Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hanoii/platformsh-recipes

A collection of scripts, commands, recipes and notes for platform.sh
https://github.com/hanoii/platformsh-recipes

Last synced: 1 day ago
JSON representation

A collection of scripts, commands, recipes and notes for platform.sh

Awesome Lists containing this project

README 

        
# Platform.sh recipes



A collection of scripts, commands, recipes and notes for platform.sh



- [ddev](#ddev)

- [Platform.sh setup](#platformsh-setup)

  * [`.platform.app.yaml` tweaks](#platformappyaml-tweaks)

  * [Build](#build)

  * [Tools](#tools)

  * [`.environment`](#environment)

  * [`.bashrc`](#bashrc)

- [Performance troubleshooting](#performance-troubleshooting)

  * [ahoy commands](#ahoy-commands)

  * [Time/memory used](#timememory-used)

  * [404s](#404s)

  * [User-Agents](#user-agents)

  * [IP addresses](#ip-addresses)

  * [URIs and Paths](#uris-and-paths)

  * [HTTP status filter](#http-status-filter)

  * [RPMs](#rpms)

    + [php.access.log](#phpaccesslog)

    + [access.log](#accesslog)



## ddev



This is also a ddev add-on that you can install with:



```sh

ddev get https://github.com/hanoii/platformsh-recipes/tarball/main

```



It installs most of the locally necesary scripts to run against platform.



## Platform.sh setup



### `.platform.app.yaml` tweaks



For the php logs commands, we need to alter php.access.log format so that in

includes more data, to do that add/amend the following on your

`.platform.app.yml`:



```yml

web:

  commands:

    pre_start: $PLATFORMSH_RECIPES_INSTALLDIR/platformsh-recipes/assets/platformsh/php-pre-start.sh

    start: /usr/bin/start-php-app -y "$PLATFORM_APP_DIR/.deploy/php-fpm.conf"

```



And the following to your mounts



```yml

mounts:

  "/.deploy":

    source: local

    source_path: "deploy"

```



You also need to configure the `PLATFORMSH_RECIPES_VERSION` on the variables

section:



```yml

variables:

  ...

  PLATFORMSH_RECIPES_VERSION: 6be82fe



```



The version is the SHA1 commit hash you wish to install. It can be of any

length.



### Build



First of all, you should get the files on this repo onto a platform.sh

container.



To do so, you can add the following to your build hook (**please provide the

commit sha of the repo for `PLATFORMSH_RECIPES_VERSION`**) :



```yml

hooks:

  build: |

    source /dev/stdin  <<< "$(curl -fsSL "https://raw.githubusercontent.com/hanoii/platformsh-recipes/${PLATFORMSH_RECIPES_VERSION}/installer.sh")"

```



If you wish to automatically install and setup most of what this repo provides,

you can append `-f` to the `installer.sh` script above:



```yml

hooks:

  build: |

    source /dev/stdin  <<< "$(curl -fsSL "https://raw.githubusercontent.com/hanoii/platformsh-recipes/${PLATFORMSH_RECIPES_VERSION}/installer.sh")" -f

```



### Tools



There are different tools that I usually add to platform, some of them are

required by the commands referenced below.



If you haven't used the `-f` version of the installer, you can take what you

want from [this repo's build.sh](platformsh-recipes/assets/platformsh/build.sh).



### `.environment`



Some of this tools also needs additions to [Platform.sh's .environment

file][platformsh-environment]. If you haven't used the `-f` version of the

installer, you can take what you want from

[this repo's .environment](platformsh-recipes/assets/platformsh/.environment).



[platformsh-environment]:

  https://docs.platform.sh/development/variables/set-variables.html#testing-environment-scripts



### `.bashrc`



Finally, it also requires things to be added to a project's own .bashrc. If you

haven't used the `-f` version of the installer, you can take what you want from

[this repo's .bashrc](platformsh-recipes/assets/platformsh/.bashrc).



## Performance troubleshooting



The commands here can also be used to test and access platform projects locally,

to do that you need to make available the following environment variables:



- `PLATFORMSH_CLI_TOKEN`

- `PLATFORM_PROJECT`

- `PLATFORMSH_RECIPES_MAIN_BRANCH=main` (optional, defaults to `master`)



### ahoy commands



All of the ahoy commands below have the following flags



- `--days=N`, display logs of N days ago.

- `--all`, display logs without filtering by date

- `--404`, show only 404s

- `--not-404`, exclude 404s

- `--raw`, will show the output of the log as is, it should be used last after

  any other flag.



Some comamnds have extra arguments that are noted below.



While these commands are meant to be run from within the platform environment,

they also work from ddev why prepending `platform` to every command.



i.e. `ahoy log:php:top` will work on a platform environment and

`ahoy platform log:php:top` will work on ddev and it will always query the

production environment.



### Time/memory used



Here there are some notes documented as well as usefull commands that can

continue to be used for monitoring the server.



The following command can be used to list entries of the current day of the php

access log sorted by time spent.



```

ahoy log:php:top

```



The same approach lists entries of the php access log sorted by memory spent. It

also shows the time and the date.



```

ahoy log:php:top --mem

```



### 404s



404s, as they are normally routed through Drupal, are unecessarilly heavy on

performance, and was quite a bit.



- I installed the [fast_404][fast_404] module with some sensible settings

  enabled on [settings.php](settings/settings.php). This can be further tweaks

  but I think this should be OK for now.

- The above, still goes through quite a bit of php processing, so for those 404

  that were considerably higher for the rest, I implemented them on

  [.platform.app.yaml](.platform.app.yaml). These gives a 404 on the platform's

  edge, never reaching PHP. This can continue to be monitored and add to this

  list as necessary.

- Because the rules on `.platform.app.yaml` doesn't work on query strings, I

  also added some early blocking in [settings.php][settings-php-block].



[fast_404]: https://www.drupal.org/project/fast_404

[settings-php-block]:

  https://gitlab.com/confcats/catalyze/-/blob/master/settings/settings.php#L7-24



One curious snippet is:



```yaml

# Avoid passthru on any php file but /index.php

# This throws a platform 404, this is to avoid odd

# bots attacks against php taking up resources

'^/[^i].*\.php$':

  passthru: false

  scripts: false

'^/i[^n]*\.php$':

  passthru: false

  scripts: false

'^/in[^d]*\.php$':

  passthru: false

  scripts: false

'^/ind[^e]*\.php$':

  passthru: false

  scripts: false

'^/inde[^x]*\.php$':

  passthru: false

  scripts: false

```



Which is a poorman's way of doing a lookbehind, it basically means it blocks any

php script except for `index.php`.



In further tests, I found a way to do the lookbehind properly using regex with

(leaving the above as a reference just in case):



```yaml

# Avoid passthru on any php file but /index.php

'(?