Reverse proxy in DDEV cluster

[adriendupuis]

Question	Answer
JIRA Ticket	N/A
Versions	5.0, 4.6
Edition	All

How to add a reverse proxy Varnish or Fastly, into a DDEV cluster.

Preview https://ez-systems-developer-documentation--2999.com.readthedocs.build/en/2999/infrastructure_and_maintenance/clustering/clustering_with_ddev/#install-reverse-proxy

Checklist

• Text renders correctly
• Text has been checked with vale
• Description metadata is up to date
• Redirects cover removed/moved pages
• Code samples are working
• PHP code samples have been fixed with PHP CS fixer
• Added link to this PR in relevant JIRA ticket or code PR

[github-actions]

Preview of modified files

Preview of modified Markdown:

• docs/infrastructure_and_maintenance/clustering/clustering_with_ddev.md

[adriendupuis]

Suggested change

	1. Set some variables to distinguish Varnish versions, here for Varnish 7.1
	1. Set some variables to distinguish between Varnish versions, here for Varnish 7.1

[adriendupuis]

Suggested change

	VARNISH_VERSION=7.1
	vcl_path=vcl_path
	vcl_file=varnish7.vcl
	mkdir -p .ddev/varnish
	cp vendor/ibexa/http-cache/docs/varnish/vcl/$vcl_file .ddev/varnish/
	sed 's/.host = "127.0.0.1";/.host = "web";/' vendor/ibexa/http-cache/docs/varnish/vcl/parameters.vcl > .ddev/varnish/parameters.vcl
	sed -i '/^acl invalidators {$/a \\ "web";' .ddev/varnish/parameters.vcl
	sed -i '/^acl debuggers {$/a \\ "0.0.0.0"/0; \/\/ debug from any IP' .ddev/varnish/parameters.vcl
	if [[ $VARNISH_VERSION == 7.* ]]; then
	sed -i 's/acl invalidators {/acl invalidators +log {/' .ddev/varnish/parameters.vcl
	sed -i 's/acl debuggers {/acl debuggers +log {/' .ddev/varnish/parameters.vcl
	fi
	ddev dotenv set .ddev/.env.varnish --varnish-docker-image=varnish:$VARNISH_VERSION --varnish-varnishd-params " -p $vcl_path=/etc/varnish -f /etc/varnish/$vcl_file"
	VARNISH_VERSION=7.1
	mkdir -p .ddev/varnish
	sed 's/.host = "127.0.0.1";/.host = "web";/' vendor/ibexa/http-cache/docs/varnish/vcl/parameters.vcl > .ddev/varnish/parameters.vcl
	sed -i '/^acl invalidators {$/a \\ "web";' .ddev/varnish/parameters.vcl
	sed -i '/^acl debuggers {$/a \\ "0.0.0.0"/0; \/\/ debug from any IP' .ddev/varnish/parameters.vcl
	if [[ $VARNISH_VERSION == 7.* ]]; then
	sed -i 's/acl invalidators {/acl invalidators +log {/' .ddev/varnish/parameters.vcl
	sed -i 's/acl debuggers {/acl debuggers +log {/' .ddev/varnish/parameters.vcl
	vcl_path=vcl_path
	vcl_file=varnish7.vcl
	fi
	cp vendor/ibexa/http-cache/docs/varnish/vcl/$vcl_file .ddev/varnish/
	ddev dotenv set .ddev/.env.varnish --varnish-docker-image=varnish:$VARNISH_VERSION --varnish-varnishd-params " -p $vcl_path=/etc/varnish -f /etc/varnish/$vcl_file"

And update step descriptions accordingly

[adriendupuis]

When minor variables are moved to the if, then:

Suggested change

	To use Varnish 6.0LTS, set the following variables instead:
	```bash
	VARNISH_VERSION=6.0
	vcl_path=vcl_dir
	vcl_file=varnish6.vcl
	```
	To use Varnish 6.0LTS, set the following variable instead:
	```bash
	VARNISH_VERSION=6.0
	```

[adriendupuis]

TODO:
Maybe a warning about the fact that the HTTPS (https://127.0.0.1:) URL probably fails?
But somehow, it shouldn't fail…

[reithor]

@adriendupuis : I tested by runing the following script on an existing project:

#!/bin/bash

VARNISH_VERSION=7.1
vcl_path=vcl_path
vcl_file=varnish7.vcl

mkdir -p .ddev/varnish
cp vendor/ibexa/http-cache/docs/varnish/vcl/$vcl_file .ddev/varnish/
sed 's/.host = "127.0.0.1";/.host = "web";/' vendor/ibexa/http-cache/docs/varnish/vcl/parameters.vcl > .ddev/varnish/parameters.vcl
sed -i '/^acl invalidators {$/a \\    "web";' .ddev/varnish/parameters.vcl
sed -i '/^acl debuggers {$/a \\    "0.0.0.0"/0; \/\/ debug from any IP' .ddev/varnish/parameters.vcl
if [[ $VARNISH_VERSION == 7.* ]]; then
  sed -i 's/acl invalidators {/acl invalidators +log {/' .ddev/varnish/parameters.vcl
  sed -i 's/acl debuggers {/acl debuggers +log {/' .ddev/varnish/parameters.vcl
fi
ddev dotenv set .ddev/.env.varnish --varnish-docker-image=varnish:$VARNISH_VERSION --varnish-varnishd-params " -p $vcl_path=/etc/varnish -f /etc/varnish/$vcl_file"

ddev get ddev/ddev-varnish

ddev config --web-environment-add HTTPCACHE_PURGE_SERVER=http://varnish
ddev config --web-environment-add HTTPCACHE_PURGE_TYPE=varnish
ddev config --web-environment-add TRUSTED_PROXIES=varnish

ddev restart

After this, responses still were showing x-cache-tags response header (should be Xkey).
I had to empty var/cache directory followed by running ddev restart to make it work.
After this cache purging by xkey was working fine.

Could you check/confirm ?

and:

curl -s -H "Surrogate-Capability: abc=ESI/1.0" https://127.0.0.1:<https-web-port> 

^ works for me