├── .data
└── .gitkeep
├── symfony
├── src
│ ├── Controller
│ │ ├── .gitignore
│ │ └── DefaultController.php
│ ├── Document
│ │ └── .gitignore
│ ├── Entity
│ │ └── .gitignore
│ ├── Migrations
│ │ └── .gitignore
│ ├── Repository
│ │ └── .gitignore
│ └── Kernel.php
├── config
│ ├── packages
│ │ ├── routing.yaml
│ │ ├── dev
│ │ │ ├── routing.yaml
│ │ │ ├── web_profiler.yaml
│ │ │ └── monolog.yaml
│ │ ├── test
│ │ │ ├── framework.yaml
│ │ │ ├── web_profiler.yaml
│ │ │ └── monolog.yaml
│ │ ├── twig.yaml
│ │ ├── doctrine_migrations.yaml
│ │ ├── prod
│ │ │ ├── monolog.yaml
│ │ │ └── doctrine.yaml
│ │ ├── snc_redis.yaml
│ │ ├── doctrine_mongodb.yaml
│ │ ├── framework.yaml
│ │ └── doctrine.yaml
│ ├── routes.yaml
│ ├── routes
│ │ ├── annotations.yaml
│ │ └── dev
│ │ │ ├── twig.yaml
│ │ │ └── web_profiler.yaml
│ ├── bundles.php
│ └── services.yaml
├── .gitignore
├── templates
│ └── base.html.twig
├── .env.dist
├── bin
│ └── console
├── public
│ └── index.php
├── composer.json
└── symfony.lock
├── docker
├── redis
│ └── Dockerfile
├── db
│ ├── Dockerfile.mysql
│ ├── mysql.cnf
│ ├── mongo-setup.js
│ ├── Dockerfile.postgresql
│ └── Dockerfile.mongodb
├── app
│ ├── xdebug.ini
│ ├── php.ini
│ └── Dockerfile
├── elk
│ ├── pipeline
│ │ ├── beats.conf
│ │ ├── app.conf
│ │ └── nginx.conf
│ ├── Dockerfile.filebeat
│ ├── filebeat.yml
│ ├── Dockerfile
│ └── logstash
│ │ └── patterns
│ │ └── symfony.conf
└── nginx
│ ├── nginx.conf
│ ├── Dockerfile
│ ├── default.template
│ └── openssl.cnf
├── .gitignore
├── docker-compose.mysql.yaml
├── docker-compose.postgresql.yaml
├── docker-compose.mongodb.yaml
├── .editorconfig
├── .env
├── LICENSE
├── .travis.yml
├── docker-compose.yaml
└── README.md
/.data/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/symfony/src/Controller/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/symfony/src/Document/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/symfony/src/Entity/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/symfony/src/Migrations/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/symfony/src/Repository/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docker/redis/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM redis:4.0
2 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | .data/*
3 | !.data/.gitkeep
4 | docker-stack.yaml
5 |
--------------------------------------------------------------------------------
/docker/db/Dockerfile.mysql:
--------------------------------------------------------------------------------
1 | FROM mysql:5.7
2 |
3 | COPY mysql.cnf /etc/mysql/conf.d/custom.cnf
4 |
--------------------------------------------------------------------------------
/symfony/config/packages/routing.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | router:
3 | strict_requirements: ~
4 |
--------------------------------------------------------------------------------
/symfony/config/packages/dev/routing.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | router:
3 | strict_requirements: true
4 |
--------------------------------------------------------------------------------
/symfony/config/routes.yaml:
--------------------------------------------------------------------------------
1 | #index:
2 | # path: /
3 | # controller: App\Controller\DefaultController::index
4 |
--------------------------------------------------------------------------------
/symfony/config/routes/annotations.yaml:
--------------------------------------------------------------------------------
1 | controllers:
2 | resource: ../../src/Controller/
3 | type: annotation
4 |
--------------------------------------------------------------------------------
/docker/app/xdebug.ini:
--------------------------------------------------------------------------------
1 | xdebug.remote_enable=1
2 | xdebug.remote_connect_back=1
3 | xdebug.idekey="PHPSTORM"
4 | xdebug.remote_port=9001
--------------------------------------------------------------------------------
/docker/elk/pipeline/beats.conf:
--------------------------------------------------------------------------------
1 | input {
2 | beats {
3 | port => 5044
4 | client_inactivity_timeout => 86400
5 | }
6 | }
--------------------------------------------------------------------------------
/symfony/config/packages/test/framework.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | test: ~
3 | session:
4 | storage_id: session.storage.mock_file
5 |
--------------------------------------------------------------------------------
/symfony/config/routes/dev/twig.yaml:
--------------------------------------------------------------------------------
1 | _errors:
2 | resource: '@TwigBundle/Resources/config/routing/errors.xml'
3 | prefix: /_error
4 |
--------------------------------------------------------------------------------
/docker/elk/pipeline/app.conf:
--------------------------------------------------------------------------------
1 | filter {
2 | if "app" in [tags] {
3 | grok {
4 | match => { "message" => "%{SYMFONY}" }
5 | }
6 | }
7 | }
--------------------------------------------------------------------------------
/symfony/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | ###> symfony/framework-bundle ###
3 | .env
4 | /public/bundles/
5 | /var/
6 | /vendor/
7 | ###< symfony/framework-bundle ###
8 |
--------------------------------------------------------------------------------
/docker/elk/pipeline/nginx.conf:
--------------------------------------------------------------------------------
1 | filter {
2 | if "nginx-access" in [tags] {
3 | grok {
4 | match => { "message" => "%{NGINXACCESS}" }
5 | }
6 | }
7 | }
--------------------------------------------------------------------------------
/symfony/config/packages/twig.yaml:
--------------------------------------------------------------------------------
1 | twig:
2 | paths: ['%kernel.project_dir%/templates']
3 | debug: '%kernel.debug%'
4 | strict_variables: '%kernel.debug%'
5 |
--------------------------------------------------------------------------------
/docker/db/mysql.cnf:
--------------------------------------------------------------------------------
1 | [mysqld]
2 | # Version 5.5.3 introduced "utf8mb4", which is recommended
3 | collation-server = utf8mb4_unicode_ci
4 | character-set-server = utf8mb4
--------------------------------------------------------------------------------
/symfony/config/packages/test/web_profiler.yaml:
--------------------------------------------------------------------------------
1 | web_profiler:
2 | toolbar: false
3 | intercept_redirects: false
4 |
5 | framework:
6 | profiler: { collect: false }
7 |
--------------------------------------------------------------------------------
/symfony/config/packages/dev/web_profiler.yaml:
--------------------------------------------------------------------------------
1 | web_profiler:
2 | toolbar: true
3 | intercept_redirects: false
4 |
5 | framework:
6 | profiler: { only_exceptions: false }
7 |
--------------------------------------------------------------------------------
/docker/db/mongo-setup.js:
--------------------------------------------------------------------------------
1 | db.createUser(
2 | {
3 | user: "MONGODB_USERNAME",
4 | pwd: "MONGODB_PASSWORD",
5 | roles: [ { role: "dbOwner", db: "MONGO_INITDB_DATABASE" } ]
6 | }
7 | )
--------------------------------------------------------------------------------
/docker/db/Dockerfile.postgresql:
--------------------------------------------------------------------------------
1 | # doctrine/dbal v2.7.0 is required to use entirely postgres v10.1
2 | # https://github.com/doctrine/dbal/pull/2893
3 | # https://github.com/doctrine/dbal/milestone/59
4 | FROM postgres:9.6
5 |
--------------------------------------------------------------------------------
/symfony/config/packages/test/monolog.yaml:
--------------------------------------------------------------------------------
1 | monolog:
2 | handlers:
3 | main:
4 | type: stream
5 | path: "%kernel.logs_dir%/%kernel.environment%.log"
6 | level: debug
7 | channels: ["!event"]
8 |
--------------------------------------------------------------------------------
/docker/app/php.ini:
--------------------------------------------------------------------------------
1 | apc.enable_cli = 1
2 | date.timezone = TIMEZONE
3 | session.auto_start = Off
4 | short_open_tag = Off
5 | # http://symfony.com/doc/current/performance.html
6 | opcache.max_accelerated_files = 20000
7 | realpath_cache_size = 4096K
8 | realpath_cache_ttl = 600
--------------------------------------------------------------------------------
/docker/elk/Dockerfile.filebeat:
--------------------------------------------------------------------------------
1 | FROM docker.elastic.co/beats/filebeat:6.1.1
2 |
3 | COPY filebeat.yml /usr/share/filebeat/filebeat.yml
4 | USER root
5 | RUN chown filebeat /usr/share/filebeat/filebeat.yml
6 | RUN chmod go-w /usr/share/filebeat/filebeat.yml
7 | USER filebeat
8 |
--------------------------------------------------------------------------------
/docker/elk/filebeat.yml:
--------------------------------------------------------------------------------
1 | output.logstash:
2 | hosts: ["elk:5044"]
3 |
4 | filebeat.prospectors:
5 | - type: log
6 | paths:
7 | - /var/log/nginx/*.log
8 | tags: ["nginx-access"]
9 | - type: log
10 | paths:
11 | - /var/log/app/*.log
12 | tags: ["app"]
--------------------------------------------------------------------------------
/symfony/config/routes/dev/web_profiler.yaml:
--------------------------------------------------------------------------------
1 | web_profiler_wdt:
2 | resource: '@WebProfilerBundle/Resources/config/routing/wdt.xml'
3 | prefix: /_wdt
4 |
5 | web_profiler_profiler:
6 | resource: '@WebProfilerBundle/Resources/config/routing/profiler.xml'
7 | prefix: /_profiler
8 |
--------------------------------------------------------------------------------
/symfony/config/packages/doctrine_migrations.yaml:
--------------------------------------------------------------------------------
1 | doctrine_migrations:
2 | dir_name: '%kernel.project_dir%/src/Migrations'
3 | # namespace is arbitrary but should be different from App\Migrations
4 | # as migrations classes should NOT be autoloaded
5 | namespace: DoctrineMigrations
6 |
--------------------------------------------------------------------------------
/docker/elk/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM sebp/elk:612
2 |
3 | COPY pipeline/beats.conf /etc/logstash/conf.d/02-beats-input.conf
4 | COPY pipeline/nginx.conf /etc/logstash/conf.d/11-nginx.conf
5 | COPY pipeline/app.conf /etc/logstash/conf.d/app.conf
6 | COPY logstash/patterns/symfony.conf /opt/logstash/patterns/symfony
7 |
--------------------------------------------------------------------------------
/symfony/templates/base.html.twig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {% block title %}Welcome!{% endblock %}
6 | {% block stylesheets %}{% endblock %}
7 |
8 |
9 | {% block body %}{% endblock %}
10 | {% block javascripts %}{% endblock %}
11 |
12 |
13 |
--------------------------------------------------------------------------------
/docker-compose.mysql.yaml:
--------------------------------------------------------------------------------
1 | version: '3'
2 |
3 | services:
4 | app:
5 | depends_on:
6 | - mysql
7 |
8 | mysql:
9 | build:
10 | context: ./docker/db
11 | dockerfile: Dockerfile.mysql
12 | volumes:
13 | - ./.data/mysql:/var/lib/mysql:rw
14 | env_file:
15 | - .env
16 | ports:
17 | - "3306:3306"
18 |
--------------------------------------------------------------------------------
/symfony/src/Controller/DefaultController.php:
--------------------------------------------------------------------------------
1 | render('base.html.twig');
16 | }
17 | }
--------------------------------------------------------------------------------
/docker-compose.postgresql.yaml:
--------------------------------------------------------------------------------
1 | version: '3'
2 |
3 | services:
4 | app:
5 | depends_on:
6 | - postgresql
7 |
8 | postgresql:
9 | build:
10 | context: ./docker/db
11 | dockerfile: Dockerfile.postgresql
12 | volumes:
13 | - ./.data/postgresql:/var/lib/postgresql/data:rw
14 | env_file:
15 | - .env
16 | ports:
17 | - "5432:5432"
18 |
--------------------------------------------------------------------------------
/docker/db/Dockerfile.mongodb:
--------------------------------------------------------------------------------
1 | FROM mongo:3.4
2 |
3 | ARG mongodb_username
4 | ARG mongodb_password
5 | ARG mongodb_initdb_database
6 |
7 | COPY mongo-setup.js /docker-entrypoint-initdb.d/
8 |
9 | RUN sed -i -e "s/MONGODB_USERNAME/$mongodb_username/g" /docker-entrypoint-initdb.d/mongo-setup.js
10 | RUN sed -i -e "s/MONGODB_PASSWORD/$mongodb_password/g" /docker-entrypoint-initdb.d/mongo-setup.js
11 | RUN sed -i -e "s/MONGO_INITDB_DATABASE/$mongodb_initdb_database/g" /docker-entrypoint-initdb.d/mongo-setup.js
12 |
--------------------------------------------------------------------------------
/symfony/config/packages/prod/monolog.yaml:
--------------------------------------------------------------------------------
1 | monolog:
2 | handlers:
3 | main:
4 | type: fingers_crossed
5 | action_level: error
6 | handler: nested
7 | excluded_404s:
8 | # regex: exclude all 404 errors from the logs
9 | - ^/
10 | nested:
11 | type: stream
12 | path: "%kernel.logs_dir%/%kernel.environment%.log"
13 | level: debug
14 | console:
15 | type: console
16 | process_psr_3_messages: false
17 | channels: ["!event", "!doctrine"]
18 |
--------------------------------------------------------------------------------
/docker-compose.mongodb.yaml:
--------------------------------------------------------------------------------
1 | version: '3'
2 |
3 | services:
4 | app:
5 | depends_on:
6 | - mongodb
7 |
8 | mongodb:
9 | build:
10 | context: ./docker/db
11 | dockerfile: Dockerfile.mongodb
12 | args:
13 | - mongodb_username=${MONGODB_USERNAME}
14 | - mongodb_password=${MONGODB_PASSWORD}
15 | - mongodb_initdb_database=${MONGO_INITDB_DATABASE}
16 | volumes:
17 | - ./.data/mongo:/data/db:rw
18 | env_file:
19 | - .env
20 | ports:
21 | - "27017:27017"
22 |
--------------------------------------------------------------------------------
/symfony/config/packages/dev/monolog.yaml:
--------------------------------------------------------------------------------
1 | monolog:
2 | handlers:
3 | main:
4 | type: stream
5 | path: "%kernel.logs_dir%/%kernel.environment%.log"
6 | level: debug
7 | channels: ["!event"]
8 | # uncomment to get logging in your browser
9 | # you may have to allow bigger header sizes in your Web server configuration
10 | #firephp:
11 | # type: firephp
12 | # level: info
13 | #chromephp:
14 | # type: chromephp
15 | # level: info
16 | console:
17 | type: console
18 | process_psr_3_messages: false
19 | channels: ["!event", "!doctrine", "!console"]
20 |
--------------------------------------------------------------------------------
/docker/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user nginx;
2 | worker_processes 1;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 |
8 | events {
9 | worker_connections 1024;
10 | }
11 |
12 |
13 | http {
14 | include /etc/nginx/mime.types;
15 | default_type application/octet-stream;
16 |
17 | log_format main '$remote_addr - $remote_user [$time_local] "$request" '
18 | '$status $body_bytes_sent "$http_referer" '
19 | '"$http_user_agent" "$http_x_forwarded_for"';
20 |
21 | access_log /var/log/nginx/access.log main;
22 |
23 | sendfile on;
24 | #tcp_nopush on;
25 |
26 | keepalive_timeout 65;
27 |
28 | #gzip on;
29 |
30 | include /etc/nginx/conf.d/*.conf;
31 | }
32 |
--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
1 | # EditorConfig helps developers define and maintain consistent
2 | # coding styles between different editors and IDEs
3 | # editorconfig.org
4 |
5 | root = true
6 |
7 | [*]
8 | # Change these settings to your own preference
9 | indent_style = space
10 | indent_size = 4
11 |
12 | # We recommend you to keep these unchanged
13 | end_of_line = lf
14 | charset = utf-8
15 | trim_trailing_whitespace = true
16 | insert_final_newline = true
17 |
18 | [*.md]
19 | trim_trailing_whitespace = false
20 |
21 | [*.php]
22 | indent_style = space
23 | indent_size = 4
24 |
25 | [*.json]
26 | indent_style = space
27 | indent_size = 2
28 |
29 | [*.yaml]
30 | indent_style = space
31 | indent_size = 4
32 | trim_trailing_whitespace = false
33 |
34 | [Dockerfile]
35 | indent_style = tab
36 | indent_size = 4
37 |
--------------------------------------------------------------------------------
/symfony/config/packages/snc_redis.yaml:
--------------------------------------------------------------------------------
1 | snc_redis:
2 | clients:
3 | default:
4 | type: predis
5 | alias: default
6 | dsn: "%env(REDIS_URL)%"
7 | doctrine:
8 | type: predis
9 | alias: doctrine
10 | dsn: '%env(REDIS_DSN)%'
11 | session:
12 | type: predis
13 | alias: session
14 | dsn: '%env(REDIS_DSN)%'
15 | session:
16 | client: session
17 | ttl: 1200
18 | doctrine:
19 | metadata_cache:
20 | client: doctrine
21 | entity_manager: default
22 | document_manager: default
23 | result_cache:
24 | client: doctrine
25 | entity_manager: default
26 | query_cache:
27 | client: doctrine
28 | entity_manager: default
29 |
--------------------------------------------------------------------------------
/symfony/config/packages/doctrine_mongodb.yaml:
--------------------------------------------------------------------------------
1 | doctrine_mongodb:
2 | auto_generate_proxy_classes: '%kernel.debug%'
3 | auto_generate_hydrator_classes: '%kernel.debug%'
4 | connections:
5 | default:
6 | server: '%env(MONGODB_URL)%'
7 | options:
8 | username: '%env(MONGODB_USERNAME)%'
9 | password: '%env(MONGODB_PASSWORD)%'
10 | authSource: '%env(MONGO_INITDB_DATABASE)%'
11 | default_database: '%env(MONGODB_DB)%'
12 | document_managers:
13 | default:
14 | auto_mapping: true
15 | mappings:
16 | App:
17 | is_bundle: false
18 | type: annotation
19 | dir: '%kernel.project_dir%/src/Document'
20 | prefix: App\Document\
21 | alias: App
22 |
--------------------------------------------------------------------------------
/.env:
--------------------------------------------------------------------------------
1 | # Nginx
2 | NGINX_HOST=symfony-docker.localhost
3 |
4 | # TIMEZONE
5 | TZ=Europe/Paris
6 |
7 | # MySQL
8 | MYSQL_ROOT_PASSWORD=root
9 | MYSQL_DATABASE=symfony
10 | MYSQL_USER=symfony
11 | MYSQL_PASSWORD=symfony
12 |
13 | # PostgreSQL
14 | POSTGRES_DB=symfony
15 | POSTGRES_USER=symfony
16 | POSTGRES_PASSWORD=symfony
17 |
18 | # MongoDB
19 | MONGODB_SERVER=mongodb://mongodb:27017
20 | MONGO_INITDB_ROOT_USERNAME=admin
21 | MONGO_INITDB_ROOT_PASSWORD=root
22 | MONGO_INITDB_DATABASE=symfony
23 | MONGODB_USERNAME=symfony
24 | MONGODB_PASSWORD=symfony
25 |
26 | # Redis
27 | REDIS_DSN=redis://redis:6379
28 |
29 | # Xdebug
30 | # get containers IP address: echo $(docker network inspect bridge | grep Gateway | grep -o -E '[0-9\.]+')
31 | XDEBUG_REMOTE_HOST=172.17.0.1
32 |
33 | # ELK
34 | # See http://elk-docker.readthedocs.io/#selective-services
35 | ELASTICSEARCH_START=1
36 | LOGSTASH_START=1
37 | KIBANA_START=1
38 |
--------------------------------------------------------------------------------
/symfony/config/bundles.php:
--------------------------------------------------------------------------------
1 | ['all' => true],
5 | Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
6 | Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
7 | Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
8 | Doctrine\Bundle\DoctrineCacheBundle\DoctrineCacheBundle::class => ['all' => true],
9 | Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
10 | Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
11 | Doctrine\Bundle\MongoDBBundle\DoctrineMongoDBBundle::class => ['all' => true],
12 | Snc\RedisBundle\SncRedisBundle::class => ['all' => true],
13 | Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true],
14 | Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
15 | ];
16 |
--------------------------------------------------------------------------------
/symfony/config/packages/framework.yaml:
--------------------------------------------------------------------------------
1 | framework:
2 | secret: '%env(APP_SECRET)%'
3 | #default_locale: en
4 | #csrf_protection: ~
5 | #http_method_override: true
6 |
7 | # Enables session support. Note that the session will ONLY be started if you read or write from it.
8 | # Remove or comment this section to explicitly disable session support.
9 | session:
10 | handler_id: snc_redis.session.handler
11 | cookie_lifetime: 1800
12 | cookie_secure: true
13 | cookie_httponly: true
14 |
15 | #esi: ~
16 | #fragments: ~
17 | php_errors:
18 | log: true
19 |
20 | cache:
21 | # The app cache caches to the filesystem by default. Other options include:
22 |
23 | # Redis
24 | #app: cache.adapter.redis
25 | #default_redis_provider: redis://localhost
26 |
27 | # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
28 | #app: cache.adapter.apcu
29 |
--------------------------------------------------------------------------------
/symfony/config/packages/doctrine.yaml:
--------------------------------------------------------------------------------
1 | parameters:
2 | # Adds a fallback DATABASE_URL if the env var is not set.
3 | # This allows you to run cache:warmup even if your
4 | # environment variables are not available yet.
5 | # You should not need to change this value.
6 | env(DATABASE_URL): ''
7 |
8 | doctrine:
9 | dbal:
10 | # configure these for your database server
11 | driver: 'pdo_mysql'
12 | server_version: '5.7'
13 | charset: utf8mb4
14 |
15 | # With Symfony 3.3, remove the `resolve:` prefix
16 | url: '%env(resolve:DATABASE_URL)%'
17 | orm:
18 | auto_generate_proxy_classes: '%kernel.debug%'
19 | naming_strategy: doctrine.orm.naming_strategy.underscore
20 | auto_mapping: true
21 | mappings:
22 | App:
23 | is_bundle: false
24 | type: annotation
25 | dir: '%kernel.project_dir%/src/Entity'
26 | prefix: 'App\Entity'
27 | alias: App
28 |
--------------------------------------------------------------------------------
/docker/nginx/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM nginx:1.13
2 |
3 | ARG nginx_host
4 |
5 | RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
6 | openssl \
7 | && rm -rf /var/lib/apt/lists/*
8 |
9 | COPY openssl.cnf /etc/ssl/openssl.cnf
10 | RUN sed -i -e "s/NGINX_HOST/$nginx_host/g" /etc/ssl/openssl.cnf
11 |
12 | RUN openssl genrsa -des3 -passout pass:NotSecure -out /etc/ssl/server.pass.key 2048
13 | RUN openssl rsa -passin pass:NotSecure -in /etc/ssl/server.pass.key -out /etc/ssl/server.key
14 | RUN rm /etc/ssl/server.pass.key
15 | RUN openssl req -new -passout pass:NotSecure -key /etc/ssl/server.key -out /etc/ssl/server.csr \
16 | -subj "/C=MX/ST=Mexico/L=Mexico/O=Symfony/CN=$nginx_host" -config /etc/ssl/openssl.cnf
17 | RUN openssl x509 -req -sha256 -days 365 -in /etc/ssl/server.csr -signkey /etc/ssl/server.key \
18 | -out /etc/ssl/server.crt -extensions v3_req -extfile /etc/ssl/openssl.cnf
19 |
20 | ADD nginx.conf /etc/nginx/
21 |
22 | RUN rm /var/log/nginx/access.log /var/log/nginx/error.log
23 |
--------------------------------------------------------------------------------
/symfony/config/packages/prod/doctrine.yaml:
--------------------------------------------------------------------------------
1 | doctrine:
2 | orm:
3 | metadata_cache_driver:
4 | type: service
5 | id: doctrine.system_cache_provider
6 | query_cache_driver:
7 | type: service
8 | id: doctrine.system_cache_provider
9 | result_cache_driver:
10 | type: service
11 | id: doctrine.result_cache_provider
12 |
13 | services:
14 | doctrine.result_cache_provider:
15 | class: Symfony\Component\Cache\DoctrineProvider
16 | public: false
17 | arguments:
18 | - '@doctrine.result_cache_pool'
19 | doctrine.system_cache_provider:
20 | class: Symfony\Component\Cache\DoctrineProvider
21 | public: false
22 | arguments:
23 | - '@doctrine.system_cache_pool'
24 |
25 | framework:
26 | cache:
27 | pools:
28 | doctrine.result_cache_pool:
29 | adapter: cache.app
30 | doctrine.system_cache_pool:
31 | adapter: cache.system
32 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2017
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | sudo: required
2 |
3 | services:
4 | - docker
5 |
6 | addons:
7 | apt:
8 | packages:
9 | - docker-ce
10 |
11 | before_install:
12 | - sudo /etc/init.d/mysql stop
13 | - sudo /etc/init.d/postgresql stop
14 | - docker -v
15 | - docker-compose -v
16 |
17 | script:
18 | - docker-compose -f docker-compose.yaml -f docker-compose.mysql.yaml config > docker-stack.yaml
19 | - docker-compose -f docker-stack.yaml build
20 | - docker-compose -f docker-stack.yaml up -d
21 | - docker-compose -f docker-stack.yaml ps
22 | - docker-compose -f docker-stack.yaml stop
23 | - docker-compose -f docker-compose.yaml -f docker-compose.postgresql.yaml config > docker-stack.yaml
24 | - docker-compose -f docker-stack.yaml build
25 | - docker-compose -f docker-stack.yaml up -d
26 | - docker-compose -f docker-stack.yaml ps
27 | - docker-compose -f docker-stack.yaml stop
28 | - docker-compose -f docker-compose.yaml -f docker-compose.mongodb.yaml config > docker-stack.yaml
29 | - docker-compose -f docker-stack.yaml build
30 | - docker-compose -f docker-stack.yaml up -d
31 | - docker-compose -f docker-stack.yaml ps
32 | - docker-compose -f docker-stack.yaml stop
33 |
--------------------------------------------------------------------------------
/symfony/.env.dist:
--------------------------------------------------------------------------------
1 | # This file is a "template" of which env vars need to be defined for your application
2 | # Copy this file to .env file for development, create environment variables when deploying to production
3 | # https://symfony.com/doc/current/best_practices/configuration.html#infrastructure-related-configuration
4 |
5 | ###> symfony/framework-bundle ###
6 | APP_ENV=dev
7 | APP_SECRET=ThisTokenIsNotSoSecretChangeIt
8 | #TRUSTED_PROXIES=127.0.0.1,127.0.0.2
9 | #TRUSTED_HOSTS=localhost,example.com
10 | ###< symfony/framework-bundle ###
11 |
12 | ###> doctrine/doctrine-bundle ###
13 | # Format described at http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
14 | # For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db"
15 | # Configure your db driver and server_version in config/packages/doctrine.yaml
16 | DATABASE_URL=mysql://${MYSQL_USER}:${MYSQL_PASSWORD}@mysql:3306/${MYSQL_DATABASE}
17 | ###< doctrine/doctrine-bundle ###
18 |
19 | ###> doctrine/mongodb-odm-bundle ###
20 | MONGODB_URL=${MONGODB_SERVER}
21 | MONGODB_DB=${MONGO_INITDB_DATABASE}
22 | ###< doctrine/mongodb-odm-bundle ###
23 |
24 | ###> snc/redis-bundle ###
25 | # passwords that contain special characters (@, %, :, +) must be urlencoded
26 | REDIS_URL=${REDIS_DSN}
27 | ###< snc/redis-bundle ###
28 |
--------------------------------------------------------------------------------
/symfony/bin/console:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env php
2 | load(__DIR__.'/../.env');
23 | }
24 |
25 | $input = new ArgvInput();
26 | $env = $input->getParameterOption(['--env', '-e'], $_SERVER['APP_ENV'] ?? 'dev');
27 | $debug = ($_SERVER['APP_DEBUG'] ?? ('prod' !== $env)) && !$input->hasParameterOption(['--no-debug', '']);
28 |
29 | if ($debug) {
30 | umask(0000);
31 |
32 | if (class_exists(Debug::class)) {
33 | Debug::enable();
34 | }
35 | }
36 |
37 | $kernel = new Kernel($env, $debug);
38 | $application = new Application($kernel);
39 | $application->run($input);
40 |
--------------------------------------------------------------------------------
/symfony/public/index.php:
--------------------------------------------------------------------------------
1 | load(__DIR__.'/../.env');
16 | }
17 |
18 | $env = $_SERVER['APP_ENV'] ?? 'dev';
19 | $debug = $_SERVER['APP_DEBUG'] ?? ('prod' !== $env);
20 |
21 | if ($debug) {
22 | umask(0000);
23 |
24 | Debug::enable();
25 | }
26 |
27 | if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
28 | Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
29 | }
30 |
31 | if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) {
32 | Request::setTrustedHosts(explode(',', $trustedHosts));
33 | }
34 |
35 | $kernel = new Kernel($env, $debug);
36 | $request = Request::createFromGlobals();
37 | $response = $kernel->handle($request);
38 | $response->send();
39 | $kernel->terminate($request, $response);
40 |
--------------------------------------------------------------------------------
/docker/app/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM php:7.2-fpm
2 |
3 | ARG timezone
4 |
5 | RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y \
6 | git \
7 | unzip \
8 | libicu-dev \
9 | zlib1g-dev \
10 | libssl-dev \
11 | pkg-config \
12 | libpq-dev \
13 | && rm -rf /var/lib/apt/lists/*
14 |
15 | RUN set -xe \
16 | && docker-php-ext-configure \
17 | intl \
18 | && docker-php-ext-install \
19 | intl \
20 | opcache \
21 | zip \
22 | pdo \
23 | pdo_mysql \
24 | pdo_pgsql \
25 | && pecl install \
26 | apcu \
27 | xdebug \
28 | mongodb \
29 | redis \
30 | && docker-php-ext-enable \
31 | apcu \
32 | xdebug \
33 | mongodb \
34 | redis
35 |
36 | COPY php.ini /usr/local/etc/php/php.ini
37 | RUN sed -i -e "s#TIMEZONE#$timezone#g" /usr/local/etc/php/php.ini
38 |
39 | COPY xdebug.ini /tmp/xdebug.ini
40 | RUN cat /tmp/xdebug.ini >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
41 | RUN rm /tmp/xdebug.ini
42 |
43 | COPY --from=composer:1.6 /usr/bin/composer /usr/bin/composer
44 | # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
45 | ENV COMPOSER_ALLOW_SUPERUSER 1
46 | # create composer cache directory
47 | RUN mkdir -p /var/www/.composer && chown -R www-data /var/www/.composer
48 |
49 | RUN usermod -u 1000 www-data
50 |
51 | WORKDIR /srv
52 |
--------------------------------------------------------------------------------
/symfony/config/services.yaml:
--------------------------------------------------------------------------------
1 | # Put parameters here that don't need to change on each machine where the app is deployed
2 | # https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
3 | parameters:
4 |
5 | services:
6 | # default configuration for services in *this* file
7 | _defaults:
8 | autowire: true # Automatically injects dependencies in your services.
9 | autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
10 | public: false # Allows optimizing the container by removing unused services; this also means
11 | # fetching services directly from the container via $container->get() won't work.
12 | # The best practice is to be explicit about your dependencies anyway.
13 |
14 | # makes classes in src/ available to be used as services
15 | # this creates a service per class whose id is the fully-qualified class name
16 | App\:
17 | resource: '../src/*'
18 | exclude: '../src/{Entity,Migrations,Tests}'
19 |
20 | # controllers are imported separately to make sure services can be injected
21 | # as action arguments even if you don't extend any base controller class
22 | App\Controller\:
23 | resource: '../src/Controller'
24 | tags: ['controller.service_arguments']
25 |
26 | # add more service definitions when explicit configuration is needed
27 | # please note that last definitions always *replace* previous ones
28 |
--------------------------------------------------------------------------------
/docker/nginx/default.template:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80;
3 | listen 443 ssl;
4 | server_name ${NGINX_HOST};
5 | ssl_certificate /etc/ssl/server.crt;
6 | ssl_certificate_key /etc/ssl/server.key;
7 | root /srv/public;
8 |
9 | location / {
10 | # try to serve file directly, fallback to index.php
11 | try_files $uri /index.php$is_args$args;
12 | }
13 |
14 | location ~ ^/index\.php(/|$) {
15 | fastcgi_pass app:9000;
16 | fastcgi_split_path_info ^(.+\.php)(/.*)$;
17 | include fastcgi_params;
18 |
19 | # optionally set the value of the environment variables used in the application
20 | # fastcgi_param APP_ENV prod;
21 | # fastcgi_param APP_SECRET ;
22 | # fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name";
23 |
24 | # When you are using symlinks to link the document root to the
25 | # current version of your application, you should pass the real
26 | # application path instead of the path to the symlink to PHP
27 | # FPM.
28 | # Otherwise, PHP's OPcache may not properly detect changes to
29 | # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
30 | # for more information).
31 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
32 | fastcgi_param DOCUMENT_ROOT $realpath_root;
33 |
34 | # Prevents URIs that include the front controller. This will 404:
35 | # http://domain.tld/index.php/some-path
36 | # Remove the internal directive to allow URIs like this
37 | internal;
38 | }
39 |
40 | # return 404 for all other php files not matching the front controller
41 | # this prevents access to other php files you don't want to be accessible.
42 | location ~ \.php$ {
43 | return 404;
44 | }
45 |
46 | error_log /var/log/nginx/app_error.log;
47 | access_log /var/log/nginx/app_access.log;
48 | }
49 |
--------------------------------------------------------------------------------
/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | version: '3'
2 |
3 | services:
4 | app:
5 | build:
6 | context: ./docker/app
7 | args:
8 | - timezone=${TZ}
9 | volumes:
10 | - ./symfony:/srv:rw,cached
11 | - app_log:/srv/var/log
12 | env_file:
13 | - .env
14 | environment:
15 | XDEBUG_CONFIG: remote_host=${XDEBUG_REMOTE_HOST}
16 | PHP_IDE_CONFIG: serverName=${NGINX_HOST}
17 |
18 | nginx:
19 | build:
20 | context: ./docker/nginx
21 | args:
22 | - nginx_host=${NGINX_HOST}
23 | ports:
24 | - "80:80"
25 | - "443:443"
26 | depends_on:
27 | - app
28 | volumes:
29 | - ./symfony/public:/srv/public:ro
30 | - ./docker/nginx/default.template:/etc/nginx/conf.d/default.template
31 | - nginx_log:/var/log/nginx
32 | env_file:
33 | - .env
34 | command: /bin/bash -c "envsubst '$$NGINX_HOST'
35 | < /etc/nginx/conf.d/default.template
36 | > /etc/nginx/conf.d/default.conf
37 | && exec nginx -g 'daemon off;'"
38 |
39 | redis:
40 | build:
41 | context: ./docker/redis
42 |
43 | elk:
44 | build:
45 | context: ./docker/elk
46 | ports:
47 | - "5601:5601"
48 | - "9200:9200"
49 | - "5044:5044"
50 | environment:
51 | - ELASTICSEARCH_START
52 | - LOGSTASH_START
53 | - KIBANA_START
54 | - TZ
55 |
56 | filebeat:
57 | build:
58 | context: ./docker/elk
59 | dockerfile: Dockerfile.filebeat
60 | volumes:
61 | - app_log:/var/log/app
62 | - nginx_log:/var/log/nginx
63 |
64 | volumes:
65 | app_log:
66 | nginx_log:
67 |
--------------------------------------------------------------------------------
/symfony/composer.json:
--------------------------------------------------------------------------------
1 | {
2 | "type": "project",
3 | "license": "proprietary",
4 | "require": {
5 | "php": "^7.1.3",
6 | "ext-iconv": "*",
7 | "alcaeus/mongo-php-adapter": "^1.1",
8 | "doctrine/mongodb-odm-bundle": "^3.4",
9 | "predis/predis": "^1.1",
10 | "roave/security-advisories": "dev-master",
11 | "sensio/framework-extra-bundle": "^5.1",
12 | "snc/redis-bundle": "^2.0",
13 | "symfony/console": "^4.0",
14 | "symfony/flex": "^1.0",
15 | "symfony/framework-bundle": "^4.0",
16 | "symfony/lts": "^4@dev",
17 | "symfony/maker-bundle": "^1.0",
18 | "symfony/monolog-bundle": "^3.1",
19 | "symfony/orm-pack": "^1.0",
20 | "symfony/twig-bundle": "^4.0",
21 | "symfony/yaml": "^4.0"
22 | },
23 | "require-dev": {
24 | "symfony/dotenv": "^4.0",
25 | "symfony/profiler-pack": "^1.0"
26 | },
27 | "config": {
28 | "preferred-install": {
29 | "*": "dist"
30 | },
31 | "sort-packages": true,
32 | "platform": {
33 | "ext-mongo": "1.6.16"
34 | }
35 | },
36 | "autoload": {
37 | "psr-4": {
38 | "App\\": "src/"
39 | }
40 | },
41 | "autoload-dev": {
42 | "psr-4": {
43 | "App\\Tests\\": "tests/"
44 | }
45 | },
46 | "replace": {
47 | "symfony/polyfill-iconv": "*",
48 | "symfony/polyfill-php71": "*",
49 | "symfony/polyfill-php70": "*",
50 | "symfony/polyfill-php56": "*"
51 | },
52 | "scripts": {
53 | "auto-scripts": {
54 | "cache:clear": "symfony-cmd",
55 | "assets:install --symlink --relative %PUBLIC_DIR%": "symfony-cmd"
56 | },
57 | "post-install-cmd": [
58 | "@auto-scripts"
59 | ],
60 | "post-update-cmd": [
61 | "@auto-scripts"
62 | ]
63 | },
64 | "conflict": {
65 | "symfony/symfony": "*"
66 | },
67 | "extra": {
68 | "symfony": {
69 | "id": "01C3DWWG63GH8NYW0HXN0JV8GE",
70 | "allow-contrib": "true"
71 | }
72 | }
73 | }
74 |
--------------------------------------------------------------------------------
/symfony/src/Kernel.php:
--------------------------------------------------------------------------------
1 | getProjectDir().'/var/cache/'.$this->environment;
20 | }
21 |
22 | public function getLogDir()
23 | {
24 | return $this->getProjectDir().'/var/log';
25 | }
26 |
27 | public function registerBundles()
28 | {
29 | $contents = require $this->getProjectDir().'/config/bundles.php';
30 | foreach ($contents as $class => $envs) {
31 | if (isset($envs['all']) || isset($envs[$this->environment])) {
32 | yield new $class();
33 | }
34 | }
35 | }
36 |
37 | protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader)
38 | {
39 | $container->setParameter('container.autowiring.strict_mode', true);
40 | $container->setParameter('container.dumper.inline_class_loader', true);
41 | $confDir = $this->getProjectDir().'/config';
42 | $loader->load($confDir.'/packages/*'.self::CONFIG_EXTS, 'glob');
43 | if (is_dir($confDir.'/packages/'.$this->environment)) {
44 | $loader->load($confDir.'/packages/'.$this->environment.'/**/*'.self::CONFIG_EXTS, 'glob');
45 | }
46 | $loader->load($confDir.'/services'.self::CONFIG_EXTS, 'glob');
47 | $loader->load($confDir.'/services_'.$this->environment.self::CONFIG_EXTS, 'glob');
48 | }
49 |
50 | protected function configureRoutes(RouteCollectionBuilder $routes)
51 | {
52 | $confDir = $this->getProjectDir().'/config';
53 | if (is_dir($confDir.'/routes/')) {
54 | $routes->import($confDir.'/routes/*'.self::CONFIG_EXTS, '/', 'glob');
55 | }
56 | if (is_dir($confDir.'/routes/'.$this->environment)) {
57 | $routes->import($confDir.'/routes/'.$this->environment.'/**/*'.self::CONFIG_EXTS, '/', 'glob');
58 | }
59 | $routes->import($confDir.'/routes'.self::CONFIG_EXTS, '/', 'glob');
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/docker/elk/logstash/patterns/symfony.conf:
--------------------------------------------------------------------------------
1 | VERYGREEDYDATA (.|\n)*
2 |
3 | SYMFONY_EXCEPTION [^:]*
4 |
5 | SYMFONY_LOG_TYPE request|security|app|profiler|doctrine|event|console|snc_redis
6 | SYMFONY_LOG_LEVEL DEBUG|INFO|WARNING|ERROR|CRITICAL|ALERT
7 | SYMFONY_LOG %{SYMFONY_LOG_TYPE:log_type}\.%{SYMFONY_LOG_LEVEL:log_level}
8 |
9 | SYMFONY_PARAMETER "[^"]*":( )?"[^"]*"
10 | SYMFONY_PARAMETERS (%{SYMFONY_PARAMETER}(, )?)*
11 | SYMFONY_CONTEXT {.*}
12 | SYMFONY_REQUEST_METHOD GET|POST|PUT|DELETE|HEAD|OPTIONS|CONNECT
13 | SYMFONY_REQUEST_PARAMETERS {"url":"%{GREEDYDATA:request_url}","ip":"%{IP:request_ip}","http_method":"%{SYMFONY_REQUEST_METHOD:request_method}"}
14 |
15 | SYMFONY_REQUEST_INFO Matched route "%{GREEDYDATA:route}" \(parameters: %{SYMFONY_PARAMETERS:parameters}\)
16 | SYMFONY_REQUEST_UNCAUGHT_EXCEPTION %{SYMFONY_EXCEPTION:exception}: %{VERYGREEDYDATA:exception_message} \(uncaught exception\) at %{VERYGREEDYDATA:exception_file} line %{NUMBER:exception_file_line}
17 | SYMFONY_REQUEST_CRITICAL Exception thrown when handling an exception \(ErrorException: %{GREEDYDATA:exception_message} in %{GREEDYDATA:exception_file} line %{NUMBER:exception_file_line}\)
18 | SYMFONY_SECURITY_WARNING_USER_MISSING Username "%{GREEDYDATA:user}" could not be found.
19 | SYMFONY_SECURITY_INFO_USER_AUTHENTICATED User "%{GREEDYDATA:user}" has been authenticated successfully
20 | SYMFONY_SECURITY_INFO_AUTHENTICATION_FAILED Authentication request failed: %{GREEDYDATA:authentication_fail_reason}
21 | SYMFONY_SECURITY_DEBUG Username "%{GREEDYDATA:user}" was reloaded from user provider.
22 | SYMFONY_EVENT_DEBUG_NOTIFICATION Notified event "%{GREEDYDATA:event}" to listener "%{GREEDYDATA:listener}".
23 | SYMFONY_EVENT_DEBUG_PROPAGATION_STOP Listener "%{GREEDYDATA:listener}" stopped propagation of the event "%{GREEDYDATA:event}".
24 | SYMFONY_DOCTRINE_DEBUG (?<=doctrine.DEBUG: ).*
25 |
26 | SYMFONY_REQUEST %{SYMFONY_REQUEST_INFO}|%{SYMFONY_REQUEST_UNCAUGHT_EXCEPTION}|%{SYMFONY_REQUEST_CRITICAL}
27 | SYMFONY_SECURITY %{SYMFONY_SECURITY_WARNING_USER_MISSING}|%{SYMFONY_SECURITY_INFO_USER_AUTHENTICATED}|%{SYMFONY_SECURITY_DEBUG}|%{SYMFONY_SECURITY_INFO_AUTHENTICATION_FAILED}
28 | SYMFONY_EVENT %{SYMFONY_EVENT_DEBUG_NOTIFICATION}|%{SYMFONY_EVENT_DEBUG_PROPAGATION_STOP}
29 | SYMFONY_DOCTRINE %{SYMFONY_DOCTRINE_DEBUG:doctrine_sql_query}
30 | SYMFONY_VARIOUS_INFO Write SecurityContext in the session|Reloading user from user provider.|Read SecurityContext from the session|Populated SecurityContext with an anonymous Token|Access is denied (and user is neither anonymous, nor remember-me)|Unable to store the profiler information.|Remember-me cookie accepted.
31 |
32 | SYMFONY_LOG_MESSAGE %{SYMFONY_REQUEST}|%{SYMFONY_SECURITY}|%{SYMFONY_EVENT}|%{SYMFONY_DOCTRINE}|%{SYMFONY_VARIOUS_INFO:log_various_info}|%{VERYGREEDYDATA:log_unparsed_message}
33 |
34 | SYMFONY ^\[%{TIMESTAMP_ISO8601:date}\] %{SYMFONY_LOG}: %{SYMFONY_LOG_MESSAGE:log_message} (\[\]|%{SYMFONY_CONTEXT:log_context}) (\[\]|%{SYMFONY_REQUEST_PARAMETERS:log_request})
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Symfony 4.0 + Docker
2 |
3 | [](https://travis-ci.org/guham/symfony-docker)
4 |
5 | ## Requirements
6 |
7 | - [Docker](https://docs.docker.com/engine/installation/) installed
8 | - [Docker Compose](https://docs.docker.com/compose/install/) installed
9 |
10 | ## Services
11 |
12 | - PHP-FPM 7.2
13 | - Nginx 1.13
14 | - MySQL 5.7 | PostgreSQL 9.6 | MongoDB 3.4
15 | - Redis 4.0
16 | - [ELK](https://github.com/spujadas/elk-docker) (Elasticsearch 6.1.2, Logstash 6.1.2, Kibana 6.1.2)
17 |
18 | ## Installation
19 |
20 | 1. Clone this repository
21 | ```bash
22 | $ git clone https://github.com/guham/symfony-docker.git
23 | ```
24 | 2. Update the Docker `.env` file according to your needs. The `NGINX_HOST` environment variable allows you to use a custom server name
25 |
26 | 3. Add the server name in your system host file
27 |
28 | 4. Copy the `symfony/.env.dist` file to `symfony/.env`
29 | ```bash
30 | $ cp symfony/.env.dist symfony/.env
31 | ```
32 | 5. Update the database configuration according to your choice of database
33 |
34 | MySQL:
35 | ```yaml
36 | # symfony/config/packages/doctrine.yaml
37 | doctrine:
38 | dbal:
39 | driver: 'pdo_mysql'
40 | server_version: '5.7'
41 | charset: utf8mb4
42 | url: '%env(resolve:DATABASE_URL)%'
43 | # ...
44 | ```
45 | ```bash
46 | # symfony/.env
47 | DATABASE_URL=mysql://${MYSQL_USER}:${MYSQL_PASSWORD}@mysql:3306/${MYSQL_DATABASE}
48 | ```
49 | PostgreSQL:
50 | ```yaml
51 | # symfony/config/packages/doctrine.yaml
52 | doctrine:
53 | dbal:
54 | driver: 'pdo_pgsql'
55 | server_version: '9.6'
56 | charset: UTF8
57 | url: '%env(resolve:DATABASE_URL)%'
58 | # ...
59 | ```
60 | ```bash
61 | # symfony/.env
62 | DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgresql:5432/${POSTGRES_DB}
63 | ```
64 | MongoDB:
65 | ```yaml
66 | # symfony/config/packages/doctrine_mongodb.yaml
67 | doctrine_mongodb:
68 | connections:
69 | default:
70 | server: '%env(MONGODB_URL)%'
71 | options:
72 | username: '%env(MONGODB_USERNAME)%'
73 | password: '%env(MONGODB_PASSWORD)%'
74 | authSource: '%env(MONGO_INITDB_DATABASE)%'
75 | default_database: '%env(MONGODB_DB)%'
76 | # ...
77 | ```
78 | ```bash
79 | # symfony/.env
80 | MONGODB_URL=${MONGODB_SERVER}
81 | MONGODB_DB=${MONGO_INITDB_DATABASE}
82 | ```
83 |
84 | 6. Build & run containers with `docker-compose` by specifying a second compose file, e.g., with MySQL
85 | ```bash
86 | $ docker-compose -f docker-compose.yaml -f docker-compose.mysql.yaml build
87 | ```
88 | then
89 | ```bash
90 | $ docker-compose -f docker-compose.yaml -f docker-compose.mysql.yaml up -d
91 | ```
92 | **Note:** for PostgreSQL, use `docker-compose.postgresql.yaml` and for MongoDB `docker-compose.mongodb.yaml`
93 |
94 | 7. Composer install
95 |
96 | first, configure permissions on `symfony/var` folder
97 | ```bash
98 | $ docker-compose exec app chown -R www-data:1000 var
99 | ```
100 | then
101 | ```bash
102 | $ docker-compose exec -u www-data app composer install
103 | ```
104 |
105 | ## Access the application
106 |
107 | You can access the application both in HTTP and HTTPS:
108 |
109 | - with `APP_ENV=dev` or `APP_ENV=prod`: [symfony-docker.localhost](http://symfony-docker.localhost)
110 | - Kibana logs: [symfony-docker.localhost:5601](http://symfony-docker.localhost:5601)
111 |
112 | **Note:** `symfony-docker.localhost` is the default server name. You can customize it in the `.env` file with `NGINX_HOST` variable.
113 |
114 | ## Docker-compose alternative method
115 |
116 | In order to get rid of the second compose file (e.g.`docker-compose.mysql.yaml`), [you can validate the configuration](https://docs.docker.com/compose/reference/config/) and then use another Compose file:
117 |
118 | ```bash
119 | $ docker-compose -f docker-compose.yaml -f docker-compose.mysql.yaml config > docker-stack.yaml
120 | ```
121 | then
122 | ```bash
123 | $ docker-compose -f docker-stack.yaml build
124 | $ docker-compose -f docker-stack.yaml up -d
125 | ```
126 |
127 | Moreover, you can copy database service configuration from compose file into `docker-compose.yaml` and use it as default.
128 |
129 | ## Databases
130 |
131 | - MySQL
132 |
133 | The `MYSQL_DATABASE` variable specifies the name of the database to be created on image startup.
134 | User `MYSQL_USER` with password `MYSQL_PASSWORD` will be created and will be granted superuser access to this database.
135 |
136 | - PostgreSQL
137 |
138 | Same as MySQL but with `POSTGRES_DB`, `POSTGRES_USER` and `POSTGRES_PASSWORD` variables.
139 |
140 | - MongoDB
141 |
142 | The `MONGO_INITDB_DATABASE` variable specifies the name of the database to be created on image startup.
143 | User `MONGODB_USERNAME` with password `MONGODB_PASSWORD` will be created with the `dbOwner` role to this database.
144 | Finally, `MONGO_INITDB_ROOT_USERNAME` and `MONGO_INITDB_ROOT_PASSWORD` let you customize root user.
145 |
146 | ## Commands
147 |
148 | **Note:** `symfony` is the default value for the user, password and database name. You can customize them in the `.env` file.
149 |
150 | ```bash
151 | # bash
152 | $ docker-compose exec app /bin/bash
153 |
154 | # Symfony console
155 | $ docker-compose exec -u www-data app bin/console
156 |
157 | # configure permissions, e.g. on `var/log` folder
158 | $ docker-compose exec app chown -R www-data:1000 var/log
159 |
160 | # MySQL
161 | # access with application account
162 | $ docker-compose -f docker-stack.yaml exec mysql mysql -usymfony -psymfony
163 |
164 | # PostgreSQL
165 | # access with application account
166 | $ docker-compose -f docker-stack.yaml exec postgresql psql -d symfony -U symfony
167 |
168 | # MongoDB
169 | # access with application account
170 | $ docker-compose -f docker-stack.yaml exec mongodb mongo -u symfony -p symfony --authenticationDatabase symfony
171 | ```
172 |
--------------------------------------------------------------------------------
/symfony/symfony.lock:
--------------------------------------------------------------------------------
1 | {
2 | "alcaeus/mongo-php-adapter": {
3 | "version": "1.1.3"
4 | },
5 | "doctrine/annotations": {
6 | "version": "1.0",
7 | "recipe": {
8 | "repo": "github.com/symfony/recipes",
9 | "branch": "master",
10 | "version": "1.0",
11 | "ref": "cb4152ebcadbe620ea2261da1a1c5a9b8cea7672"
12 | }
13 | },
14 | "doctrine/cache": {
15 | "version": "v1.7.1"
16 | },
17 | "doctrine/collections": {
18 | "version": "v1.5.0"
19 | },
20 | "doctrine/common": {
21 | "version": "v2.8.1"
22 | },
23 | "doctrine/dbal": {
24 | "version": "v2.6.3"
25 | },
26 | "doctrine/doctrine-bundle": {
27 | "version": "1.6",
28 | "recipe": {
29 | "repo": "github.com/symfony/recipes",
30 | "branch": "master",
31 | "version": "1.6",
32 | "ref": "44d3aa7752dd46f77ba11af2297a25e1dedfb4d0"
33 | }
34 | },
35 | "doctrine/doctrine-cache-bundle": {
36 | "version": "1.3.2"
37 | },
38 | "doctrine/doctrine-migrations-bundle": {
39 | "version": "1.2",
40 | "recipe": {
41 | "repo": "github.com/symfony/recipes",
42 | "branch": "master",
43 | "version": "1.2",
44 | "ref": "c1431086fec31f17fbcfe6d6d7e92059458facc1"
45 | }
46 | },
47 | "doctrine/inflector": {
48 | "version": "v1.2.0"
49 | },
50 | "doctrine/instantiator": {
51 | "version": "1.1.0"
52 | },
53 | "doctrine/lexer": {
54 | "version": "v1.0.1"
55 | },
56 | "doctrine/migrations": {
57 | "version": "v1.6.2"
58 | },
59 | "doctrine/mongodb": {
60 | "version": "1.6.1"
61 | },
62 | "doctrine/mongodb-odm": {
63 | "version": "1.2.1"
64 | },
65 | "doctrine/mongodb-odm-bundle": {
66 | "version": "3.3",
67 | "recipe": {
68 | "repo": "github.com/symfony/recipes-contrib",
69 | "branch": "master",
70 | "version": "3.3",
71 | "ref": "e1ee362a520ff9e3e7c38fb5399499427ed91314"
72 | }
73 | },
74 | "doctrine/orm": {
75 | "version": "v2.6.0"
76 | },
77 | "jdorn/sql-formatter": {
78 | "version": "v1.2.17"
79 | },
80 | "mongodb/mongodb": {
81 | "version": "1.2.0"
82 | },
83 | "monolog/monolog": {
84 | "version": "1.23.0"
85 | },
86 | "ocramius/package-versions": {
87 | "version": "1.2.0"
88 | },
89 | "ocramius/proxy-manager": {
90 | "version": "2.1.1"
91 | },
92 | "predis/predis": {
93 | "version": "v1.1.1"
94 | },
95 | "psr/cache": {
96 | "version": "1.0.1"
97 | },
98 | "psr/container": {
99 | "version": "1.0.0"
100 | },
101 | "psr/log": {
102 | "version": "1.0.2"
103 | },
104 | "psr/simple-cache": {
105 | "version": "1.0.0"
106 | },
107 | "roave/security-advisories": {
108 | "version": "dev-master"
109 | },
110 | "sensio/framework-extra-bundle": {
111 | "version": "4.0",
112 | "recipe": {
113 | "repo": "github.com/symfony/recipes",
114 | "branch": "master",
115 | "version": "4.0",
116 | "ref": "aaddfdf43cdecd4cf91f992052d76c2cadc04543"
117 | }
118 | },
119 | "snc/redis-bundle": {
120 | "version": "2.0",
121 | "recipe": {
122 | "repo": "github.com/symfony/recipes-contrib",
123 | "branch": "master",
124 | "version": "2.0",
125 | "ref": "9ef855ff444add54c2d66bdf3f4b7b2b6a120259"
126 | }
127 | },
128 | "symfony/cache": {
129 | "version": "v4.0.3"
130 | },
131 | "symfony/config": {
132 | "version": "v4.0.3"
133 | },
134 | "symfony/console": {
135 | "version": "3.3",
136 | "recipe": {
137 | "repo": "github.com/symfony/recipes",
138 | "branch": "master",
139 | "version": "3.3",
140 | "ref": "9f94d3ea453cd8a3b95db7f82592d7344fe3a76a"
141 | }
142 | },
143 | "symfony/debug": {
144 | "version": "v4.0.3"
145 | },
146 | "symfony/dependency-injection": {
147 | "version": "v4.0.3"
148 | },
149 | "symfony/doctrine-bridge": {
150 | "version": "v4.0.3"
151 | },
152 | "symfony/dotenv": {
153 | "version": "v4.0.3"
154 | },
155 | "symfony/event-dispatcher": {
156 | "version": "v4.0.3"
157 | },
158 | "symfony/filesystem": {
159 | "version": "v4.0.3"
160 | },
161 | "symfony/finder": {
162 | "version": "v4.0.3"
163 | },
164 | "symfony/flex": {
165 | "version": "1.0",
166 | "recipe": {
167 | "repo": "github.com/symfony/recipes",
168 | "branch": "master",
169 | "version": "1.0",
170 | "ref": "cc1afd81841db36fbef982fe56b48ade6716fac4"
171 | }
172 | },
173 | "symfony/framework-bundle": {
174 | "version": "3.3",
175 | "recipe": {
176 | "repo": "github.com/symfony/recipes",
177 | "branch": "master",
178 | "version": "3.3",
179 | "ref": "137a14eeb6b3f5370e7147af8aff6518504f50c7"
180 | }
181 | },
182 | "symfony/http-foundation": {
183 | "version": "v4.0.3"
184 | },
185 | "symfony/http-kernel": {
186 | "version": "v4.0.3"
187 | },
188 | "symfony/lts": {
189 | "version": "4-dev"
190 | },
191 | "symfony/maker-bundle": {
192 | "version": "1.0",
193 | "recipe": {
194 | "repo": "github.com/symfony/recipes",
195 | "branch": "master",
196 | "version": "1.0",
197 | "ref": "fadbfe33303a76e25cb63401050439aa9b1a9c7f"
198 | }
199 | },
200 | "symfony/monolog-bridge": {
201 | "version": "v4.0.3"
202 | },
203 | "symfony/monolog-bundle": {
204 | "version": "3.1",
205 | "recipe": {
206 | "repo": "github.com/symfony/recipes",
207 | "branch": "master",
208 | "version": "3.1",
209 | "ref": "371d1a2b69984710646b09a1182ef1d4308c904f"
210 | }
211 | },
212 | "symfony/options-resolver": {
213 | "version": "v4.0.3"
214 | },
215 | "symfony/orm-pack": {
216 | "version": "v1.0.5"
217 | },
218 | "symfony/polyfill-mbstring": {
219 | "version": "v1.6.0"
220 | },
221 | "symfony/polyfill-php72": {
222 | "version": "v1.6.0"
223 | },
224 | "symfony/profiler-pack": {
225 | "version": "v1.0.3"
226 | },
227 | "symfony/routing": {
228 | "version": "4.0",
229 | "recipe": {
230 | "repo": "github.com/symfony/recipes",
231 | "branch": "master",
232 | "version": "4.0",
233 | "ref": "cda8b550123383d25827705d05a42acf6819fe4e"
234 | }
235 | },
236 | "symfony/stopwatch": {
237 | "version": "v4.0.3"
238 | },
239 | "symfony/twig-bridge": {
240 | "version": "v4.0.3"
241 | },
242 | "symfony/twig-bundle": {
243 | "version": "3.3",
244 | "recipe": {
245 | "repo": "github.com/symfony/recipes",
246 | "branch": "master",
247 | "version": "3.3",
248 | "ref": "f75ac166398e107796ca94cc57fa1edaa06ec47f"
249 | }
250 | },
251 | "symfony/var-dumper": {
252 | "version": "v4.0.3"
253 | },
254 | "symfony/web-profiler-bundle": {
255 | "version": "3.3",
256 | "recipe": {
257 | "repo": "github.com/symfony/recipes",
258 | "branch": "master",
259 | "version": "3.3",
260 | "ref": "6bdfa1a95f6b2e677ab985cd1af2eae35d62e0f6"
261 | }
262 | },
263 | "symfony/yaml": {
264 | "version": "v4.0.3"
265 | },
266 | "twig/twig": {
267 | "version": "v2.4.4"
268 | },
269 | "zendframework/zend-code": {
270 | "version": "3.3.0"
271 | },
272 | "zendframework/zend-eventmanager": {
273 | "version": "3.2.0"
274 | }
275 | }
276 |
--------------------------------------------------------------------------------
/docker/nginx/openssl.cnf:
--------------------------------------------------------------------------------
1 | #
2 | # OpenSSL example configuration file.
3 | # This is mostly being used for generation of certificate requests.
4 | #
5 |
6 | # This definition stops the following lines choking if HOME isn't
7 | # defined.
8 | HOME = .
9 | RANDFILE = $ENV::HOME/.rnd
10 |
11 | # Extra OBJECT IDENTIFIER info:
12 | #oid_file = $ENV::HOME/.oid
13 | oid_section = new_oids
14 |
15 | # To use this configuration file with the "-extfile" option of the
16 | # "openssl x509" utility, name here the section containing the
17 | # X.509v3 extensions to use:
18 | # extensions =
19 | # (Alternatively, use a configuration file that has only
20 | # X.509v3 extensions in its main [= default] section.)
21 |
22 | [ new_oids ]
23 |
24 | # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
25 | # Add a simple OID like this:
26 | # testoid1=1.2.3.4
27 | # Or use config file substitution like this:
28 | # testoid2=${testoid1}.5.6
29 |
30 | # Policies used by the TSA examples.
31 | tsa_policy1 = 1.2.3.4.1
32 | tsa_policy2 = 1.2.3.4.5.6
33 | tsa_policy3 = 1.2.3.4.5.7
34 |
35 | ####################################################################
36 | [ ca ]
37 | default_ca = CA_default # The default ca section
38 |
39 | ####################################################################
40 | [ CA_default ]
41 |
42 | dir = ./demoCA # Where everything is kept
43 | certs = $dir/certs # Where the issued certs are kept
44 | crl_dir = $dir/crl # Where the issued crl are kept
45 | database = $dir/index.txt # database index file.
46 | #unique_subject = no # Set to 'no' to allow creation of
47 | # several certs with same subject.
48 | new_certs_dir = $dir/newcerts # default place for new certs.
49 |
50 | certificate = $dir/cacert.pem # The CA certificate
51 | serial = $dir/serial # The current serial number
52 | crlnumber = $dir/crlnumber # the current crl number
53 | # must be commented out to leave a V1 CRL
54 | crl = $dir/crl.pem # The current CRL
55 | private_key = $dir/private/cakey.pem# The private key
56 | RANDFILE = $dir/private/.rand # private random number file
57 |
58 | x509_extensions = usr_cert # The extensions to add to the cert
59 |
60 | # Comment out the following two lines for the "traditional"
61 | # (and highly broken) format.
62 | name_opt = ca_default # Subject Name options
63 | cert_opt = ca_default # Certificate field options
64 |
65 | # Extension copying option: use with caution.
66 | # copy_extensions = copy
67 |
68 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
69 | # so this is commented out by default to leave a V1 CRL.
70 | # crlnumber must also be commented out to leave a V1 CRL.
71 | # crl_extensions = crl_ext
72 |
73 | default_days = 365 # how long to certify for
74 | default_crl_days= 30 # how long before next CRL
75 | default_md = default # use public key default MD
76 | preserve = no # keep passed DN ordering
77 |
78 | # A few difference way of specifying how similar the request should look
79 | # For type CA, the listed attributes must be the same, and the optional
80 | # and supplied fields are just that :-)
81 | policy = policy_match
82 |
83 | # For the CA policy
84 | [ policy_match ]
85 | countryName = match
86 | stateOrProvinceName = match
87 | organizationName = match
88 | organizationalUnitName = optional
89 | commonName = supplied
90 | emailAddress = optional
91 |
92 | # For the 'anything' policy
93 | # At this point in time, you must list all acceptable 'object'
94 | # types.
95 | [ policy_anything ]
96 | countryName = optional
97 | stateOrProvinceName = optional
98 | localityName = optional
99 | organizationName = optional
100 | organizationalUnitName = optional
101 | commonName = supplied
102 | emailAddress = optional
103 |
104 | ####################################################################
105 | [ req ]
106 | default_bits = 2048
107 | default_keyfile = privkey.pem
108 | distinguished_name = req_distinguished_name
109 | attributes = req_attributes
110 | x509_extensions = v3_ca # The extensions to add to the self signed cert
111 |
112 | # Passwords for private keys if not present they will be prompted for
113 | # input_password = secret
114 | # output_password = secret
115 |
116 | # This sets a mask for permitted string types. There are several options.
117 | # default: PrintableString, T61String, BMPString.
118 | # pkix : PrintableString, BMPString (PKIX recommendation before 2004)
119 | # utf8only: only UTF8Strings (PKIX recommendation after 2004).
120 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
121 | # MASK:XXXX a literal mask value.
122 | # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
123 | string_mask = utf8only
124 |
125 | # req_extensions = v3_req # The extensions to add to a certificate request
126 |
127 | [ req_distinguished_name ]
128 | countryName = Country Name (2 letter code)
129 | countryName_default = AU
130 | countryName_min = 2
131 | countryName_max = 2
132 |
133 | stateOrProvinceName = State or Province Name (full name)
134 | stateOrProvinceName_default = Some-State
135 |
136 | localityName = Locality Name (eg, city)
137 |
138 | 0.organizationName = Organization Name (eg, company)
139 | 0.organizationName_default = Internet Widgits Pty Ltd
140 |
141 | # we can do this but it is not needed normally :-)
142 | #1.organizationName = Second Organization Name (eg, company)
143 | #1.organizationName_default = World Wide Web Pty Ltd
144 |
145 | organizationalUnitName = Organizational Unit Name (eg, section)
146 | #organizationalUnitName_default =
147 |
148 | commonName = Common Name (e.g. server FQDN or YOUR name)
149 | commonName_max = 64
150 |
151 | emailAddress = Email Address
152 | emailAddress_max = 64
153 |
154 | # SET-ex3 = SET extension number 3
155 |
156 | [ req_attributes ]
157 | challengePassword = A challenge password
158 | challengePassword_min = 4
159 | challengePassword_max = 20
160 |
161 | unstructuredName = An optional company name
162 |
163 | [ usr_cert ]
164 |
165 | # These extensions are added when 'ca' signs a request.
166 |
167 | # This goes against PKIX guidelines but some CAs do it and some software
168 | # requires this to avoid interpreting an end user certificate as a CA.
169 |
170 | basicConstraints=CA:FALSE
171 |
172 | # Here are some examples of the usage of nsCertType. If it is omitted
173 | # the certificate can be used for anything *except* object signing.
174 |
175 | # This is OK for an SSL server.
176 | # nsCertType = server
177 |
178 | # For an object signing certificate this would be used.
179 | # nsCertType = objsign
180 |
181 | # For normal client use this is typical
182 | # nsCertType = client, email
183 |
184 | # and for everything including object signing:
185 | # nsCertType = client, email, objsign
186 |
187 | # This is typical in keyUsage for a client certificate.
188 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
189 |
190 | # This will be displayed in Netscape's comment listbox.
191 | nsComment = "OpenSSL Generated Certificate"
192 |
193 | # PKIX recommendations harmless if included in all certificates.
194 | subjectKeyIdentifier=hash
195 | authorityKeyIdentifier=keyid,issuer
196 |
197 | # This stuff is for subjectAltName and issuerAltname.
198 | # Import the email address.
199 | # subjectAltName=email:copy
200 | # An alternative to produce certificates that aren't
201 | # deprecated according to PKIX.
202 | # subjectAltName=email:move
203 |
204 | # Copy subject details
205 | # issuerAltName=issuer:copy
206 |
207 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
208 | #nsBaseUrl
209 | #nsRevocationUrl
210 | #nsRenewalUrl
211 | #nsCaPolicyUrl
212 | #nsSslServerName
213 |
214 | # This is required for TSA certificates.
215 | # extendedKeyUsage = critical,timeStamping
216 |
217 | [ v3_req ]
218 |
219 | # Extensions to add to a certificate request
220 |
221 | basicConstraints = CA:TRUE
222 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment
223 |
224 | subjectAltName = @alt_names
225 | [alt_names]
226 | DNS.1 = NGINX_HOST
227 |
228 | [ v3_ca ]
229 |
230 |
231 | # Extensions for a typical CA
232 |
233 |
234 | # PKIX recommendation.
235 |
236 | subjectKeyIdentifier=hash
237 |
238 | authorityKeyIdentifier=keyid:always,issuer
239 |
240 | basicConstraints = critical,CA:true
241 |
242 | # Key usage: this is typical for a CA certificate. However since it will
243 | # prevent it being used as an test self-signed certificate it is best
244 | # left out by default.
245 | # keyUsage = cRLSign, keyCertSign
246 |
247 | # Some might want this also
248 | # nsCertType = sslCA, emailCA
249 |
250 | # Include email address in subject alt name: another PKIX recommendation
251 | # subjectAltName=email:copy
252 | # Copy issuer details
253 | # issuerAltName=issuer:copy
254 |
255 | # DER hex encoding of an extension: beware experts only!
256 | # obj=DER:02:03
257 | # Where 'obj' is a standard or added object
258 | # You can even override a supported extension:
259 | # basicConstraints= critical, DER:30:03:01:01:FF
260 |
261 | [ crl_ext ]
262 |
263 | # CRL extensions.
264 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
265 |
266 | # issuerAltName=issuer:copy
267 | authorityKeyIdentifier=keyid:always
268 |
269 | [ proxy_cert_ext ]
270 | # These extensions should be added when creating a proxy certificate
271 |
272 | # This goes against PKIX guidelines but some CAs do it and some software
273 | # requires this to avoid interpreting an end user certificate as a CA.
274 |
275 | basicConstraints=CA:FALSE
276 |
277 | # Here are some examples of the usage of nsCertType. If it is omitted
278 | # the certificate can be used for anything *except* object signing.
279 |
280 | # This is OK for an SSL server.
281 | # nsCertType = server
282 |
283 | # For an object signing certificate this would be used.
284 | # nsCertType = objsign
285 |
286 | # For normal client use this is typical
287 | # nsCertType = client, email
288 |
289 | # and for everything including object signing:
290 | # nsCertType = client, email, objsign
291 |
292 | # This is typical in keyUsage for a client certificate.
293 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
294 |
295 | # This will be displayed in Netscape's comment listbox.
296 | nsComment = "OpenSSL Generated Certificate"
297 |
298 | # PKIX recommendations harmless if included in all certificates.
299 | subjectKeyIdentifier=hash
300 | authorityKeyIdentifier=keyid,issuer
301 |
302 | # This stuff is for subjectAltName and issuerAltname.
303 | # Import the email address.
304 | # subjectAltName=email:copy
305 | # An alternative to produce certificates that aren't
306 | # deprecated according to PKIX.
307 | # subjectAltName=email:move
308 |
309 | # Copy subject details
310 | # issuerAltName=issuer:copy
311 |
312 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
313 | #nsBaseUrl
314 | #nsRevocationUrl
315 | #nsRenewalUrl
316 | #nsCaPolicyUrl
317 | #nsSslServerName
318 |
319 | # This really needs to be in place for it to be a proxy certificate.
320 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
321 |
322 | ####################################################################
323 | [ tsa ]
324 |
325 | default_tsa = tsa_config1 # the default TSA section
326 |
327 | [ tsa_config1 ]
328 |
329 | # These are used by the TSA reply generation only.
330 | dir = ./demoCA # TSA root directory
331 | serial = $dir/tsaserial # The current serial number (mandatory)
332 | crypto_device = builtin # OpenSSL engine to use for signing
333 | signer_cert = $dir/tsacert.pem # The TSA signing certificate
334 | # (optional)
335 | certs = $dir/cacert.pem # Certificate chain to include in reply
336 | # (optional)
337 | signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
338 | signer_digest = sha256 # Signing digest to use. (Optional)
339 | default_policy = tsa_policy1 # Policy if request did not specify it
340 | # (optional)
341 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
342 | digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
343 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
344 | clock_precision_digits = 0 # number of digits after dot. (optional)
345 | ordering = yes # Is ordering defined for timestamps?
346 | # (optional, default: no)
347 | tsa_name = yes # Must the TSA name be included in the reply?
348 | # (optional, default: no)
349 | ess_cert_id_chain = no # Must the ESS cert id chain be included?
350 | # (optional, default: no)
351 |
--------------------------------------------------------------------------------