Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Improving Web server configuration#2508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
weaverryan merged 1 commit intosymfony:2.0frommaxromanovsky:improving_web_server_config
May 3, 2013
Merged

Improving Web server configuration#2508

weaverryan merged 1 commit intosymfony:2.0frommaxromanovsky:improving_web_server_config
May 3, 2013

Conversation

maxromanovsky
Copy link
Contributor

QA
Doc fix?no
New docs?no
Applies toall
Fixed tickets#578#1705

Improved Web server configuration:

  • added multiple domain names
  • added handling ofconfig.php for nginx

All other files will be served as text. If you have other PHP files in
your web directory, be sure to include them in the ``location`` block
above.
This executes **only** ``app.php``, ``app_dev.php`` and ``config.php`` in
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

note that in prod, you should not execute app_dev.php or config.php as they would leak sensitive infoirmation (and not even deploy them)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I agree that it's best practice, but don't they just die because of the ip restriction? How do they leak info?

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

@stof It's a config for both dev & prod environment and I think we should include all required script names in it. It's a minimal configuration that allows developers to start using Symfony.
Also I'd like to mention that existing Apache config allows to useapp_dev.php andconfig.php. It is useful to have these scripts available on production but with limited availability (it is already done in these scripts):

  • Before the first deployment deployment team should check that environment is really ready for the deployment
  • There should be ability to debug on the production in case of any issues that can be reproduced only on prod.

weaverryan added a commit that referenced this pull requestMay 3, 2013
@weaverryanweaverryan merged commit0c28745 intosymfony:2.0May 3, 2013
@weaverryan
Copy link
Member

Hi Max!

I've merged this in - I like your improvements. I did expand on the final note to make sure people are aware of the security implications behind theapp_dev.php andconfig.php files.

Thanks!

@maxromanovsky
Copy link
ContributorAuthor

@weaverryan I appreciate your help! :)

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

4 participants
@maxromanovsky@weaverryan@tvlooy@stof
[8]ページ先頭
©2009-2025 Movatter.jp