michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62999c40cdce576f46e3c8e4d7641e2f02cf39bc
michaelschiemer/deployment/infrastructure/roles/nginx-proxy/defaults/main.yml
Michael Schiemer 9b74ade5b0 feat: Fix discovery system critical issues 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-13 12:04:17 +02:00

184 lines
5.3 KiB
YAML
Raw Blame History

---
# Nginx Proxy Role Default Variables
# Nginx Installation
nginx_version: "latest"
nginx_package: nginx
nginx_service: nginx
nginx_user: www-data
nginx_group: www-data
# SSL Configuration
ssl_provider: "{{ ssl_provider | default('letsencrypt') }}"
ssl_email: "{{ ssl_email }}"
ssl_certificate_path: "{{ ssl_certificate_path | default('/etc/letsencrypt/live/' + domain_name) }}"
ssl_protocols:
- TLSv1.2
- TLSv1.3
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_prefer_server_ciphers: true
ssl_session_cache: "shared:SSL:10m"
ssl_session_timeout: "1d"
ssl_session_tickets: false
ssl_stapling: true
ssl_stapling_verify: true
# HSTS Configuration
hsts_enabled: true
hsts_max_age: 63072000 # 2 years
hsts_include_subdomains: true
hsts_preload: true
# Security Headers
security_headers:
X-Frame-Options: "SAMEORIGIN"
X-Content-Type-Options: "nosniff"
X-XSS-Protection: "1; mode=block"
Referrer-Policy: "strict-origin-when-cross-origin"
Permissions-Policy: "geolocation=(), microphone=(), camera=()"
Content-Security-Policy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'"
# Rate Limiting
rate_limiting_enabled: true
rate_limit_zone: "api"
rate_limit_requests: "10r/s"
rate_limit_burst: 20
rate_limit_nodelay: true
# Upstream Configuration
upstream_servers:
- name: php-backend
servers:
- address: "127.0.0.1:9000"
weight: 1
max_fails: 3
fail_timeout: 30s
keepalive: 32
keepalive_requests: 100
keepalive_timeout: 60s
# Virtual Hosts
nginx_vhosts:
- server_name: "{{ domain_name }}"
listen: "443 ssl http2"
root: "/var/www/html/public"
index: "index.php index.html"
ssl_certificate: "{{ ssl_certificate_path }}/fullchain.pem"
ssl_certificate_key: "{{ ssl_certificate_path }}/privkey.pem"
access_log: "/var/log/nginx/{{ domain_name }}-access.log main"
error_log: "/var/log/nginx/{{ domain_name }}-error.log"
extra_parameters: |
# PHP-FPM Configuration
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
}
# API Rate Limiting
location /api/ {
limit_req zone={{ rate_limit_zone }} burst={{ rate_limit_burst }}{{ ' nodelay' if rate_limit_nodelay else '' }};
try_files $uri $uri/ /index.php$is_args$args;
}
# Static Assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# Security
location ~ /\.ht {
deny all;
}
location ~ /\. {
deny all;
}
# HTTP to HTTPS redirect
nginx_redirect_vhost:
server_name: "{{ domain_name }}"
listen: "80"
return: "301 https://$server_name$request_uri"
# Global Nginx Configuration
nginx_worker_processes: "{{ nginx_worker_processes | default('auto') }}"
nginx_worker_connections: "{{ nginx_worker_connections | default(1024) }}"
nginx_multi_accept: true
nginx_sendfile: true
nginx_tcp_nopush: true
nginx_tcp_nodelay: true
nginx_keepalive_timeout: 65
nginx_keepalive_requests: 100
nginx_server_tokens: false
nginx_client_max_body_size: "100M"
nginx_client_body_timeout: 60
nginx_client_header_timeout: 60
nginx_send_timeout: 60
# Logging Configuration
nginx_access_log_format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time'
nginx_error_log_level: "{{ log_level | default('warn') }}"
# Gzip Configuration
nginx_gzip: true
nginx_gzip_vary: true
nginx_gzip_proxied: any
nginx_gzip_comp_level: 6
nginx_gzip_types:
- text/plain
- text/css
- text/xml
- text/javascript
- application/javascript
- application/json
- application/xml+rss
- application/atom+xml
- image/svg+xml
# Cache Configuration
nginx_cache_enabled: true
nginx_cache_path: "/var/cache/nginx"
nginx_cache_levels: "1:2"
nginx_cache_keys_zone: "framework_cache:10m"
nginx_cache_max_size: "1g"
nginx_cache_inactive: "60m"
nginx_cache_use_temp_path: false
# Real IP Configuration
nginx_real_ip_header: "X-Forwarded-For"
nginx_set_real_ip_from:
- "127.0.0.1"
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
# Let's Encrypt Configuration
letsencrypt_enabled: "{{ ssl_provider == 'letsencrypt' }}"
letsencrypt_email: "{{ ssl_email }}"
letsencrypt_domains:
- "{{ domain_name }}"
letsencrypt_webroot_path: "/var/www/letsencrypt"
letsencrypt_renewal_cron: true
letsencrypt_renewal_user: root
letsencrypt_renewal_minute: "30"
letsencrypt_renewal_hour: "2"
# Monitoring and Status
nginx_status_enabled: "{{ monitoring_enabled | default(true) }}"
nginx_status_location: "/nginx_status"
nginx_status_allowed_ips:
- "127.0.0.1"
- "::1"
Reference in New Issue View Git Blame Copy Permalink