Try dragonfly its supposed to be 25x faster than redis GitHub - dragonflydb/dragonfly: A modern replacement for Redis and Memcached
Finally got it. Magento 2.4.4 , php 8.1.6, elasticsearch 7.17.3, composer 2.x, nginx 1.21.6, mariadb 10.,5.16 and Varnish 7.0.2 working flawlessly with HestiaCP.
For those interested, I’ll post a How-To-Guide here on the HestiaCP forum.
Thanks to those in the thread that offered their advice and assistance.
This is awesome! I am very happy to read that you finally pulled it off. I am very interested in getting a better ttfb too please don’t forget to share.
I am also very interested, can not wait for your guide
I also have Varnish working on Hestia now. You just need to copy the default.tpl
and default.stpl
files in /usr/local/hestia/data/templates/web/nginx/
as varnish.tpl
and varnish.stpl
, changing the proxy_pass http://%ip%:%web_port%;
to proxy_pass http://%ip%:6081;
and proxy_pass https://%ip%:%web_ssl_port%;
to proxy_pass http://%ip%:6081;
while setting the IP and Port in Varnish’s default.vcl
to your local IP and 8080
.
This puts Varnish between Nginx and Apache, allowing Nginx to do the SSL offloading you’re expecting and Varnish to do the caching.
@jearle That is great! I’ve done it in a similar way but with Nginx and without Apache.
Are you forwarding the actual IP of the web site user to your logs, replacing the internal server IP?
This is what I’m working on now. We need the actual customer’s IP which can be forwarded through Nginx, and was wondering if you’ve dealt with this yet.
Yes, in Nginx, realip
EDIT:
I added the following:
set_real_ip_from X.X.X.X; (where X.X.X.X is your server IP)
real_ip_header X-Real-IP;
real_ip_recursive on;
Added the above to /etc/nginx/nginx.conf
and we’re passing customer’s IPs.
Great work, Thanks everyone! Can someone create a full guide for this?
The same thing happened to me and if you do a check it tells you that port 80 is still busy. I changed the configs of each domain to 8080 rebuild and it worked for me
Hi!
Have you posted your How-To-Guide somewhere? Can’t seem to find it 14months later
Do you have Redis on yours? Did you uninstall apache?
Looking at doing same setup with latest versions and Redis.
For those interested in a boilerplate template for Varnish on HestiaCP, here it is.
Just to mention, the architecture is as follows:
Request —> Nginx 443/80 —> Varnish 6081 —> Nginx 81
- Create or edit a custom Nginx template within
/usr/local/hestia/data/templates/web/nginx/php-fpm/
. For example purposes mine is/usr/local/hestia/data/templates/web/nginx/php-fpm/prestashop-varnish.stpl
. I’ve used the Prestashop template as example.
2 Create files for both versions .stpl and .tpl files(HTTPS and HTTP).
server {
listen %ip%:%web_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.(?!well-known\/) {
deny all;
return 404;
}
# Force pdf files to be downloaded
location ~* \.pdf$ {
add_header Content-Disposition Attachment;
add_header X-Content-Type-Options nosniff;
}
# Force files in upload directory to be downloaded
location ~ ^/upload/ {
add_header Content-Disposition Attachment;
add_header X-Content-Type-Options nosniff;
}
# Source code directories
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
deny all;
return 404;
}
# vendor in modules directory
location ~ ^/modules/.*/vendor/ {
deny all;
return 404;
}
# Prevent exposing other sensitive files
location ~ \.(yml|log|tpl|twig|sass)$ {
deny all;
return 404;
}
# Prevent injection of php files
location /upload {
location ~ \.php$ {
deny all;
return 404;
}
}
location / {
proxy_pass http://127.0.0.1:6081; # Varnish port
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS "on";
}
error_page 403 /error/404.html;
error_page 404 /index.php?controller=404;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
proxy_hide_header Upgrade;
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}
server {
listen 127.0.0.1:81;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 365d;
#fastcgi_hide_header "Set-Cookie";
}
location ~ [^/]\.php(/|$) {
try_files $fastcgi_script_name /index.php$uri&$args =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass %backend_lsnr%;
include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
}
}
}
-
Rebuild
/usr/local/hestia/bin/v-rebuild-web-domains USERNAME
-
Assign the new template to the desired domain
Hope it helps to someone!