Devcontainer improvements (#1333)

.devcontainer/.env.devcontainer

@@ -0,0 +1,183 @@
+# In all environments, the following files are loaded if they exist,
+# the latter taking precedence over the former:
+#
+#  * .env                contains default values for the environment variables needed by the app
+#  * .env.local          uncommitted file with local overrides
+#  * .env.$APP_ENV       committed environment-specific defaults
+#  * .env.$APP_ENV.local uncommitted environment-specific overrides
+#
+# Real environment variables win over .env files.
+#
+# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
+#
+# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
+# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
+
+# Mbin variables
+SERVER_NAME="mbin.domain.tld, 127.0.0.1:80"
+KBIN_DOMAIN=mbin.domain.tld
+KBIN_TITLE=Mbin
+KBIN_DEFAULT_LANG=en
+KBIN_FEDERATION_ENABLED=true
+[email protected]
+[email protected]
+KBIN_JS_ENABLED=true
+KBIN_REGISTRATIONS_ENABLED=true
+KBIN_API_ITEMS_PER_PAGE=25
+KBIN_STORAGE_URL=https://mbin.domain.tld/media
+KBIN_META_TITLE="Mbin"
+KBIN_META_DESCRIPTION="content aggregator, content voting, discussion and micro-blogging platform on the fediverse"
+KBIN_META_KEYWORDS="mbin, content aggregator, open source, fediverse"
+KBIN_HEADER_LOGO=false
+KBIN_FEDERATION_PAGE_ENABLED=true
+MBIN_DEFAULT_THEME=default
+
+# If you are running Mbin behind a reverse proxy, uncomment the line below and adjust the proxy address/range below
+# to your server's IP address if it does not already fall within the private IP spaces specified.
+TRUSTED_PROXIES=::1,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+#TRUSTED_PROXIES=
+
+# Max image filesize (in bytes)
+# This should be set to <= `upload_max_filesize` and `post_max_size` in the server's php.ini file
+MAX_IMAGE_BYTES=6000000
+
+# possible values:
+# 'enabled' => default mode downvotes are enabled
+# 'hidden' => downvotes are counted and users can downvote, but the number is hidden
+# 'disabled' => downvotes are ignored and the downvote button is hidden. They also do not count in the sorting
+MBIN_DOWNVOTES_MODE=enabled
+
+# Captcha (also enable in admin panel/settings)
+KBIN_CAPTCHA_ENABLED=false
+
+###> meteo-concept/hcaptcha-bundle ###
+HCAPTCHA_SITE_KEY=
+HCAPTCHA_SECRET=
+###< meteo-concept/hcaptcha-bundle ###
+
+# Redis
+REDIS_PASSWORD=
+REDIS_DNS=redis://127.0.0.1:6379
+
+# S3 storage (optional)
+S3_KEY=
+S3_SECRET=
+S3_BUCKET=
+S3_REGION=
+S3_ENDPOINT=
+S3_VERSION=
+
+# Only let admins generate oauth clients
+KBIN_ADMIN_ONLY_OAUTH_CLIENTS=false
+
+# oAuth (optional)
+OAUTH_AZURE_ID=
+OAUTH_AZURE_SECRET=
+# If you want people from an enterprise to connect your instance, set the tenant id here.
+# If you want people from anywhere to connect with either their personnal or professionnal microsoft account, use "common"
+OAUTH_AZURE_TENANT=
+OAUTH_FACEBOOK_ID=
+OAUTH_FACEBOOK_SECRET=
+OAUTH_GOOGLE_ID=
+OAUTH_GOOGLE_SECRET=
+OAUTH_DISCORD_ID=
+OAUTH_DISCORD_SECRET=
+OAUTH_GITHUB_ID=
+OAUTH_GITHUB_SECRET=
+OAUTH_KEYCLOAK_ID=
+OAUTH_KEYCLOAK_SECRET=
+OAUTH_KEYCLOAK_URI=
+OAUTH_KEYCLOAK_REALM=
+OAUTH_KEYCLOAK_VERSION=
+OAUTH_SIMPLELOGIN_ID=
+OAUTH_SIMPLELOGIN_SECRET=
+OAUTH_ZITADEL_ID=
+OAUTH_ZITADEL_SECRET=
+OAUTH_ZITADEL_BASE_URL=
+OAUTH_AUTHENTIK_ID=
+OAUTH_AUTHENTIK_SECRET=
+OAUTH_AUTHENTIK_BASE_URL=
+OAUTH_PRIVACYPORTAL_ID=
+OAUTH_PRIVACYPORTAL_SECRET=
+
+# If true, sign ins and sign ups will only be possible through the OAuth providers configured above
+SSO_ONLY_MODE=
+
+# image exif cleaning options
+# available value: none, sanitize, scrub
+# can be set differently for user uploaded and external media
+EXIF_CLEAN_MODE_UPLOADED=sanitize
+EXIF_CLEAN_MODE_EXTERNAL=none
+# path to exiftool binary, leave blank for auto PATH search
+EXIF_EXIFTOOL_PATH=
+# max execution time for exiftool in seconds, defaults to 10 seconds
+EXIF_EXIFTOOL_TIMEOUT=10
+
+###> symfony/framework-bundle ###
+APP_ENV=dev
+APP_SECRET=!CHANGE_SECRET!
+###< symfony/framework-bundle ###
+
+###> doctrine/doctrine-bundle ###
+# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
+POSTGRES_HOST=127.0.0.1:5432
+POSTGRES_DB=postgres
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=
+# IMPORTANT: You MUST configure your PostgreSQL server version!
+POSTGRES_VERSION=13
+DATABASE_URL="postgresql://${POSTGRES_USER}@${POSTGRES_HOST}/${POSTGRES_DB}?serverVersion=${POSTGRES_VERSION}&charset=utf8"
+###< doctrine/doctrine-bundle ###
+
+###> symfony/messenger ###
+# Choose one of the transports below
+RABBITMQ_PASSWORD=guest
+MESSENGER_TRANSPORT_DSN=amqp://guest:${RABBITMQ_PASSWORD}@127.0.0.1:5672/%2f/messages
+#MESSENGER_TRANSPORT_DSN=doctrine://default
+#MESSENGER_TRANSPORT_DSN=redis://${REDIS_PASSWORD}@${REDIS_HOST}/messages
+###< symfony/messenger ###
+
+###> symfony/mailer ###
+# See https://symfony.com/doc/current/mailer.html#using-built-in-transports
+# MAILER_DSN=sendmail://default # Use sendmail when you are using Postfix
+MAILER_DSN=smtp://mailserver # Use a SMTP Docker service called 'mailserver' (see compose.yml)
+# Explicitly url encode any character in username and password
+# %40 = @
+# Gmail:
+# MAILER_DSN=gmail+smtp://user%40domain.com:pass@default
+# Our own SMTP server:
+# MAILER_DSN=smtp://user%40domain.com:[email protected]:port
+###< symfony/mailer ###
+
+###> symfony/mailgun-mailer ###
+# MAILER_DSN=mailgun://KEY:DOMAIN@default?region=us
+# MAILER_DSN=mailgun+smtp://[email protected]:key@default?region=us
+###< symfony/mailgun-mailer ###
+
+###> symfony/mercure-bundle ###
+# See https://symfony.com/doc/current/mercure.html#configuration
+# The URL of the Mercure hub, used by the app to publish updates (can be a local URL)
+# Assuming you are running Mercure Caddy on port 3000
+MERCURE_URL=http://www:80/.well-known/mercure
+# The public URL of the Mercure hub, used by the browser to connect
+MERCURE_PUBLIC_URL=https://${KBIN_DOMAIN}/.well-known/mercure
+# The secret used to sign the JWTs
+MERCURE_JWT_SECRET="!ChangeThisMercureHubJWTSecretKey!"
+###< symfony/mercure-bundle ###
+
+###> nelmio/cors-bundle ###
+CORS_ALLOW_ORIGIN="^https?://(${KBIN_DOMAIN}|127\.0\.0\.1)(:[0-9]+)?$"
+###< nelmio/cors-bundle ###
+
+###> symfony/lock ###
+# Choose one of the stores below
+# postgresql+advisory://db_user:db_password@localhost/db_name
+LOCK_DSN=flock
+###< symfony/lock ###
+
+###> league/oauth2-server-bundle ###
+OAUTH_PRIVATE_KEY=
+OAUTH_PUBLIC_KEY=
+OAUTH_PASSPHRASE=
+OAUTH_ENCRYPTION_KEY=
+###< league/oauth2-server-bundle ###

.devcontainer/apache-vhost.conf

@@ -27,6 +27,62 @@ ServerName 127.0.0.1
     # following line enables the CGI configuration for this host only
     # after it has been globally disabled with "a2disconf".
     #Include conf-available/serve-cgi-bin.conf
+
+    <Directory /var/www/html/public>
+        AllowOverride None
+        Require all granted
+        FallbackResource /index.php
+        DirectoryIndex index.php
+
+        # Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve
+        # to the front controller "/index.php" but be rewritten to "/index.php/index".
+        <IfModule mod_negotiation.c>
+            Options -MultiViews
+        </IfModule>
+
+        <IfModule mod_rewrite.c>
+            RewriteEngine On
+
+            # This RewriteRule is used to dynamically discover the RewriteBase path.
+            # See https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule
+            # Here we will compare the stripped per-dir path *relative to the filesystem
+            # path where the .htaccess file is read from* with the URI of the request.
+            #
+            # If a match is found, the prefix path is stored into an ENV var that is later
+            # used to properly prefix the URI of the front controller index.php.
+            # This is what makes it possible to host a Symfony application under a subpath,
+            # such as example.com/subpath
+
+            # The convoluted rewrite condition means:
+            #   1. Match all current URI in the RewriteRule and backreference it using $0
+            #   2. Strip the request uri the per-dir path and use ir as REQUEST_URI.
+            #      This is documented in https://bit.ly/3zDm3SI ("What is matched?")
+            #   3. Evaluate the RewriteCond, assuming your DocumentRoot is /var/www/html,
+            #      this .htaccess is in the /var/www/html/public dir and your request URI
+            #      is /public/hello/world:
+            #      * strip per-dir prefix: /var/www/html/public/hello/world -> hello/world
+            #      * applying pattern '.*' to uri 'hello/world'
+            #      * RewriteCond: input='/public/hello/world::hello/world' pattern='^(/.+)/(.*)::\\2$' => matched
+            #   4. Execute the RewriteRule:
+            #      * The %1 in the RewriteRule flag E=BASE:%1 refers to the first group captured in the RewriteCond ^(/.+)/(.*)
+            #      * setting env variable 'BASE' to '/public'
+            RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
+            RewriteRule .* - [E=BASE:%1]
+
+            # Sets the HTTP_AUTHORIZATION header removed by Apache
+            RewriteCond %{HTTP:Authorization} .+
+            RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
+
+            # Removes the /index.php/ part from a URL, if present
+            RewriteCond %{ENV:REDIRECT_STATUS} ^$
+            RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+            # If the requested filename exists, simply serve it.
+            # Otherwise rewrite all other queries to the front controller.
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteRule ^ %{ENV:BASE}/index.php [L]
+        </IfModule>
+    </Directory>
 </VirtualHost>
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

.devcontainer/devcontainer.json

@@ -64,8 +64,8 @@
     "postCreateCommand": {
         "webdir": "sudo chmod a+x \"$(pwd)\" && sudo rm -rf /var/www/html && sudo ln -s \"$(pwd)\" /var/www/html",
         "deps": "if [ -f composer.json ]; then composer install; fi",
-        "config": "cp .devcontainer/.env .env",
-        "apache": "sudo sed -i 's/Listen 80$//' /etc/apache2/ports.conf && sudo cp .devcontainer/apache-vhost.conf /etc/apache2/sites-enabled/000-default.conf",
+        "config": "cp .devcontainer/.env.devcontainer .env",
+        "apache": "sudo sed -i 's/Listen 80$//' /etc/apache2/ports.conf && sudo cp .devcontainer/apache-vhost.conf /etc/apache2/sites-enabled/000-default.conf && sudo a2enmod rewrite",
         "symfony": "wget https://get.symfony.com/cli/installer -O - | bash && sudo mv ~/.symfony5/bin/symfony /usr/local/bin/symfony"
     }