Apache or nginx - You Gotta Get Your Permissions Sorted
One of the most confusing parts that I encountered when initially deploying Symfony apps were the extra permissions commands needed as described here.
Fortunately when following these tutorials, you should not need to go through enabling the Ubuntu ACL. From all my testing on Digital Ocean, I have not needed to complete that process. Though often I would on Virtual Machines, so be aware of it.
We will need to run the setfacl
commands.
If we don't do this then Symfony will complain about permissions problems when trying to create the environment cache directories.
At this stage you most likely do not yet have a web directory created for your project.
For my example, I will be using the path of:
/var/www/crvfakeexample.com
This will be my project's root directory on the web server.
This is also the path we have told our LAMP and LEMP webserver configs to expect to find our files.
From the server, let's start by creating this directory structure, if you haven't already done so:
mkdir /var/www/crvfakeexample.com
Next, let's change the owning user and group from root
to www-data
:
chown www-data:www-data /var/www/crvfakeexample.com
At this point we have our initial directory structure, but Symfony expects a little further from us.
We must make sure that Symfony can write to the var
directory, for purposes like our cache
, sessions
, and logs
directory contents.
Fortunately, Symfony provides us with the commands.
But, before we can use them, we need to do one further thing:
mkdir /var/www/crvfakeexample.com/var
chown www-data:www-data /var/www/crvfakeexample.com/var
The setfacl
commands below expect the var
directory to exist.
With this in place, we can now follow the instructions from the official docs:
HTTPDUSER=$(ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1)
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:$(whoami):rwX var
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:$(whoami):rwX var
This should be as simply as copy / paste.