Updates

Author: BrooksCunningham

protect-cached-content/main.tf

@@ -8,9 +8,10 @@ resource "fastly_service_vcl" "frontend-vcl-service" {
   name = "Frontend VCL Service - NGWAF edge deploy ${var.USER_VCL_SERVICE_DOMAIN_NAME}"
 
   product_enablement {
-    origin_inspector = true
-    domain_inspector = true
-    bot_management   = true
+    origin_inspector      = true
+    domain_inspector      = true
+    bot_management        = true
+    log_explorer_insights = true
   }
 
   domain {

protect-cached-content/noop-service.tf

@@ -0,0 +1,36 @@
+#### Fastly VCL Service - Start
+resource "fastly_service_vcl" "noop-vcl-service" {
+  name = "Frontend VCL Service - NGWAF edge deploy ${var.USER_NOOP_SERVICE_DOMAIN_NAME}"
+
+  product_enablement {
+    origin_inspector      = true
+    domain_inspector      = true
+    bot_management        = true
+    log_explorer_insights = true
+  }
+  domain {
+    name    = var.USER_NOOP_SERVICE_DOMAIN_NAME
+    comment = "Frontend VCL Service - NGWAF edge deploy"
+  }
+
+  snippet {
+    name     = "noop response caching"
+    content  = file("${path.module}/vcl/noop.vcl")
+    type     = "init"
+    priority = 100
+  }
+
+  force_destroy = true
+}
+
+output "noop_output" {
+  value = <<tfmultiline
+  
+  #### Click the URL to go to the Fastly VCL service ####
+  https://cfg.fastly.com/${fastly_service_vcl.noop-vcl-service.id}
+
+  tfmultiline
+
+  description = "Output hints on what to do next."
+}
+

protect-cached-content/variables.tf

@@ -14,7 +14,12 @@ variable "USER_VCL_SERVICE_DOMAIN_NAME" {
 variable "USER_VCL_SERVICE_BACKEND_HOSTNAME" {
   type          = string
   description   = "hostname used for backend."
-  default       = "http-me.glitch.me"
+  default       = "http.edgecompute.app"
+}
+
+variable "USER_NOOP_SERVICE_DOMAIN_NAME" {
+  type = string
+  description = "noop service."
 }
 
 #### VCL Service variables - End

protect-cached-content/vcl/ngwaf_caching.vcl

@@ -5,15 +5,23 @@ backend F_noop_origin {
   .between_bytes_timeout = 10s;
   .connect_timeout = 1s;
   .first_byte_timeout = 1s;
-  .host = "127.0.0.1";
+  .host = "noop-caching.global.ssl.fastly.net";
   .max_connections = 200;
   .port = "443";
   .ssl = true;
   .max_tls_version = "1.3";
-  .min_tls_version = "1.3";
-  .ssl_cert_hostname = "127.0.0.1";
+  .min_tls_version = "1.1";
+  .ssl_cert_hostname = "noop-caching.global.ssl.fastly.net";
   .ssl_check_cert = always;
-  .ssl_sni_hostname = "127.0.0.1";
+  .ssl_sni_hostname = "noop-caching.global.ssl.fastly.net";
+  .probe = {
+        .dummy = true;
+        .initial = 5;
+        .request = "HEAD / HTTP/1.1"  "Host: noop-caching.global.ssl.fastly.net" "Connection: close";
+        .threshold = 1;
+        .timeout = 2s;
+        .window = 5;
+  }
 }
 
 # force cluster for all requests and on restarts. https://www.fastly.com/documentation/guides/vcl/clustering/#enabling-and-disabling-clustering

protect-cached-content/vcl/noop.vcl

@@ -0,0 +1,11 @@
+sub vcl_recv {
+    error 600;
+}
+
+sub vcl_error {
+  if (obj.status == 600) {
+    set obj.status = 200;
+    set obj.response = "OK";
+    return (deliver);
+  }
+}