Skip to content

Improving Web server configuration #2508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 3, 2013
Merged

Improving Web server configuration #2508

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions cookbook/configuration/web_server_configuration.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ are:
.. code-block:: apache

<VirtualHost *:80>
ServerName www.domain.tld
ServerName domain.tld
ServerAlias www.domain.tld

DocumentRoot /var/www/project/web
<Directory /var/www/project/web>
Expand All @@ -30,7 +31,7 @@ are:
Order allow,deny
Allow from All
</Directory>

ErrorLog /var/log/apache2/project_error.log
CustomLog /var/log/apache2/project_access.log combined
</VirtualHost>
Expand All @@ -51,7 +52,7 @@ are:
.. code-block:: nginx

server {
server_name www.domain.tld;
server_name domain.tld www.domain.tld;
root /var/www/project/web;

location / {
Expand All @@ -64,7 +65,7 @@ are:
rewrite ^(.*)$ /app.php/$1 last;
}

location ~ ^/(app|app_dev)\.php(/|$) {
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
Expand All @@ -83,10 +84,10 @@ are:

.. tip::

This executes **only** ``app.php`` and ``app_dev.php`` in the web directory.
All other files will be served as text. If you have other PHP files in
your web directory, be sure to include them in the ``location`` block
above.
This executes **only** ``app.php``, ``app_dev.php`` and ``config.php`` in
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note that in prod, you should not execute app_dev.php or config.php as they would leak sensitive infoirmation (and not even deploy them)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that it's best practice, but don't they just die because of the ip restriction? How do they leak info?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stof It's a config for both dev & prod environment and I think we should include all required script names in it. It's a minimal configuration that allows developers to start using Symfony.
Also I'd like to mention that existing Apache config allows to use app_dev.php and config.php. It is useful to have these scripts available on production but with limited availability (it is already done in these scripts):

  • Before the first deployment deployment team should check that environment is really ready for the deployment
  • There should be ability to debug on the production in case of any issues that can be reproduced only on prod.

the web directory. All other files will be served as text. If you have
other PHP files in your web directory, be sure to include them in the
``location`` block above.

.. _`Apache`: http://httpd.apache.org/docs/current/mod/core.html#documentroot
.. _`Nginx`: http://wiki.nginx.org/Symfony