Configuration
This page explains how to configure PCH-SIG for your environment.
Environment variables
Backend (.env)
File: backend/.env
# Environment
APP_ENV=prod
APP_SECRET=your_unique_secret_32_characters
# Database
DATABASE_URL="postgresql://pch_admin:pch_secure_2025@pch_postgres:5432/pch_sig?serverVersion=15&charset=utf8"
# Redis
REDIS_URL=redis://redis_secure_2025@pch_redis:6379
# JWT
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=your_jwt_passphrase
# Email
MAILER_DSN=smtp://pch_mailpit:1025
# CORS
CORS_ALLOW_ORIGIN='^https?://(localhost|192\.168\.1\.213)(:[0-9]+)?$'
Frontend (.env)
File: frontend/.env
# API URL (relative for production)
REACT_APP_API_URL=/api
# Enable debug mode
REACT_APP_DEBUG=false
Important
Never commit .env files containing secrets in production. Use .env.local.
Backend Configuration
Database
File: backend/config/packages/doctrine.yaml
doctrine:
dbal:
url: '%env(resolve:DATABASE_URL)%'
charset: utf8
orm:
auto_generate_proxy_classes: false
naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
auto_mapping: true
Redis Cache
File: backend/config/packages/cache.yaml
framework:
cache:
app: cache.adapter.redis
default_redis_provider: '%env(REDIS_URL)%'
JWT
File: backend/config/packages/lexik_jwt_authentication.yaml
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
token_ttl: 3600 # 1 hour
# Refresh token
token_extractors:
authorization_header:
enabled: true
prefix: Bearer
CORS
File: backend/config/packages/nelmio_cors.yaml
nelmio_cors:
defaults:
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']
allow_headers: ['Content-Type', 'Authorization']
max_age: 3600
Nginx Configuration
Frontend
File: deploy/nginx-conf/default.conf
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# SPA routing
location / {
try_files $uri $uri/ /index.html;
}
# Proxy API to backend
location /api {
proxy_pass http://pch_nginx_backend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# Cache assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}
Backend
File: deploy/nginx-conf/backend.conf
server {
listen 80;
server_name _;
root /app/public;
index index.php;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass pch_backend:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
internal;
}
location ~ \.php$ {
return 404;
}
}
Menu Configuration
Disable modules
Via interface: Settings > Menu Configuration
Or via API:
{
"menu": {
"menages": true,
"beneficiaires": true,
"cycles": true,
"carte": false,
"kobo": false
}
}
Permissions Configuration
Reference file
File: backend/config/reference.php
return [
'permissions' => [
'registre.menages_view',
'registre.menages_create',
'registre.menages_edit',
'registre.menages_delete',
'registre.menages_validate',
'transferts.cycles_view',
'transferts.cycles_create',
// ...
],
// Roles and their permissions are managed in the database.
// See Settings > Roles in the admin interface.
// Refer to the Roles and Permissions page for the full list.
];
Email Configuration
Production (SMTP)
MAILER_DSN=smtp://user:password@smtp.example.com:587
Development (Mailpit)
MAILER_DSN=smtp://pch_mailpit:1025
Mailpit interface: http://localhost:8025
Logging Configuration
File: backend/config/packages/monolog.yaml
monolog:
handlers:
main:
type: rotating_file
path: '%kernel.logs_dir%/%kernel.environment%.log'
level: info
max_files: 10
console:
type: console
process_psr_3_messages: false
channels: ["!event", "!doctrine"]