Liipimaginebundle: defne public route

Created on 31 May 2016  路  8Comments  路  Source: liip/LiipImagineBundle

i have this situation - http://stackoverflow.com/questions/37544167/liipimaginebundle-https-behind-varnish

HTTPS -> NGINX -> VARNISH -> APACHE2 -> SYMFONY

so need have https:// in public routes but cannot add schemat to routing.

Most helpful comment

You can easily force a specific schema using the native Symfony firewall configuration options. For example, if you assets are cached at "/your/custom/base/path" and that is all you want to have forced to HTTPS, use the following within your config.yml:

security:
    access_control:
        - { path: ^/your/custom/base/path, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

Similarly, to also force the liip_imagine routes to HTTPS, use:

security:
    access_control:
        - { path: ^/media/cache/resolve, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

IMHO, this should not be a concern of this bundle given the native support in the full stack Symfony framework.

All 8 comments

I have a similar situation

Hi, your question seems to have been removed from Stack Overflow.

Is there any reason that the scheme cannot be defined in routing, or via a custom event handler within Symfony?

You can easily force a specific schema using the native Symfony firewall configuration options. For example, if you assets are cached at "/your/custom/base/path" and that is all you want to have forced to HTTPS, use the following within your config.yml:

security:
    access_control:
        - { path: ^/your/custom/base/path, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

Similarly, to also force the liip_imagine routes to HTTPS, use:

security:
    access_control:
        - { path: ^/media/cache/resolve, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

IMHO, this should not be a concern of this bundle given the native support in the full stack Symfony framework.

@grekpg / @rispo-service

Did the above solve your issue?

Only works on an online prod server not locally (no ssl)
How to manage the https only in prod?

Symfony has support for environments natively, you could import one set of configuration for development and another for production environments. This works quite well even in containerised environments: https://symfony.com/doc/current/configuration.html#environments-the-other-config-files

I've struggled with separating https routes for dev and prod as well. My approach is to keep dev/prod parity with a local letsencrypt certificate through acme.sh and the dns challenge.

Every development machine has a subdomain projekt-name.$machine.companydomain.net - that way it's easy for us to have automated tls certificates through letsencrypt for our development environments. Keeps away a whole category of errors and wtfs. ;)

@grekpg Seems like this is no longer an issue? Since it's old with no activity, please open a new issue and reference this one if it's still a problem for you, thanks :)

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Aerendir picture Aerendir  路  3Comments

stephanvierkant picture stephanvierkant  路  6Comments

danaki picture danaki  路  6Comments

bbeaulant picture bbeaulant  路  5Comments

TELLO0815 picture TELLO0815  路  4Comments