From 545e9f23c7f14e1f017f1d43bb1b18af00fa1e93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Vernet?= <vernet.loic@gmail.com>
Date: Sat, 30 Nov 2024 23:04:07 +0100
Subject: [PATCH] feat: add vhosts and letsencrypt Apache2 samples (#125)

---
 Makefile                                   | 13 ++++--
 castor.php                                 | 14 +++++-
 config/apache/microsymfony.ovh-le-ssl.conf | 53 ++++++++++++++++++++++
 config/apache/microsymfony.ovh.conf        |  9 ++++
 4 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 config/apache/microsymfony.ovh-le-ssl.conf
 create mode 100644 config/apache/microsymfony.ovh.conf

diff --git a/Makefile b/Makefile
index 82acfa1..5ba79ec 100644
--- a/Makefile
+++ b/Makefile
@@ -1,14 +1,18 @@
 SHELL = sh
 .DEFAULT_GOAL = help
 
+# change your prod domain here
+DOMAIN = microsymfony.ovh
+
+# modify the code coverage threshold here
+COVERAGE_THRESHOLD = 100
+
 ## —— 🎶 The MicroSymfony Makefile 🎶 ——————————————————————————————————————————
 help: ## Outputs this help screen
 	@grep -E '(^[a-zA-Z0-9_-]+:.*?##.*$$)|(^##)' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}{printf "\033[32m%-30s\033[0m %s\n", $$1, $$2}' | sed -e 's/\[32m##/[33m/'
 .PHONY: help start stop go-prod go-dev purge test coverage cov-report stan fix-php lint-php lint-container lint-twig lint-yaml fix lint ci deploy
-.PHONY: version-php version-composer version-symfony version-phpunit version-phpstan version-php-cs-fixer check-requirements
+.PHONY: version-php version-composer version-symfony version-phpunit version-phpstan version-php-cs-fixer check-requirements le-renew
 
-# You can modify the code coverage threshold here
-COVERAGE_THRESHOLD = 100
 
 ## —— Symfony binary 💻 ————————————————————————————————————————————————————————
 start: ## Serve the application with the Symfony binary
@@ -118,3 +122,6 @@ deploy: ## Simple manual deploy on a VPS (this is to update the demo site https:
 	@cp .env.local.dist .env.local
 	@composer dump-env prod
 	@bin/console asset-map:compile
+
+le-renew: ## Renew Let's Encrypt HTTPS certificates
+	@certbot --apache -d $(DOMAIN) -d www.$(DOMAIN)
diff --git a/castor.php b/castor.php
index fb7bc5d..c9fa812 100644
--- a/castor.php
+++ b/castor.php
@@ -15,7 +15,10 @@
 
 // use function Castor\parallel;
 
-// You can modify the coverage threshold here
+// Change your prod domain here
+const DOMAIN = 'microsymfony.ovh';
+
+// Modify the coverage threshold here
 const COVERAGE_THRESHOLD = 100;
 
 function title(string $name): void
@@ -289,3 +292,12 @@ function check_requirements(): int
 
     return success($ec);
 }
+
+#[AsTask(name: 'le-renew', namespace: 'prod', description: "Renew Let's Encrypt HTTPS certificates", aliases: ['le-renew'])]
+function le_renew(): int
+{
+    $ec = exit_code(sprintf('certbot --apache -d %s -d www.%s', DOMAIN, DOMAIN));
+    io()->newLine();
+
+    return success($ec);
+}
diff --git a/config/apache/microsymfony.ovh-le-ssl.conf b/config/apache/microsymfony.ovh-le-ssl.conf
new file mode 100644
index 0000000..a0c4b08
--- /dev/null
+++ b/config/apache/microsymfony.ovh-le-ssl.conf
@@ -0,0 +1,53 @@
+# https://microsymfony.ovh
+# @see https://symfony.com/doc/current/setup/web_server_configuration.html#apache
+# test this config with: "apache2ctl configtest"
+<IfModule mod_ssl.c>
+  <VirtualHost *:443>
+      ServerName microsymfony.ovh
+      ServerAlias www.microsymfony.ovh
+      DirectoryIndex index.php
+
+      # Uncomment this section if you use PHP-FPM and adapt the PHP version.
+      #<FilesMatch \.php$>
+        # when using PHP-FPM as a unix socket
+        #SetHandler proxy:unix:/var/run/php/php8.4-fpm.sock|fcgi://dummy
+
+        # when PHP-FPM is configured to use TCP
+        # SetHandler proxy:fcgi://127.0.0.1:9000
+      #</FilesMatch>
+
+      # The public directory should be the only entry point to your application
+      DocumentRoot /var/www/microsymfony.ovh/public
+      <Directory /var/www/microsymfony.ovh/public>
+          AllowOverride All
+          Require all granted
+          FallbackResource /index.php
+      </Directory>
+
+      # Uncomment the following lines if you install assets as symlinks
+      # or run into problems when compiling LESS/Sass/CoffeeScript assets
+      # <Directory /var/www/microsymfony.ovh>
+      #     Options FollowSymlinks
+      # </Directory>
+
+      ErrorLog /var/log/apache2/microsymfony_ovh_error.log
+      CustomLog /var/log/apache2/microsymfony_ovh_access.log combined
+
+      # Redirect www to . (optional)
+      RewriteEngine on
+      RewriteCond %{SERVER_NAME} =www.microsymfony.ovh
+      RewriteRule ^ https://microsymfony.ovh [END,NE,R=permanent]
+
+      # Letsencrypt for both www and non www domains to avoid a certificate error.
+      #
+      # Renew LE certificates with:
+      #  > certbot --apache -d  microsymfony.ovh -d www.microsymfony.ovh
+      #
+      # or run:
+      #  > make le-renew
+      #
+      Include /etc/letsencrypt/options-ssl-apache.conf
+      SSLCertificateFile /etc/letsencrypt/live/microsymfony.ovh/fullchain.pem
+      SSLCertificateKeyFile /etc/letsencrypt/live/microsymfony.ovh/privkey.pem
+  </VirtualHost>
+</IfModule>
diff --git a/config/apache/microsymfony.ovh.conf b/config/apache/microsymfony.ovh.conf
new file mode 100644
index 0000000..9c282b3
--- /dev/null
+++ b/config/apache/microsymfony.ovh.conf
@@ -0,0 +1,9 @@
+# HTTP to HTTPS redirections
+<VirtualHost *:80>
+    ServerName microsymfony.ovh
+    ServerAlias www.microsymfony.ovh
+    RewriteEngine on
+    RewriteCond %{SERVER_NAME} =microsymfony.ovh [OR]
+    RewriteCond %{SERVER_NAME} =www.microsymfony.ovh
+    RewriteRule ^ https://microsymfony.ovh [END,NE,R=permanent]
+</VirtualHost>