clivewalkden · May 3, 2022 10:02
diff --git a/backup.conf b/backup.conf
 # Configuration file for db-sync (https://github.com/clivewalkden/bash-magento2-db-sync)
 remote_host={{remote_host}}
 remote_domain={{remote_domain}}
 remote_port={{remote_port}}
 remote_username={{remote_username}}
 remote_magento_dir={{remote_magento_dir}}
 remote_backup_dir={{remote_backup_dir}}
 remote_shared_deployment_dir={{remote_shared_deployment_dir}}
 local_backup_dir={{local_backup_dir}}
diff --git a/default.vcl b/default.vcl
 # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
 vcl 4.1;

 import std;
 # The minimal Varnish version is 6.0
 # For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'

 backend default {
    .host = "localhost";
    .port = "8080";
    .first_byte_timeout = 600s;
    .probe = {
        .url = "/health_check.php";
        .timeout = 2s;
        .interval = 5s;
        .window = 10;
        .threshold = 5;
   }
 }

 acl purge {
    "localhost";
    "127.0.0.1";
    "::1";
 }

 sub vcl_recv {
    # Remove empty query string parameters
    # e.g.: www.example.com/index.html?
    if (req.url ~ "\?$") {
        set req.url = regsub(req.url, "\?$", "");
    }

    # Remove port number from host header
    set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");

    # Sorts query string parameters alphabetically for cache normalization purposes
    set req.url = std.querysort(req.url);

    # Remove the proxy header to mitigate the httpoxy vulnerability
    # See https://httpoxy.org/
    unset req.http.proxy;

    # Add X-Forwarded-Proto header when using https
    if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443)) {
        set req.http.X-Forwarded-Proto = "https";
    }

    # Reduce grace to 300s if the backend is healthy
    # In case of an unhealthy backend, the original grace is used
    if (std.healthy(req.backend_hint)) {
        set req.grace = 300s;
    }

    # Purge logic to remove objects from the cache
    # Tailored to Magento's cache invalidation mechanism
    if (req.method == "PURGE") {
        if (client.ip !~ purge) {
            return (synth(405, "Method not allowed"));
        }
        # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
        # has been added to the response in your backend server config. This is used, for example, by the
        # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
        if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
            return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
        }
        if (req.http.X-Magento-Tags-Pattern) {
          ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
        }
        if (req.http.X-Pool) {
          ban("obj.http.X-Pool ~ " + req.http.X-Pool);
        }
        return (synth(200, "Purged"));
    }

    # Only handle relevant HTTP request methods
    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "PATCH" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "DELETE") {
          /* Non-RFC2616 or CONNECT which is weird. */
          return (pipe);
    }

    # We only deal with GET and HEAD by default
    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }

    # Bypass shopping cart, checkout and search requests
    if (req.url ~ "/checkout" || req.url ~ "/catalogsearch") {
        return (pass);
    }

    # Bypass health check requests
    if (req.url ~ "^/(pub/)?(health_check.php)$") {
        return (pass);
    }

    # collect all cookies
    std.collect(req.http.Cookie);

    # Remove all marketing get parameters to minimize the cache objects
    if (req.url ~ "(\?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
        set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
        set req.url = regsub(req.url, "[?|&]+$", "");
    }

    # Don't cache the authenticated GraphQL requests
    if (req.url ~ "/graphql" && req.http.Authorization ~ "^Bearer") {
        return (pass);
    }

    return (hash);
 }

 sub vcl_hash {
    # Add a cache variation based on the X-Magento-Vary cookie
    if (req.http.cookie ~ "X-Magento-Vary=") {
        hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
    } else {
        hash_data("");
    }

    # Create cache variations depending on the request protocol
    hash_data(req.http.X-Forwarded-Proto);

    # Create store and currency cache variations for GraphQL requests
    if (req.url ~ "/graphql") {
        hash_data(req.http.Store);
        hash_data(req.http.Content-Currency);
    }
 }

 sub vcl_backend_response {
    # Serve stale content for three days after object expiration
    # Perform asynchronous revalidation while stale content is served
    set beresp.grace = 3d;

    # All text-based content can be parsed as ESI
    if (beresp.http.content-type ~ "text") {
        set beresp.do_esi = true;
    }

    # Allow GZIP compression on all JavaScript files and all text-based content
    if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
        set beresp.do_gzip = true;
    }

    # Add debug headers
    if (beresp.http.X-Magento-Debug) {
        set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
    }

    # cache only successfully responses and 404s
    if (beresp.status != 200 && beresp.status != 404) {
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;
        return (deliver);
    # Don't cache private responses
    } elsif (beresp.http.Cache-Control ~ "private") {
        set beresp.uncacheable = true;
        set beresp.ttl = 86400s;
        return (deliver);
    }

    # validate if we need to cache it and prevent from setting cookie
    if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
        unset beresp.http.set-cookie;
    }

   # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
   if (beresp.ttl <= 0s ||
       beresp.http.Surrogate-control ~ "no-store" ||
       (!beresp.http.Surrogate-Control &&
       beresp.http.Cache-Control ~ "no-cache|no-store") ||
       beresp.http.Vary == "*") {
        # Mark as Hit-For-Pass for the next 2 minutes
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;
    }

    return (deliver);
 }

 sub vcl_deliver {
    # Add debug headers
    if (resp.http.X-Magento-Debug) {
        if (obj.uncacheable) {
            set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
        } else if (obj.hits) {
            set resp.http.X-Magento-Cache-Debug = "HIT";
            set resp.http.Grace = req.http.grace;
        } else {
            set resp.http.X-Magento-Cache-Debug = "MISS";
        }
    } else {
        unset resp.http.Age;
    }
    if (obj.uncacheable) {
        set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
    } else if (obj.hits) {
        set resp.http.X-Magento-Cache-Debug = "HIT";
        set resp.http.Grace = req.http.grace;
    } else {
        set resp.http.X-Magento-Cache-Debug = "MISS";
    }


    # Not letting browser to cache non-static files.
    if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") {
        set resp.http.Pragma = "no-cache";
        set resp.http.Expires = "-1";
        set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
    }

    unset resp.http.X-Magento-Debug;
    unset resp.http.X-Magento-Tags;
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.X-Varnish;
    unset resp.http.Via;
    unset resp.http.Link;
 }
diff --git a/env.php b/env.php
 <?php
 return [
    'backend' => [
        'frontName' => 'sozoadmin'
    ],
    'crypt' => [
        'key' => '{{key}}'
    ],
    'db' => [
        'table_prefix' => '',
        'connection' => [
            'default' => [
                'host' => 'localhost',
                'dbname' => 'mag2',
                'username' => 'root',
                'password' => '{{rootpassword}}',
                'model' => 'mysql4',
                'engine' => 'innodb',
                'initStatements' => 'SET NAMES utf8;',
                'active' => '1',
                'profiler' => 1
            ],
            'wordpress' => [
                'host' => 'localhost',
                'dbname' => 'wp',
                'username' => 'root',
                'password' => '{{rootpassword}}',
                'active' => '1'
            ]
        ]
    ],
    'resource' => [
        'default_setup' => [
            'connection' => 'default'
        ]
    ],
    'x-frame-options' => 'SAMEORIGIN',
    'MAGE_MODE' => 'developer',
    'install' => [
        'date' => 'Wed, 16 Sep 2020 13:05:00 +0000'
    ],
 ];
diff --git a/magento-varnish.conf b/magento-varnish.conf
 upstream fastcgi_backend {
    server unix:/run/php-fpm/php-fpm.sock;
 }

 server {
    listen 8080;
    listen [::]:8080;

    server_name _;
    
    # Default nginx
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
    # EO: Default nginx

    #set $MAGE_ROOT /opt/magento/magento2;

    #include /opt/magento/magento2/nginx.wp.conf;
    #include /opt/magento/magento2/nginx.conf;
 }

 #server {
 #    listen 443 ssl http2 default_server;
 #    listen [::]:443 ssl http2 default_server;

 #    server_name _;

 #    ssl_certificate /etc/letsencrypt/live/{{hostname}}/fullchain.pem;
 #    ssl_certificate_key /etc/letsencrypt/live/{{hostname}}/privkey.pem;

 #    keepalive_timeout           300s;

 #    client_max_body_size        10M;

 #    http2_push_preload on;
 #    http2_max_concurrent_pushes 25;
 #    location / {
 #        proxy_pass http://127.0.0.1;
 #        proxy_buffers 16 16k;
 #        proxy_buffer_size 32k;
 #        proxy_busy_buffers_size 32k;
 #        proxy_read_timeout 600s;
 #        proxy_connect_timeout 70s;
 #        proxy_set_header Host $http_host;
 #        proxy_set_header X-Forwarded-Host $http_host;
 #        proxy_set_header X-Real-IP $remote_addr;
 #        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #        proxy_set_header X-Forwarded-Proto https;
 #        proxy_set_header X-Forwarded-Port 443;
 #        proxy_set_header Ssl-Offloaded "1";
 #    }

 #    location /kibana {
 #        proxy_pass http://localhost:5601;
 #        proxy_http_version 1.1;
 #        proxy_set_header Upgrade $http_upgrade;
 #        proxy_set_header Connection 'upgrade';
 #        proxy_set_header Host $host;
 #        proxy_cache_bypass $http_upgrade;
 #    }
 #}
diff --git a/magento.conf b/magento.conf
 upstream fastcgi_backend {
    server unix:/run/php-fpm/php-fpm.sock;
 }

 # Update the {url}, after lets encrypt has generated the cert you can comment out the include in 80 uncomment the 301
 server {
    listen 80 default_server;
    server_name _;
    set $MAGE_ROOT /opt/magento/magento2;
    include /opt/magento/magento2/nginx.conf;
    #return       301 https://{url}$request_uri;
 }

 # Uncomment this entire block after SSL generated.
 #server {
 #    listen 443 ssl http2 default_server;
 #    server_name _;

 #    ssl_certificate /etc/letsencrypt/live/{url}/fullchain.pem;
 #    ssl_certificate_key /etc/letsencrypt/live/{url}/privkey.pem;

 #    set $MAGE_ROOT /opt/magento/magento2;
 #    include /opt/magento/magento2/nginx.conf;
 #    include /opt/magento/magento2/nginx.wp.conf;
 #}
diff --git a/varnish.service b/varnish.service
 [Unit]
 Description=Varnish Cache, a high-performance HTTP accelerator
 After=network-online.target nss-lookup.target

 [Service]
 Type=forking
 KillMode=process

 # Maximum number of open files (for ulimit -n)
 LimitNOFILE=131072

 # Locked shared memory - should suffice to lock the shared memory log
 # (varnishd -l argument)
 # Default log size is 80MB vsl + 1M vsm + header -> 82MB
 # unit is bytes
 LimitMEMLOCK=85983232

 # Enable this to avoid "fork failed" on reload.
 TasksMax=infinity

 # Maximum size of the corefile.
 LimitCORE=infinity

 ExecStart=/usr/sbin/varnishd \
            -a :80 \
            -a localhost:6082 \
            -p feature=+http2 \
            -p http_req_hdr_len=64k \
            -p http_resp_hdr_len=64k \
            -p http_resp_size=128k \
            -p workspace_backend=256k \
            -f /etc/varnish/default.vcl \
            -S /etc/varnish/secret \
            -s malloc,4G
 ExecReload=/usr/sbin/varnishreload

 Restart=on-failure

 [Install]
 WantedBy=multi-user.target
	# Configuration file for db-sync (https://github.com/clivewalkden/bash-magento2-db-sync)
	remote_host={{remote_host}}
	remote_domain={{remote_domain}}
	remote_port={{remote_port}}
	remote_username={{remote_username}}
	remote_magento_dir={{remote_magento_dir}}
	remote_backup_dir={{remote_backup_dir}}
	remote_shared_deployment_dir={{remote_shared_deployment_dir}}
	local_backup_dir={{local_backup_dir}}
	# VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
	vcl 4.1;

	import std;
	# The minimal Varnish version is 6.0
	# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'

	backend default {
	.host = "localhost";
	.port = "8080";
	.first_byte_timeout = 600s;
	.probe = {
	.url = "/health_check.php";
	.timeout = 2s;
	.interval = 5s;
	.window = 10;
	.threshold = 5;
	}
	}

	acl purge {
	"localhost";
	"127.0.0.1";
	"::1";
	}

	sub vcl_recv {
	# Remove empty query string parameters
	# e.g.: www.example.com/index.html?
	if (req.url ~ "\?$") {
	set req.url = regsub(req.url, "\?$", "");
	}

	# Remove port number from host header
	set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");

	# Sorts query string parameters alphabetically for cache normalization purposes
	set req.url = std.querysort(req.url);

	# Remove the proxy header to mitigate the httpoxy vulnerability
	# See https://httpoxy.org/
	unset req.http.proxy;

	# Add X-Forwarded-Proto header when using https
	if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443)) {
	set req.http.X-Forwarded-Proto = "https";
	}

	# Reduce grace to 300s if the backend is healthy
	# In case of an unhealthy backend, the original grace is used
	if (std.healthy(req.backend_hint)) {
	set req.grace = 300s;
	}

	# Purge logic to remove objects from the cache
	# Tailored to Magento's cache invalidation mechanism
	if (req.method == "PURGE") {
	if (client.ip !~ purge) {
	return (synth(405, "Method not allowed"));
	}
	# To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
	# has been added to the response in your backend server config. This is used, for example, by the
	# capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
	if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
	return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
	}
	if (req.http.X-Magento-Tags-Pattern) {
	ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
	}
	if (req.http.X-Pool) {
	ban("obj.http.X-Pool ~ " + req.http.X-Pool);
	}
	return (synth(200, "Purged"));
	}

	# Only handle relevant HTTP request methods
	if (req.method != "GET" &&
	req.method != "HEAD" &&
	req.method != "PUT" &&
	req.method != "POST" &&
	req.method != "PATCH" &&
	req.method != "TRACE" &&
	req.method != "OPTIONS" &&
	req.method != "DELETE") {
	/* Non-RFC2616 or CONNECT which is weird. */
	return (pipe);
	}

	# We only deal with GET and HEAD by default
	if (req.method != "GET" && req.method != "HEAD") {
	return (pass);
	}

	# Bypass shopping cart, checkout and search requests
	if (req.url ~ "/checkout" \|\| req.url ~ "/catalogsearch") {
	return (pass);
	}

	# Bypass health check requests
	if (req.url ~ "^/(pub/)?(health_check.php)$") {
	return (pass);
	}

	# collect all cookies
	std.collect(req.http.Cookie);

	# Remove all marketing get parameters to minimize the cache objects
	if (req.url ~ "(\?\|&)(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=") {
	set req.url = regsuball(req.url, "(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
	set req.url = regsub(req.url, "[?\|&]+$", "");
	}

	# Don't cache the authenticated GraphQL requests
	if (req.url ~ "/graphql" && req.http.Authorization ~ "^Bearer") {
	return (pass);
	}

	return (hash);
	}

	sub vcl_hash {
	# Add a cache variation based on the X-Magento-Vary cookie
	if (req.http.cookie ~ "X-Magento-Vary=") {
	hash_data(regsub(req.http.cookie, "^.?X-Magento-Vary=([^;]+);.*$", "\1"));
	} else {
	hash_data("");
	}

	# Create cache variations depending on the request protocol
	hash_data(req.http.X-Forwarded-Proto);

	# Create store and currency cache variations for GraphQL requests
	if (req.url ~ "/graphql") {
	hash_data(req.http.Store);
	hash_data(req.http.Content-Currency);
	}
	}

	sub vcl_backend_response {
	# Serve stale content for three days after object expiration
	# Perform asynchronous revalidation while stale content is served
	set beresp.grace = 3d;

	# All text-based content can be parsed as ESI
	if (beresp.http.content-type ~ "text") {
	set beresp.do_esi = true;
	}

	# Allow GZIP compression on all JavaScript files and all text-based content
	if (bereq.url ~ "\.js$" \|\| beresp.http.content-type ~ "text") {
	set beresp.do_gzip = true;
	}

	# Add debug headers
	if (beresp.http.X-Magento-Debug) {
	set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
	}

	# cache only successfully responses and 404s
	if (beresp.status != 200 && beresp.status != 404) {
	set beresp.ttl = 120s;
	set beresp.uncacheable = true;
	return (deliver);
	# Don't cache private responses
	} elsif (beresp.http.Cache-Control ~ "private") {
	set beresp.uncacheable = true;
	set beresp.ttl = 86400s;
	return (deliver);
	}

	# validate if we need to cache it and prevent from setting cookie
	if (beresp.ttl > 0s && (bereq.method == "GET" \|\| bereq.method == "HEAD")) {
	unset beresp.http.set-cookie;
	}

	# If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
	if (beresp.ttl <= 0s \|\|
	beresp.http.Surrogate-control ~ "no-store" \|\|
	(!beresp.http.Surrogate-Control &&
	beresp.http.Cache-Control ~ "no-cache\|no-store") \|\|
	beresp.http.Vary == "*") {
	# Mark as Hit-For-Pass for the next 2 minutes
	set beresp.ttl = 120s;
	set beresp.uncacheable = true;
	}

	return (deliver);
	}

	sub vcl_deliver {
	# Add debug headers
	if (resp.http.X-Magento-Debug) {
	if (obj.uncacheable) {
	set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
	} else if (obj.hits) {
	set resp.http.X-Magento-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	set resp.http.X-Magento-Cache-Debug = "MISS";
	}
	} else {
	unset resp.http.Age;
	}
	if (obj.uncacheable) {
	set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
	} else if (obj.hits) {
	set resp.http.X-Magento-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	set resp.http.X-Magento-Cache-Debug = "MISS";
	}


	# Not letting browser to cache non-static files.
	if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media\|static)/") {
	set resp.http.Pragma = "no-cache";
	set resp.http.Expires = "-1";
	set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
	}

	unset resp.http.X-Magento-Debug;
	unset resp.http.X-Magento-Tags;
	unset resp.http.X-Powered-By;
	unset resp.http.Server;
	unset resp.http.X-Varnish;
	unset resp.http.Via;
	unset resp.http.Link;
	}
	<?php
	return [
	'backend' => [
	'frontName' => 'sozoadmin'
	],
	'crypt' => [
	'key' => '{{key}}'
	],
	'db' => [
	'table_prefix' => '',
	'connection' => [
	'default' => [
	'host' => 'localhost',
	'dbname' => 'mag2',
	'username' => 'root',
	'password' => '{{rootpassword}}',
	'model' => 'mysql4',
	'engine' => 'innodb',
	'initStatements' => 'SET NAMES utf8;',
	'active' => '1',
	'profiler' => 1
	],
	'wordpress' => [
	'host' => 'localhost',
	'dbname' => 'wp',
	'username' => 'root',
	'password' => '{{rootpassword}}',
	'active' => '1'
	]
	]
	],
	'resource' => [
	'default_setup' => [
	'connection' => 'default'
	]
	],
	'x-frame-options' => 'SAMEORIGIN',
	'MAGE_MODE' => 'developer',
	'install' => [
	'date' => 'Wed, 16 Sep 2020 13:05:00 +0000'
	],
	];
	upstream fastcgi_backend {
	server unix:/run/php-fpm/php-fpm.sock;
	}

	server {
	listen 8080;
	listen [::]:8080;

	server_name _;

	# Default nginx
	location / {
	root /usr/share/nginx/html;
	index index.html index.htm;
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}
	# EO: Default nginx

	#set $MAGE_ROOT /opt/magento/magento2;

	#include /opt/magento/magento2/nginx.wp.conf;
	#include /opt/magento/magento2/nginx.conf;
	}

	#server {
	# listen 443 ssl http2 default_server;
	# listen [::]:443 ssl http2 default_server;

	# server_name _;

	# ssl_certificate /etc/letsencrypt/live/{{hostname}}/fullchain.pem;
	# ssl_certificate_key /etc/letsencrypt/live/{{hostname}}/privkey.pem;

	# keepalive_timeout 300s;

	# client_max_body_size 10M;

	# http2_push_preload on;
	# http2_max_concurrent_pushes 25;
	# location / {
	# proxy_pass http://127.0.0.1;
	# proxy_buffers 16 16k;
	# proxy_buffer_size 32k;
	# proxy_busy_buffers_size 32k;
	# proxy_read_timeout 600s;
	# proxy_connect_timeout 70s;
	# proxy_set_header Host $http_host;
	# proxy_set_header X-Forwarded-Host $http_host;
	# proxy_set_header X-Real-IP $remote_addr;
	# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	# proxy_set_header X-Forwarded-Proto https;
	# proxy_set_header X-Forwarded-Port 443;
	# proxy_set_header Ssl-Offloaded "1";
	# }

	# location /kibana {
	# proxy_pass http://localhost:5601;
	# proxy_http_version 1.1;
	# proxy_set_header Upgrade $http_upgrade;
	# proxy_set_header Connection 'upgrade';
	# proxy_set_header Host $host;
	# proxy_cache_bypass $http_upgrade;
	# }
	#}
	upstream fastcgi_backend {
	server unix:/run/php-fpm/php-fpm.sock;
	}

	# Update the {url}, after lets encrypt has generated the cert you can comment out the include in 80 uncomment the 301
	server {
	listen 80 default_server;
	server_name _;
	set $MAGE_ROOT /opt/magento/magento2;
	include /opt/magento/magento2/nginx.conf;
	#return 301 https://{url}$request_uri;
	}

	# Uncomment this entire block after SSL generated.
	#server {
	# listen 443 ssl http2 default_server;
	# server_name _;

	# ssl_certificate /etc/letsencrypt/live/{url}/fullchain.pem;
	# ssl_certificate_key /etc/letsencrypt/live/{url}/privkey.pem;

	# set $MAGE_ROOT /opt/magento/magento2;
	# include /opt/magento/magento2/nginx.conf;
	# include /opt/magento/magento2/nginx.wp.conf;
	#}
	[Unit]
	Description=Varnish Cache, a high-performance HTTP accelerator
	After=network-online.target nss-lookup.target

	[Service]
	Type=forking
	KillMode=process

	# Maximum number of open files (for ulimit -n)
	LimitNOFILE=131072

	# Locked shared memory - should suffice to lock the shared memory log
	# (varnishd -l argument)
	# Default log size is 80MB vsl + 1M vsm + header -> 82MB
	# unit is bytes
	LimitMEMLOCK=85983232

	# Enable this to avoid "fork failed" on reload.
	TasksMax=infinity

	# Maximum size of the corefile.
	LimitCORE=infinity

	ExecStart=/usr/sbin/varnishd \
	-a :80 \
	-a localhost:6082 \
	-p feature=+http2 \
	-p http_req_hdr_len=64k \
	-p http_resp_hdr_len=64k \
	-p http_resp_size=128k \
	-p workspace_backend=256k \
	-f /etc/varnish/default.vcl \
	-S /etc/varnish/secret \
	-s malloc,4G
	ExecReload=/usr/sbin/varnishreload

	Restart=on-failure

	[Install]
	WantedBy=multi-user.target