From 7bba1cc2e1d978ddab73ec284d046aafd213fdeb Mon Sep 17 00:00:00 2001 From: Tykayn Date: Wed, 21 Apr 2021 13:46:21 +0200 Subject: [PATCH] update nginx docs --- .env | 4 ++ composer.json | 1 + composer.lock | 63 ++++++++++++++++++++++++++++++- config/bundles.php | 1 + config/packages/nelmio_cors.yaml | 10 +++++ doc/nginx/base-framadate-api.conf | 59 +++++++++++++++++++++-------- doc/nginx/base-symfony.conf | 3 ++ symfony.lock | 12 ++++++ 8 files changed, 137 insertions(+), 16 deletions(-) create mode 100644 config/packages/nelmio_cors.yaml diff --git a/.env b/.env index b50c2c4..80cadd5 100755 --- a/.env +++ b/.env @@ -40,3 +40,7 @@ MAILER_URL=sendmail://YOUR_WEBSITE # set the support email who will answer users in case of emergency SUPPORT_EMAIL=YOUR_EMAIL ###< symfony/swiftmailer-bundle ### + +###> nelmio/cors-bundle ### +CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$' +###< nelmio/cors-bundle ### diff --git a/composer.json b/composer.json index 2e8d27f..642aa34 100644 --- a/composer.json +++ b/composer.json @@ -14,6 +14,7 @@ "doctrine/orm": "^2.8", "friendsofsymfony/rest-bundle": "^3.0", "jms/serializer-bundle": "^3.9", + "nelmio/cors-bundle": "^2.1", "sensio/framework-extra-bundle": "^6.1", "symfony/asset": "5.2.*", "symfony/console": "5.2.*", diff --git a/composer.lock b/composer.lock index 50c82ad..706f91c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "6ae23da7ab3d4ef4c0b8661a284d73c4", + "content-hash": "9c5b89758d62c8a13bd265b1ef64e2bc", "packages": [ { "name": "composer/package-versions-deprecated", @@ -2121,6 +2121,67 @@ ], "time": "2021-02-25T21:54:58+00:00" }, + { + "name": "nelmio/cors-bundle", + "version": "2.1.1", + "source": { + "type": "git", + "url": "https://github.com/nelmio/NelmioCorsBundle.git", + "reference": "0b964b665016dfb61dd0fd2bb8c24afb1ae45a93" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nelmio/NelmioCorsBundle/zipball/0b964b665016dfb61dd0fd2bb8c24afb1ae45a93", + "reference": "0b964b665016dfb61dd0fd2bb8c24afb1ae45a93", + "shasum": "" + }, + "require": { + "symfony/framework-bundle": "^4.3 || ^5.0" + }, + "require-dev": { + "mockery/mockery": "^1.2", + "symfony/phpunit-bridge": "^4.3 || ^5.0" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-master": "2.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Nelmio\\CorsBundle\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nelmio", + "homepage": "http://nelm.io" + }, + { + "name": "Symfony Community", + "homepage": "https://github.com/nelmio/NelmioCorsBundle/contributors" + } + ], + "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application", + "keywords": [ + "api", + "cors", + "crossdomain" + ], + "support": { + "issues": "https://github.com/nelmio/NelmioCorsBundle/issues", + "source": "https://github.com/nelmio/NelmioCorsBundle/tree/2.1.1" + }, + "time": "2021-04-20T08:27:05+00:00" + }, { "name": "phpstan/phpdoc-parser", "version": "0.4.14", diff --git a/config/bundles.php b/config/bundles.php index d0fd45c..401e4c5 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -11,4 +11,5 @@ return [ Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true], Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true], + Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true], ]; diff --git a/config/packages/nelmio_cors.yaml b/config/packages/nelmio_cors.yaml new file mode 100644 index 0000000..c766508 --- /dev/null +++ b/config/packages/nelmio_cors.yaml @@ -0,0 +1,10 @@ +nelmio_cors: + defaults: + origin_regex: true + allow_origin: ['%env(CORS_ALLOW_ORIGIN)%'] + allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE'] + allow_headers: ['Content-Type', 'Authorization'] + expose_headers: ['Link'] + max_age: 3600 + paths: + '^/': null diff --git a/doc/nginx/base-framadate-api.conf b/doc/nginx/base-framadate-api.conf index e9a4732..aaf3cf1 100755 --- a/doc/nginx/base-framadate-api.conf +++ b/doc/nginx/base-framadate-api.conf @@ -1,22 +1,48 @@ +############# start framadate server server { - listen 443 ssl http2; + listen 443 ssl http2; listen [::]:443 ssl http2; server_name framadate-api.cipherbliss.com; - root /home/www/tykayn/cipherbliss/framadate/public/; - # Use Mozilla's guidelines for SSL/TLS settings + root /home/www/tykayn/cipherbliss/framadate-api/public/; + # Use Mozilla's guidelines for SSL/TLS settings # https://mozilla.github.io/server-side-tls/ssl-config-generator/ # NOTE: some settings below might be redundant ssl_certificate /etc/letsencrypt/live/framadate-api.cipherbliss.com/fullchain.pem; # managed by Cert$ ssl_certificate_key /etc/letsencrypt/live/framadate-api.cipherbliss.com/privkey.pem; # managed by Ce$ - client_max_body_size 32m; - + client_max_body_size 32m; location / { - # try to serve file directly, fallback to index.php - try_files $uri /index.php$is_args$args; - } + try_files $uri /index.php$is_args$args; + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + # + # Tell client that this pre-flight info is valid for 20 days + # + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + } # optionally disable falling back to PHP script for the asset directories; # nginx will return a 404 error when files are not found instead of passing the # request to Symfony (improves performance but Symfony's 404 page is not displayed) @@ -25,14 +51,12 @@ server { # } location ~ ^/index\.php(/|$) { - fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; - # or your custom php-handler - # fastcgi_pass php-handler +# fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; - #include fastcgi.conf; - - +# include fastcgi.conf; + fastcgi_intercept_errors on; + fastcgi_pass php-handler; # optionally set the value of the environment variables used in the application # fastcgi_param APP_ENV prod; # fastcgi_param APP_SECRET ; @@ -45,7 +69,9 @@ server { # Otherwise, PHP's OPcache may not properly detect changes to # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 # for more information). - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + + + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; # Prevents URIs that include the front controller. This will 404: # http://framadate-api.cipherbliss.com/index.php/some-path @@ -60,4 +86,7 @@ server { } error_log /var/log/nginx/framadate-api_error.log; access_log /var/log/nginx/framadate-api_access.log; + add_header Permissions-Policy "interest-cohort=()"; } + +############# end framadate server diff --git a/doc/nginx/base-symfony.conf b/doc/nginx/base-symfony.conf index f0690e8..673fd83 100755 --- a/doc/nginx/base-symfony.conf +++ b/doc/nginx/base-symfony.conf @@ -31,6 +31,9 @@ server { # Otherwise, PHP's OPcache may not properly detect changes to # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 # for more information). + # Caveat: When PHP-FPM is hosted on a different machine from nginx + # $realpath_root may not resolve as you expect! In this case try using + # $document_root instead. fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; # Prevents URIs that include the front controller. This will 404: diff --git a/symfony.lock b/symfony.lock index 9ff7297..b5340bf 100644 --- a/symfony.lock +++ b/symfony.lock @@ -144,6 +144,18 @@ "laminas/laminas-zendframework-bridge": { "version": "1.2.0" }, + "nelmio/cors-bundle": { + "version": "1.5", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "master", + "version": "1.5", + "ref": "6bea22e6c564fba3a1391615cada1437d0bde39c" + }, + "files": [ + "config/packages/nelmio_cors.yaml" + ] + }, "nikic/php-parser": { "version": "v4.10.4" },