Improving Web server configuration #2508
Conversation
| All other files will be served as text. If you have other PHP files in | ||
| your web directory, be sure to include them in the ``location`` block | ||
| above. | ||
| This executes **only** ``app.php``, ``app_dev.php`` and ``config.php`` in |
There was a problem hiding this comment.
note that in prod, you should not execute app_dev.php or config.php as they would leak sensitive infoirmation (and not even deploy them)
There was a problem hiding this comment.
I agree that it's best practice, but don't they just die because of the ip restriction? How do they leak info?
There was a problem hiding this comment.
@stof It's a config for both dev & prod environment and I think we should include all required script names in it. It's a minimal configuration that allows developers to start using Symfony.
Also I'd like to mention that existing Apache config allows to use app_dev.php and config.php. It is useful to have these scripts available on production but with limited availability (it is already done in these scripts):
- Before the first deployment deployment team should check that environment is really ready for the deployment
- There should be ability to debug on the production in case of any issues that can be reproduced only on prod.
Improving Web server configuration
|
Hi Max! I've merged this in - I like your improvements. I did expand on the final note to make sure people are aware of the security implications behind the Thanks! |
|
@weaverryan I appreciate your help! :) |
Improved Web server configuration:
config.phpfor nginx