b:03:8b:1b:71:7e:5a:fe:8e:90:62:9a:0e:4a:
+         3a:fe:84:24:2f:8e:d1:79:0e:98:25:df:fc:c8:7f:34:82:7c:
+         3b:c7:ca:c6:32:95:54:d4:30:62:67:03:ba:0a:76:1f:87:9a:
+         3b:cc:2f:57:d2:11:bc:6a:6c:e3:e7:5c:91:d6:0c:ab:d5:af:
+         ec:72:30:58:8b:83:65:41:a2:b0:17:96:b5:a7:d5:22:a0:a7:
+         15:67:8e:05

hitch/*.localhost.reachdigital.io.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDVxUQb7nd5oSk3
+2hM3Y+IWjOBsXrUYfMX9TH4fDsJheTWEgVtwhqxir29Y02YgEm9cAmQdnOYGEP+W
+0lTbE0Qak0qlKTl8lYH27qc9k2PSJzv1xjPQcMq9a2dIUXt6DU3E75m3LNwCNhcL
+kGy0z7Ol3sofKpqgLZhTYia4Of/1Wjt8p6Rtc4puMoiaO1XTsO5NY/TzGJKtVDEO
+33VTdDME4N4Id5ZcZb5hCFMbvNi+RSS7FEdhoyYf0SQrKgG9DpZtluyCfu7D9AZt
+EbpOouK9b8Vr/9fqum8H7rmg9f1CECQvEy7LdZuwER9LCYHx6S/kdQTP/WMA1slY
+nhjf2RB5AgMBAAECggEAXSG8Mo8J7iuQUYzoolEZxslJXO1F6I0zlM8mg1FiziSI
+dFoHBFcn8zaLRB+VdpORgHxqMZyRekMdlw+7eFZEbW+OLbZwHR7lqDcBFYqJCp2d
+Oc5H9J+vNCb+sDsPmHUDVLEuPueEUlJOZ/Nb6Mo0cidF154wD2jN3EX+qHRcVv9U
+P+OC0pUB38sqsFg9pINdMFqHYaczobFkpozVluBI+8zOFqwQlu357i5URpIvVk4s
+mrVqbLeQtS/XqBvBAj+irrvo/cIoTgEC4YBddhLxS8tG0qLS6Sy/7C3HkswKPxN9
+HXPSLj1au858+V8BICY9Xv/7yr6qBWVb1ILYp/Z7IQKBgQD9UfEhWpQxJ4MuUgWD
+CRHf602//gh/VOkm+KEO6/yBjBpCO57p9KJVOq857CcCfxjEg09ObwayTkbAy9oI
+GS3vooG8dBxcOOAvvMVnbKAhIjNHiSeWgj6dSJ6qZqXQR67fi2anUxuUvtMll8Fr
+8u0BQiodWb246hZyEwrLoqIjkwKBgQDYCDaqwb+tJ949s9lPs0zpVnged/sC+7MR
+5+TGDp1aJCfbGwLtptNmBzcmDZmDigI+tmyg2HvpH8qvehu/IJutDF5agTHQcZob
+Yd6WiX5sHfT0ZpiCt5qCaC7QvzG3rG5bXnKA/v2huP7rNl25wqq4cx5oQyfhI+Id
+Ofeam/nbQwKBgFLrG47bY16jnGDxIDTAJ0WwdAbAVG+5j4feInoL7N9KyN2dPms+
+VFSpnOnMzwgWKjlI8hCubva2gJpjH78+3rZt7yGMsCvPwjJeDA/Kkq/FzhtAXeD6
+SRyaxLTqXKRMkoVB0Bw9K+4IeHz5q6p2HfYnfjmVQnDgzvAQI5x8Y65ZAoGBAL+T
+mRcYtmhSAK3rPf2F3eDXQ7KRZ9Ifb4+je6d/8l6rzYRqkdA6ryG9qFRgnxCdZJxE
+nlSNZmU4QkAXI1/9BNETNOFBzPEyrR03T3Nj/u7WKhJKoVjahXS7+zg3NVnS2hLA
+0P5AIqA2NCpWjgtb7JWh0QdY9pabgbu1WjSLuamNAoGAcPVKsMxPgwTB1tVHiFbm
+OAW7jQVR4+cGr+xA7qa6A6ndrAX4uvnmZrZiEFA87wuQ241BdFU259QpKTrP5JEm
+96+Hv2QN0sv676qwaMlDVzlXZhGjqHG2GD51pfHeA5aR5qfM+zLYA0TeXKgn3DI1
+F7t8YMu+8lopAB5uxsAvPGM=
+-----END PRIVATE KEY-----

hitch/*.localhost.reachdigital.io.pem

@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAe+gAwIBAgIJAKLd3OeF2wReMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
+BAMMHyoubG9jYWxob3N0LnJlYWNoZGlnaXRhbC5pby5wZW0wHhcNMjAwMTE0MTI1
+MDU1WhcNMzAwMTExMTI1MDU1WjAqMSgwJgYDVQQDDB8qLmxvY2FsaG9zdC5yZWFj
+aGRpZ2l0YWwuaW8ucGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1cVEG+53eaEpN9oTN2PiFozgbF61GHzF/Ux+Hw7CYXk1hIFbcIasYq9vWNNmIBJv
+XAJkHZzmBhD/ltJU2xNEGpNKpSk5fJWB9u6nPZNj0ic79cYz0HDKvWtnSFF7eg1N
+xO+ZtyzcAjYXC5BstM+zpd7KHyqaoC2YU2ImuDn/9Vo7fKekbXOKbjKImjtV07Du
+TWP08xiSrVQxDt91U3QzBODeCHeWXGW+YQhTG7zYvkUkuxRHYaMmH9EkKyoBvQ6W
+bZbsgn7uw/QGbRG6TqLivW/Fa//X6rpvB+65oPX9QhAkLxMuy3WbsBEfSwmB8ekv
+5HUEz/1jANbJWJ4Y39kQeQIDAQABozAwLjAsBgNVHREEJTAjghsqLmxvY2FsaG9z
+dC5yZWFjaGRpZ2l0YWwuaW+HBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAEeAVD+h
+Zvc9CgF9WFsvVbIbLMww1QRDZdJuLZWj7Nsc71bb5Zt96ozR9Is0vQz5Pkbb0Sb0
+B58xjQas1uROnm3ROWR0LWPmr1zPvc+laCnnWWEXMVd6RORSqr1Jn0WZslDCbYNG
+AEEe9lNDOe6+p39dDBwVQVkojDFb6XgAOTY1LAXVu4bKhx8iPYI1MsMsmuhguVJi
+SkrcU9Ak5woTe0RHbD5nA4MbA4sbcX5a/o6QYpoOSjr+hCQvjtF5Dpgl3/zIfzSC
+fDvHysYylVTUMGJnA7oKdh+HmjvML1fSEbxqbOPnXJHWDKvVr+xyMFiLg2VBorAX
+lrWn1SKgpxVnjgU=
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDVxUQb7nd5oSk3
+2hM3Y+IWjOBsXrUYfMX9TH4fDsJheTWEgVtwhqxir29Y02YgEm9cAmQdnOYGEP+W
+0lTbE0Qak0qlKTl8lYH27qc9k2PSJzv1xjPQcMq9a2dIUXt6DU3E75m3LNwCNhcL
+kGy0z7Ol3sofKpqgLZhTYia4Of/1Wjt8p6Rtc4puMoiaO1XTsO5NY/TzGJKtVDEO
+33VTdDME4N4Id5ZcZb5hCFMbvNi+RSS7FEdhoyYf0SQrKgG9DpZtluyCfu7D9AZt
+EbpOouK9b8Vr/9fqum8H7rmg9f1CECQvEy7LdZuwER9LCYHx6S/kdQTP/WMA1slY
+nhjf2RB5AgMBAAECggEAXSG8Mo8J7iuQUYzoolEZxslJXO1F6I0zlM8mg1FiziSI
+dFoHBFcn8zaLRB+VdpORgHxqMZyRekMdlw+7eFZEbW+OLbZwHR7lqDcBFYqJCp2d
+Oc5H9J+vNCb+sDsPmHUDVLEuPueEUlJOZ/Nb6Mo0cidF154wD2jN3EX+qHRcVv9U
+P+OC0pUB38sqsFg9pINdMFqHYaczobFkpozVluBI+8zOFqwQlu357i5URpIvVk4s
+mrVqbLeQtS/XqBvBAj+irrvo/cIoTgEC4YBddhLxS8tG0qLS6Sy/7C3HkswKPxN9
+HXPSLj1au858+V8BICY9Xv/7yr6qBWVb1ILYp/Z7IQKBgQD9UfEhWpQxJ4MuUgWD
+CRHf602//gh/VOkm+KEO6/yBjBpCO57p9KJVOq857CcCfxjEg09ObwayTkbAy9oI
+GS3vooG8dBxcOOAvvMVnbKAhIjNHiSeWgj6dSJ6qZqXQR67fi2anUxuUvtMll8Fr
+8u0BQiodWb246hZyEwrLoqIjkwKBgQDYCDaqwb+tJ949s9lPs0zpVnged/sC+7MR
+5+TGDp1aJCfbGwLtptNmBzcmDZmDigI+tmyg2HvpH8qvehu/IJutDF5agTHQcZob
+Yd6WiX5sHfT0ZpiCt5qCaC7QvzG3rG5bXnKA/v2huP7rNl25wqq4cx5oQyfhI+Id
+Ofeam/nbQwKBgFLrG47bY16jnGDxIDTAJ0WwdAbAVG+5j4feInoL7N9KyN2dPms+
+VFSpnOnMzwgWKjlI8hCubva2gJpjH78+3rZt7yGMsCvPwjJeDA/Kkq/FzhtAXeD6
+SRyaxLTqXKRMkoVB0Bw9K+4IeHz5q6p2HfYnfjmVQnDgzvAQI5x8Y65ZAoGBAL+T
+mRcYtmhSAK3rPf2F3eDXQ7KRZ9Ifb4+je6d/8l6rzYRqkdA6ryG9qFRgnxCdZJxE
+nlSNZmU4QkAXI1/9BNETNOFBzPEyrR03T3Nj/u7WKhJKoVjahXS7+zg3NVnS2hLA
+0P5AIqA2NCpWjgtb7JWh0QdY9pabgbu1WjSLuamNAoGAcPVKsMxPgwTB1tVHiFbm
+OAW7jQVR4+cGr+xA7qa6A6ndrAX4uvnmZrZiEFA87wuQ241BdFU259QpKTrP5JEm
+96+Hv2QN0sv676qwaMlDVzlXZhGjqHG2GD51pfHeA5aR5qfM+zLYA0TeXKgn3DI1
+F7t8YMu+8lopAB5uxsAvPGM=
+-----END PRIVATE KEY-----

hitch/generate.sh

@@ -0,0 +1,20 @@
+
+
+openssl req \
+  -newkey rsa:2048 \
+  -x509 \
+  -nodes \
+  -keyout *.localhost.reachdigital.io.key \
+  -new \
+  -out *.localhost.reachdigital.io.crt \
+  -subj /CN=*.localhost.reachdigital.io.pem \
+  -reqexts SAN \
+  -extensions SAN \
+  -config <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:*.localhost.reachdigital.io,IP:127.0.0.1')) \
+  -sha256 \
+  -days 3650
+
+
+openssl x509 -noout -fingerprint -text < *.localhost.reachdigital.io.crt > *.localhost.reachdigital.io.info
+cat *.localhost.reachdigital.io.crt *.localhost.reachdigital.io.key > *.localhost.reachdigital.io.pem
+chmod 400 *.localhost.reachdigital.io.key *.localhost.reachdigital.io.pem

nginx/conf.d/default.conf

@@ -1,9 +1,9 @@
 upstream fastcgi_backend {
-   server host.docker.internal:${PHP_PORT};
+   server host.docker.internal:${FPM_PORT};
 }
 
 server {
-   listen ${NGINX_PORT};
+   listen 80;
    server_name localhost;
    set $MAGE_ROOT /var/www/data;
    set $MAGE_DEBUG_SHOW_ARGS 1;