Using the symfony/dotenv bundle in production - symfony

The documentation refers to the The Twelve Factors principles for why sensitive configuration shouldn't be stored in files, however it makes sense mostly for SaaS. I wonder if it is secure to use the symfony/dotenv bundle in software which users deploy themselves on their systems.

We are using .env file on production services in our company and there is not much overhead according to code execution profiling. While it's ok in our environment, it could be not in yours.
I'm pretty sure its secure enough to use dotenv component to load variables from .env file, since it does not provide any interface to interact with itself.
We are also storing docker specific environment variables in this file, so in the end it's like old parameters.yaml configuration file for the whole project.

Related

nopcommerce 4.0 datasettings.json transform

This may seem a bit trivial...but how do you go about transforming the db connection for a nopcommerce app as it is deployed to various environments.
The db connection is set in app_data\datasettings.json.
Normally this type of stuff is handled with web.config transforms.
How do you go about setting up build transforms for different environments (dev, test, prod)?
I am also looking around this topic.
In my humble opinion, the nopCommerce config is a pain, because it makes it really hard to do proper Continuous Integration/Continuous Delivery while keeping secrets safe.
At initial deployment you are greeted with the install page. The problem is that the installation process writes a a bunch of files to on server, including datasettings.json, where the connection string to the DB is hard-coded.
This means that when I deploy nopCommerce to Azure App Service, for deployments after installation, I have to make sure NOT to delete "additional files on the server" or the config will be deleted, since these config files written by the installer, are not in source control.
It is really impractical not to be able to use standards ASP.NET connection strings, environment variables or KeyVault.
To answer your question on how you do transformation on the config file, one possibility is to use a PowerShell script to read, transform, and write the config file directly on the App Service instance. There is an API for that.
https://blogs.msdn.microsoft.com/gabeshapiro/2017/01/01/samples-for-using-the-azure-app-service-kudu-rest-api-to-programmatically-manage-files-in-your-site/
https://github.com/projectkudu/kudu/wiki/REST-API
Alternatively, you can modify the source to read from Web.Config:
Change the connection string of nopCommerce?

How to handle environment variables on a deployed SF4 application

Symfony introduced a new Dotenv component since Symfony 3 which allows us to handle environment variables as application parameters. This looks really nice and it's the best practice to follow according to 12factor app manifesto.
Now, regarding Symfony 4 they went further by pushing forward this practice and that's why I started using environment variables via the .env file.
And then I wanted to deploy and I realized that the .env file must not be persisted on the server as it would be the same as having a parameters.yml file.
So I've been digging into the documentation a bit and I found this article which explains that we can directly create environment variables via some webserver directives. That's great for code being executed via FPM but it does not tell us how to handle environment variables when running a command via the CLI for instance.
How can I achieve this ?
Should there be an equivalent of a .env file stored somewhere? But then parameters would be duplicated ?
I'm welcoming any help ;)
Finally had the time to check the link Neodan posted and everything is in there!
So for those of you wondering what to do, simply edit the /etc/environment file and add your variables. Then reboot your server and all your processes will have access to these variables.
I guess that's the simplest solution. The only drawback of this method is that these variables are available by any process / users but that's ok as far as I'm concerned.
If you want a more secure solution I suppose that you could, as I stated before, configure your webserver to add environment variables and export them via your .bash_profile or .bashrc file but be careful about how you start your shell (when deploying your application for instance). It's more complicated to maintain and prone to errors I'd say.
N.B.: You also might want to be careful about how you name your variables to prevent collisions.

Move the Symfony2 Cache directory off the filesystem?

I'm looking to remove the dependency on the filesystem for my symfony2 cache directory (app/cache/*) and I don't see a clear path to doing that by modifying services or anything of that nature.
Ultimately, I'm attempting to use Symfony on a filesystem that cannot be altered. In the past I've been able to re-map twig templates and intl files to the database, and in theory this should be possible with the cache (and it already is with the logs).
Is there a way I can make the framework use another service like Redis, a database, or even just keep it in RAM for the life of the script?
I've attempted to run a cache:warmup command also, however, writing to the filesystem still happens even with the cache pre-generated.
The parameter used by everything is defined in the framework as kernel.cache_dir

Meteor local environment variables in development

I would like to know the best practice for setting environment variables in local machine to reflect the production environment.
I want to set the private API keys in the ENV variable, rather than directly committing them in Git. In Rails, I would use plugins like figaro to put every ENV variables in a single YML file, and they will be available.
What is the common practice in Meteor?
I think I could
run SECRET_KEY=some_key OTHER_SECRET_KEY=some_other_key meteor every time I run the local server. But that's too much to remember.
set environment variables locally but I don't want them to live in the global namespace in my machine.
Any alternatives?
Found this old post while having the same problem.
Looks like meteor is offering now to start with a config file.
meteor run --settings config.json
You would exclude that (or rather gitignore it) to keep it local. More here in the docs.

How to deploy my Symfony2 project into ftp

I searched and tried a couple of tutorials on the internet but none of them worked for me well.
The tutorials I followed were from Symfony2 documentation, Dator, Hpatoio and Capifony.
Can somebody explain to me how I can export my project into my server. E.g. www.domain.com/about.
It would be very helpful to me.
I have a bundle and inside the bundles all controller and twig templates etc are set.
If you have any questions please ask.
Thanks in advance.
First off it should be noted that deploying a Symfony2 app over FTP is really really bad. It makes a couple of steps more difficult (or even impossible) and should be avoided. If you have SSH access to the machine look at my list of alternative deployment methods below.
Preparation
There are a few things you cannot influence when you deploy over FTP. If you have no control over the following or can not configure them correctly you unfortunately have no chance of deploying to a shared hosting.
The PHP configuration. If settings are not set correctly and you have no chance of changing them you are unfortunately lost.
Any PHP module you may require. Same as above. If you can not install any additional modules you need there is no chance for you. (An example for that would be the php5-intl module for any Symfony <2.6)
Correct folder permissions. Especially for app/cache and app/logs. Check the docs for requirements.
The Webserver configuration. Symfony needs a correctly configured Webserver (in most cases probably apache or nginx) to function correctly. If you can not influence the config this is bad as well. You might want to try to define the rewrite rules in a .htaccess file as described here.
Deployment
Here are the steps you need to follow to prepare your application for deployment for the first time:
Update / Install vendors. Use composer install (or composer update) to install any third party bundle or library you use in your project since you have no option to install them later directly on the server.
If you use Assetic for your asset management, make sure you install these as well with the php app/console assetic:dump --env=prod command.
Dump any other assets like so: php app/console assets:install --env=prod. (This step might not be required but you need to make sure the assets are not symlinked. Check this blog post if you are using symfony >=2.6)
Clear the cache for production: php app/console cache:clear --env=prod
Make sure you edit your parameters.yml to fit the needs of your production server.
Also update your database schema on your production database in case you have changed it during development.
Now you should be good to go. Copy the whole folder onto your server and try it out.
For the future
If you deploy for the second time make sure not to override any user data (e.g. uploaded images). Also you need to clear the cache over ftp. To do that empty the app/cache directory.
Alternative deployment methods
In case you have more access to the server check out any of these. They might fit your needs better than old pure FTP. Maybe they give you reason enough to change to a more appropriate server. Capifony is probably one of the best deployment tools for Symfony2 apps. Deployment will be as easy as running cap deploy on your local machine. The rest is magic ;) Simple git is also possible for deployment. Many of the above steps will still apply but you have all the advantages git gives you like not copying everything every time you deploy. A very good list of all tools can be found in the docs.
It might help if you tell us a little more about your server set up, but here's a fairly generic guide:
Assuming you want to upload it using ftp (since you tagged the question as such), you will need an FTP
client (see here for some suggestions).
Using the FTP client, you'll want to connect to your server
(hostname: yoursite.com) using your credentials (if it is a secured
server).
From there, you should be able to upload any files from your local
machine to the server.
More specific directions will depend on your server configuration and the FTP client you choose (it should come with its own manual)

Resources