inanzzz | Deploying Symfony 4 application with Capistrano and handling environmental variables

The best practise of using application secrets in production is to use environmental variables at system level. For example, exporting them in terminal or keeping them in Apache/Nginx configuration. However, if you want to keep them in .env file (not adviced for production but it is OK for development environment) you can follow this example. I am not going to go through setting up whole structure so you can read previous posts if you want to.

Application

Install The Dotenv Component with $ composer require symfony/dotenv command and create files below.

.env

APP_ENV=prod
APP_SECRET=123123

config/services.yaml

This is just for test purposes to see if our application can access to variables or not.


parameters:

services:
    ...

    App\Controller\DefaultController:
        tags: ['controller.service_arguments']
        arguments:
            $env: '%env(APP_ENV)%'
            $secret: '%env(APP_SECRET)%'

Files below are capistrano related.

.gitattributes

/deploy export-ignore
Capfile export-ignore
Gemfile export-ignore
Gemfile.lock export-ignore

Gemfile

source 'https://rubygems.org'

gem 'capistrano', '~> 3.10'
gem 'capistrano-symfony', '~> 1.0.0.rc3'

Capfile

set :deploy_config_path, "deploy/deploy.rb"
set :stage_config_path, "deploy/stages"

require "capistrano/setup"
require "capistrano/deploy"
require "capistrano/symfony"
require "capistrano/scm/git"

install_plugin Capistrano::SCM::Git

# If you use rake files
Dir.glob('deploy/tasks/*.rake').each { |r| import r }

deploy/deploy.rb

# Locked capistrano version.
lock "3.10.2"

# The name of the application.
set :application, "api"

# The path on the remote server where the application will be deployed.
set :deploy_to, "/srv/www/#{fetch(:application)}"
set :tmp_dir, "/tmp/capistrano"

# The application repository.
set :repo_url, "git@github.com:inanzzz/api.git"

# Share files and folders between releases
set :linked_files, [".env"]
set :linked_dirs, ["var/logs"]

# Output styling.
set :format, :airbrussh

# Amount of releases to keep.
set :keep_releases, 5

# Asks branch to deploy.
ask :branch, `git rev-parse --abbrev-ref HEAD`.chomp

deploy/stages/production.rb

# The settings for remote servers to deploy at same time
server "192.168.99.60", user: "deployer", roles: %w{app db web}
server "192.168.99.70", user: "deployer", roles: %w{app db web}

Production servers

You can follow previous posts for details.

Install LEMP packages.

Create the deployer user.

Create application root /srv/www folder.

Let deployer user own root folder.

Deployment server

You can follow previous posts for details.

Install ruby, capistrano and bundler.

Optional: Create a user dedicated for deployment.

Create SSH keys by running $ ssh-keygen -t rsa command.

Integrate with GitHub.

Integrate with production servers by adding the public key to the authorized_keys file of production servers.

Clone repository.

CD into it and run $ bundle install command.

Deploy with $ bundle exec cap production deploy --trace command.