When deploying a web application in PHP, one doesn't always want your configuration files with passwords to be committed into the repository.
What is the preferred method of handling this, ie.
saving the details in a DB, and templating the config file
copying the file onto the server (which raises the question of where to save
and version the file being copied in)
setting the environment variables on the server, and having the config file reading from
that.
or any other suggestions.
You can have your config files in a folder out of the public folder and restrict the access to that folder using .htaccess file. Of course this works if you are using Apache as webserver.
Related
I run a Symfony 4 application using the PHP built-in web server on my development environment.
I would like the /tmp folder on my host to be ignored from the Symfony routing process in order to be accessed directly (and so being able to access the files within this directory).
However, when requesting http://localhost:8000/tmp, Symfony tries to match the route /tmp, which obviously does not exist. Instead I would like to get a list of the /tmp folder files.
I guess there is no way to handle that simply using the PHP built-in webserver and I have no other choice than using a full-featured web server, but I just want to be sure that I'm not missing any option that could actually do that just using the built-in web server ?
Do not add your tmp folder in /public directory. If you want to use some temporary data better to hold them in /var directory and access to this folder in your controllers or services by using Finder component
I've inherited an application written using the Yii PHP framework. I've uploaded all the project files to a remote server, but I don't have SSH access or shell-exec permission.
Is it possible to make the application work in these circumstances?
If so, what files do I need to edit and in what way please?
Yes, it should be portable, all you need is just copy all project contents (including dependencies) to the destination folder and make proper configuration for a web-server.
The only one issue here is #app/runtime and #app/web/assets folders -- the should be accessible to write for web-process (the second is only if you are using AssetManager).
You can solve this issue in config, using runtimePath and assetManager['basePath'] parameters.
I am a beginner PHP , I found out that Laravel has .env file to save some configurations and php also have a file format .ini to save config.
I want to ask what is the difference in both, is one is better from another. Should i add dotenv in my core projects also or should i create class/function to access .ini for my config/environment variables.
i want to understand why dotenv is being created as we already had ini file extension system in php?
I think there are too many smartasses with nothing else to do. I will use parse_ini_file() and *.ini files. Everything is the same !
.env allows loading the configuration to the system environment. Straight loading of INI files does not do this unless you roll your own solution using putenv or similar for all the configuration values. Otherwise you could whichever approach you wish.
According to the docs at https://github.com/vlucas/phpdotenv
Why .env?
You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments – such as database credentials or credentials for 3rd party services – should be extracted from the code into environment variables.
Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project - Apache, Nginx, CLI, and even PHP 5.4's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, and you're going to love it.
NO editing virtual hosts in Apache or Nginx
NO adding php_value flags to .htaccess files
EASY portability and sharing of required ENV values
COMPATIBLE with PHP's built-in web server and CLI runner
Additionally, there is some extended functionality with Laravel's .env file. For example, you can reference other variables inside the .env file.
MAIL_USERNAME=admin#server.com
MAIL_FROM_ADDRESS=${MAIL_USERNAME}
I am trying to deploy a Lithium app on Heroku, but Heroku uses a read-only file system for apps. This causes a problem with the app/resources folder. I've tried looking for a setting the lithium config to change the path to this folder, but it appears to be hard coded.
Can anyone recommend how to resolve this issue?
Lithium uses the /resources folder for writing temporary files such as logs, file caches, compiled PHP templates, etc.
The path is configurable through Libraries::add() when the application is initialized. In config/bootstrap/libraries.php, you can replace your application's Libraries::add() call with one like the following: https://github.com/orchestra-io/sample-lithium/blob/master/app/config/bootstrap/orchestra.php#L10
This configuration uses the system's temp directory, and checks for/initializes the subdirectories Lithium will use.
Let's say you have a big web app with large visits, but you don't want your app to crash & you don't want people to see the php or mysql errors that happens during replacing files using FTP, How to avoid that? How to just execute the old version of file until the replacing is done?
Thanks
you can follow at least one of this 2 rules:
to use accelerators (like APC) with turned off mtime checking. so until you clear cache manually - old versions will be used from memory
to use virtualhost symlinked to directory with your project: let's examine you store yout project at /home/project/www. and /home/project/public_html is your real webroot and symlinked to www. so - create /home/project/www2, checkout files there, setup and do whatever you want. after this - just change symlink.
I use git to upload my changes to a staging website on the same server, after testing I then push it to the production website. None of the files are changed until they are all received. On the plus side, it only sends the changes compressed, so I don't even have to send an entire file.
The staging area isn't required. I work with a lot of servers and sometimes some of the specific configurations on that server (mostly just find that an extension isn't installed)/
I'm sure you can do the same with another version control system. You need to be careful though. The tutorial I linked specifically stores the git information OUTSIDE the document root. Otherwise someone can just clone all the source code for your website.
If you like SVN, the .svn being in every directory can be a little annoying. Make sure that people can't download what they shouldn't be able to.
Deploy your app into the temporary directory. Then after you done, just rename the original app directory to app.old and the directory where you deployed your files into app
Note this should work okay in Unix environments. Also this will only work if all of the above directories are on the same file systems. In rare case users might see 404 error if they happen to access the app after your renamed the original app into .old and before you renamed temp dir into the original app directory.