Proxyepn¶
Installation (sources)¶
- http://www.symfony-project.org/get/symfony-1.4.14.tgz
- http://plugins.symfony-project.org/get/sfGuardPlugin/sfGuardPlugin-4.0.2.tgz
- http://plugins.symfony-project.org/get/sfFormExtraPlugin/sfFormExtraPlugin-1.1.3.tgz
- http://plugins.symfony-project.org/get/sfSslRequirementPlugin/sfSslRequirementPlugin-2.0.0.tgz
- http://plugins.symfony-project.org/get/sfFeed2Plugin/sfFeed2Plugin-1.2.5.tgz
- http://plugins.symfony-project.org/get/sfEasyGMapPlugin/sfEasyGMapPlugin-3.1.0.tgz
cd /var/www bzr branch sftp://eric.seigne@redmine.ryxeo.com/home/groupes/developpeurs/abuledu/abuledu-epnadmin/proxyepn-abuledu proxyepn cd proxyepn/plugins wget (les plugins) tar xfvz (les plugins) mv (plugins)-version (plugins) cd ../lib/vendor wget (symfony) tar xfvz (symfony) mv symfony-1.4.14 symfony
Et quelques paquets + modifications apache2/php (qui n'arrivent pas tout seuls avec mysql-server, phpmyadmin)
- php5-xsl
- a2enmod rewrite
MySQL¶
- Création de la base de données
CREATE DATABASE `proxyepn`; GRANT USAGE ON *.* TO `proxyepn`@`localhost` IDENTIFIED BY 'p4ssw0rd'; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER ON `proxyepn`.* TO `proxyepn`@`localhost`; FLUSH PRIVILEGES;
- Création des tables
mysql -p proxyepn --default-character-set=utf8 < data/fixtures/proxyepn.sql mysql -p proxyepn --default-character-set=utf8 < data/fixtures/proxyepn-droits.sql mysql -p proxyepn --default-character-set=utf8 < data/fixtures/proxyepn-listes.sql mysql -p proxyepn --default-character-set=utf8 < data/fixtures/proxyepn-insee.sql
- Donnée de démo (si nécessaire)
mysql -p proxyepn < data/fixtures/proxyepn-samples.sql
- Modifier la configuration config/databases.yml > all / propel / param
- Propagation des modifications
./rebuild.sh
- Création de l'administrateur général
./symfony guard:create-user admin <password> ./symfony guard:promote admin
- Pour modifier le mot de passe administrateur
./symfony guard:change-password admin <password>
Modification des paramètres¶
- apps/frontend/config/app.yml
- apps/frontend/config/factories.yml
- apps/frontend/config/view.yml
- Redirection HTTPS: apps/frontend/config/security.yml
default: require_ssl: false
- Passer en prod web/index.php et web/frontend_dev.php
$configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'dev', false);
Virtualhost¶
- /etc/apache2/aesd.conf.local
Listen 8084
NameVirtualHost *:8084
<VirtualHost *:8084>
ServerName proxyepn.abuledu
DocumentRoot /var/www/proxyepn/web
<Directory /var/www/proxyepn/web>
AllowOverride All
Allow from All
</Directory>
DirectoryIndex index.php
ErrorLog /var/log/aesd/proxyepn-error.log
CustomLog /var/log/aesd/proxyepn-access.log combined
</VirtualHost>
- a adapter pour HTTPS
<VirtualHost *:443>
ServerName proxyepn.your_domain.tld
ServerAlias *.proxyepn.your_domain.tld
DocumentRoot /your/install/path/proxyepn/web
<Directory /your/install/path/proxyepn/web>
AllowOverride All
Allow from All
</Directory>
DirectoryIndex index.php
ErrorLog /your/install/path/proxyepn/log/http_error.log
CustomLog /your/install/path/proxyepn/log/http_access.log combined
CustomLog /your/install/path/proxyepn/log/http_sslrequest.log "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\" %b"
LogLevel warn
SSLEngine on
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLOptions +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3|php4|php5|php)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
Cron¶
- À ajouter /etc/cron.d/proxyepn
# Change status for expired accounts and send notices by email 20 1 * * * /your/install/path/proxyepn/symfony proxyepn:user-expire -n # Anonymisation for older expired accounts (over 1 year) 40 1 * * * /your/install/path/proxyepn/symfony proxyepn:user-anonymise