search

magento / magento-cloud-docker

All Submissions you make to Magento Inc. (“Magento") through GitHub are subject to the following terms and conditions: (1) You grant Magento a perpetual, worldwide, non-exclusive, no charge, royalty free, irrevocable license under your applicable copyrights and patents to reproduce, prepare derivative works of, display, publically perform, sublicense and distribute any feedback, ideas, code, or other information (“Submission") you submit through GitHub. (2) Your Submission is an original work of authorship and you are the owner or are legally entitled to grant the license stated above. (3) You agree to the Contributor License Agreement found here: https://github.com/magento/magento2/blob/master/CONTRIBUTOR_LICENSE_AGREEMENT.html
Open Software License 3.0
256 stars 192 forks source link

Varnish CSP - Header too long #368

Open spdivn opened 3 months ago

spdivn commented 3 months ago

Preconditions

  1. Magento version 2.4.7 - No sample data
  2. Live Search modules is installed
  3. PHP 8.3 (magento/magento-cloud-docker-php:8.3-cli-1.3.7)
  4. MySQL 10.6 (mariadb:10.6)
  5. Varnish 6.6 (magento/magento-cloud-docker-varnish:6.6-1.3.7)
  6. Nginx 1.24 (magento/magento-cloud-docker-nginx:1.24-1.3.7)
  7. Opensearch 2.4 (magento/magento-cloud-docker-opensearch:2.4-1.3.7)
  8. Fpm (magento/magento-cloud-docker-php:8.3-fpm-1.3.7)
  9. Redis 7.2 (redis:7.2)

Steps to reproduce

Use this docker-compose that are generated by ece-docker

# ./vendor/bin/ece-docker 'build:compose' --with-cron --with-xdebug --db='10.6' --php='8.3' --mode=developer --host='magento2.local' --no-es
version: '2.1'
services:
  db:
    hostname: db.magento2.local
    image: 'mariadb:10.6'
    shm_size: 2gb
    environment:
      - MYSQL_ROOT_PASSWORD=magento2
      - MYSQL_DATABASE=magento2
      - MYSQL_USER=magento2
      - MYSQL_PASSWORD=magento2
    ports:
      - '3306:3306'
    volumes:
      - '.:/app:delegated'
      - 'mymagento-magento-db:/var/lib/mysql'
    healthcheck:
      test: 'mysqladmin ping -h localhost -pmagento2'
      interval: 30s
      timeout: 30s
      retries: 3
    networks:
      magento:
        aliases:
          - db.magento2.local
  redis:
    hostname: redis.magento2.local
    image: 'redis:7.2'
    volumes:
      - '.:/app:delegated'
    ports:
      - '6379:6379'
    sysctls:
      net.core.somaxconn: 1024
    ulimits:
      nproc: 65535
      nofile:
        soft: 20000
        hard: 40000
    healthcheck:
      test: 'redis-cli ping || exit 1'
      interval: 30s
      timeout: 30s
      retries: 3
    networks:
      magento:
        aliases:
          - redis.magento2.local
  opensearch:
    hostname: opensearch.magento2.local
    image: 'magento/magento-cloud-docker-opensearch:2.4-1.3.7'
    ulimits:
      memlock:
        soft: -1
        hard: -1
    environment:
      - cluster.name=docker-cluster
      - discovery.type=single-node
      - discovery.seed_hosts=opensearch
      - bootstrap.memory_lock=true
      - DISABLE_SECURITY_PLUGIN=true
    networks:
      magento:
        aliases:
          - opensearch.magento2.local
  fpm:
    hostname: fpm.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-fpm-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - fpm.magento2.local
    depends_on:
      db:
        condition: service_healthy
  web:
    hostname: web.magento2.local
    image: 'magento/magento-cloud-docker-nginx:1.24-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    environment:
      - WITH_XDEBUG=1
      - NGINX_WORKER_PROCESSES=1
      - NGINX_WORKER_CONNECTIONS=1024
    networks:
      magento:
        aliases:
          - web.magento2.local
    depends_on:
      fpm:
        condition: service_started
  varnish:
    hostname: varnish.magento2.local
    image: 'magento/magento-cloud-docker-varnish:6.6-1.3.7'
    networks:
      magento:
        aliases:
          - varnish.magento2.local
    depends_on:
      web:
        condition: service_started
  tls:
    hostname: tls.magento2.local
    image: 'magento/magento-cloud-docker-nginx:1.24-1.3.7'
    extends: generic
    networks:
      magento:
        aliases:
          - magento2.local
    environment:
      - NGINX_WORKER_PROCESSES=1
      - NGINX_WORKER_CONNECTIONS=1024
      - UPSTREAM_HOST=varnish
      - UPSTREAM_PORT=80
    ports:
      - '80:80'
      - '443:443'
    depends_on:
      varnish:
        condition: service_started
  fpm_xdebug:
    hostname: fpm_xdebug.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-fpm-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    environment:
      - 'PHP_EXTENSIONS=bcmath bz2 calendar exif gd gettext intl mysqli pcntl pdo_mysql soap sockets sysvmsg sysvsem sysvshm opcache zip xsl sodium xdebug'
    networks:
      magento:
        aliases:
          - fpm_xdebug.magento2.local
    depends_on:
      db:
        condition: service_started
  generic:
    hostname: generic.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    env_file: ./.docker/config.env
    environment:
      - MAGENTO_RUN_MODE=developer
      - 'PHP_EXTENSIONS=bcmath bz2 calendar exif gd gettext intl mysqli pcntl pdo_mysql soap sockets sysvmsg sysvsem sysvshm opcache zip xsl sodium'
      - 'SENDMAIL_PATH=/usr/local/bin/mhsendmail --smtp-addr=mailhog:1025'
  build:
    hostname: build.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - build.magento2.local
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      opensearch:
        condition: service_healthy
  deploy:
    hostname: deploy.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - deploy.magento2.local
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      opensearch:
        condition: service_healthy
  mailhog:
    hostname: mailhog.magento2.local
    image: 'magento/magento-cloud-docker-mailhog:1.0-1.3.7'
    ports:
      - '1025:1025'
      - '8025:8025'
    networks:
      magento:
        aliases:
          - mailhog.magento2.local
  cron:
    hostname: cron.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    extends: generic
    command: run-cron
    environment:
      CRONTAB: '* * * * * root cd /app && /usr/local/bin/php bin/magento cron:run >> /app/var/log/cron.log'
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - cron.magento2.local
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      opensearch:
        condition: service_healthy
volumes:
  mymagento-magento-db: {  }
networks:
  magento:
    driver: bridge
  1. Install local docker machine
  2. Install plain Magento without sample data
  3. Install Live Search full bundle modules (with Popover, Search terms, etc...)
  4. bin/magento s:d:c
  5. bin/magento set:up

Expected result

  1. The frontend with Luma theme is showing and work correctly image

Actual result

  1. Error 503 Backend fetch failed - Varnish Cache Server
  2. Error in Varnish container Header too long: Content-Security-Policy image

Solution

  1. Change default varnish VCL by updating this three parameters to desider value.
    • http_max_hdr
    • http_req_hdr_len
    • http_resp_hdr_len