Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Varnish CSP - Header too long #368

Open
spdivn opened this issue Aug 22, 2024 · 0 comments
Open

Varnish CSP - Header too long #368

spdivn opened this issue Aug 22, 2024 · 0 comments
Labels
Progress: ready for grooming

Comments

@spdivn
Copy link

spdivn commented Aug 22, 2024

Preconditions

  1. Magento version 2.4.7 - No sample data
  2. Live Search modules is installed
  3. PHP 8.3 (magento/magento-cloud-docker-php:8.3-cli-1.3.7)
  4. MySQL 10.6 (mariadb:10.6)
  5. Varnish 6.6 (magento/magento-cloud-docker-varnish:6.6-1.3.7)
  6. Nginx 1.24 (magento/magento-cloud-docker-nginx:1.24-1.3.7)
  7. Opensearch 2.4 (magento/magento-cloud-docker-opensearch:2.4-1.3.7)
  8. Fpm (magento/magento-cloud-docker-php:8.3-fpm-1.3.7)
  9. Redis 7.2 (redis:7.2)

Steps to reproduce

Use this docker-compose that are generated by ece-docker

# ./vendor/bin/ece-docker 'build:compose' --with-cron --with-xdebug --db='10.6' --php='8.3' --mode=developer --host='magento2.local' --no-es
version: '2.1'
services:
  db:
    hostname: db.magento2.local
    image: 'mariadb:10.6'
    shm_size: 2gb
    environment:
      - MYSQL_ROOT_PASSWORD=magento2
      - MYSQL_DATABASE=magento2
      - MYSQL_USER=magento2
      - MYSQL_PASSWORD=magento2
    ports:
      - '3306:3306'
    volumes:
      - '.:/app:delegated'
      - 'mymagento-magento-db:/var/lib/mysql'
    healthcheck:
      test: 'mysqladmin ping -h localhost -pmagento2'
      interval: 30s
      timeout: 30s
      retries: 3
    networks:
      magento:
        aliases:
          - db.magento2.local
  redis:
    hostname: redis.magento2.local
    image: 'redis:7.2'
    volumes:
      - '.:/app:delegated'
    ports:
      - '6379:6379'
    sysctls:
      net.core.somaxconn: 1024
    ulimits:
      nproc: 65535
      nofile:
        soft: 20000
        hard: 40000
    healthcheck:
      test: 'redis-cli ping || exit 1'
      interval: 30s
      timeout: 30s
      retries: 3
    networks:
      magento:
        aliases:
          - redis.magento2.local
  opensearch:
    hostname: opensearch.magento2.local
    image: 'magento/magento-cloud-docker-opensearch:2.4-1.3.7'
    ulimits:
      memlock:
        soft: -1
        hard: -1
    environment:
      - cluster.name=docker-cluster
      - discovery.type=single-node
      - discovery.seed_hosts=opensearch
      - bootstrap.memory_lock=true
      - DISABLE_SECURITY_PLUGIN=true
    networks:
      magento:
        aliases:
          - opensearch.magento2.local
  fpm:
    hostname: fpm.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-fpm-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - fpm.magento2.local
    depends_on:
      db:
        condition: service_healthy
  web:
    hostname: web.magento2.local
    image: 'magento/magento-cloud-docker-nginx:1.24-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    environment:
      - WITH_XDEBUG=1
      - NGINX_WORKER_PROCESSES=1
      - NGINX_WORKER_CONNECTIONS=1024
    networks:
      magento:
        aliases:
          - web.magento2.local
    depends_on:
      fpm:
        condition: service_started
  varnish:
    hostname: varnish.magento2.local
    image: 'magento/magento-cloud-docker-varnish:6.6-1.3.7'
    networks:
      magento:
        aliases:
          - varnish.magento2.local
    depends_on:
      web:
        condition: service_started
  tls:
    hostname: tls.magento2.local
    image: 'magento/magento-cloud-docker-nginx:1.24-1.3.7'
    extends: generic
    networks:
      magento:
        aliases:
          - magento2.local
    environment:
      - NGINX_WORKER_PROCESSES=1
      - NGINX_WORKER_CONNECTIONS=1024
      - UPSTREAM_HOST=varnish
      - UPSTREAM_PORT=80
    ports:
      - '80:80'
      - '443:443'
    depends_on:
      varnish:
        condition: service_started
  fpm_xdebug:
    hostname: fpm_xdebug.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-fpm-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    environment:
      - 'PHP_EXTENSIONS=bcmath bz2 calendar exif gd gettext intl mysqli pcntl pdo_mysql soap sockets sysvmsg sysvsem sysvshm opcache zip xsl sodium xdebug'
    networks:
      magento:
        aliases:
          - fpm_xdebug.magento2.local
    depends_on:
      db:
        condition: service_started
  generic:
    hostname: generic.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    env_file: ./.docker/config.env
    environment:
      - MAGENTO_RUN_MODE=developer
      - 'PHP_EXTENSIONS=bcmath bz2 calendar exif gd gettext intl mysqli pcntl pdo_mysql soap sockets sysvmsg sysvsem sysvshm opcache zip xsl sodium'
      - 'SENDMAIL_PATH=/usr/local/bin/mhsendmail --smtp-addr=mailhog:1025'
  build:
    hostname: build.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - build.magento2.local
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      opensearch:
        condition: service_healthy
  deploy:
    hostname: deploy.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    extends: generic
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - deploy.magento2.local
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      opensearch:
        condition: service_healthy
  mailhog:
    hostname: mailhog.magento2.local
    image: 'magento/magento-cloud-docker-mailhog:1.0-1.3.7'
    ports:
      - '1025:1025'
      - '8025:8025'
    networks:
      magento:
        aliases:
          - mailhog.magento2.local
  cron:
    hostname: cron.magento2.local
    image: 'magento/magento-cloud-docker-php:8.3-cli-1.3.7'
    extends: generic
    command: run-cron
    environment:
      CRONTAB: '* * * * * root cd /app && /usr/local/bin/php bin/magento cron:run >> /app/var/log/cron.log'
    volumes:
      - '.:/app:delegated'
    networks:
      magento:
        aliases:
          - cron.magento2.local
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      opensearch:
        condition: service_healthy
volumes:
  mymagento-magento-db: {  }
networks:
  magento:
    driver: bridge
  1. Install local docker machine
  2. Install plain Magento without sample data
  3. Install Live Search full bundle modules (with Popover, Search terms, etc...)
  4. bin/magento s:d:c
  5. bin/magento set:up

Expected result

  1. The frontend with Luma theme is showing and work correctly
    image

Actual result

  1. Error 503 Backend fetch failed - Varnish Cache Server
  2. Error in Varnish container Header too long: Content-Security-Policy
    image

Solution

  1. Change default varnish VCL by updating this three parameters to desider value.
  • http_max_hdr
  • http_req_hdr_len
  • http_resp_hdr_len
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Progress: ready for grooming
Projects
Backlog
Status: Ready for Grooming
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spdivn