3

As symfony4 uses dotenv and environment variables for configuration, they are also needed on the server.

to pass the variables it is possible to add the following to the pool config:

example-pool.conf:

env[APP_ENV] = 'prod'

the problem is the following feature:

All $VARIABLEs are taken from the current"environment

as nearly every crypted/hashed password string contains a $, i run into the problem, that the environment variables containing a $ are empty.

php bin/console security:encode-password
...snip...
------------------ ---------------------------------------------------------------
  Key                Value
 ------------------ ---------------------------------------------------------------
  Encoder used       Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder
  Encoded password   $2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.
 ------------------ ---------------------------------------------------------------
...snip...

of course i can use nginx to pass my environment variables to php-fpm

nginx-vhost.conf:

fastcgi_param APP_ENV "prod";

but in this case i would have to refactor my puppet recipe, so i am looking for an alternative way to set this in php-fpm

i tried to single, double quote and escape the $

example-pool.conf:

...snip...
env[PASSWORD1] = $2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.
env[PASSWORD2] = "$2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg."
env[PASSWORD3] = '$2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.'
env[PASSWORD4] = "'$2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.'"
env[PASSWORD5] = '"$2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg."'
env[PASSWORD6] = "\$2y\$12\$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg."
env[PASSWORD7] = '\$2y\$12\$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.'
env[PASSWORD8] = \$2y\$12\$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.
env[PASSWORD9] = $$2y$$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.
env[PASSWORD10] = '$$2y$$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.'
...snip...

leads to the following output in php test.php containing a simple:

output:

  "PASSWORD10" => ""
  "PASSWORD9" => ""
  "PASSWORD8" => "\$2y\$12\$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg."
  "PASSWORD7" => "\$2y\$12\$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg."
  "PASSWORD6" => ""
  "PASSWORD5" => ""$2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.""
  "PASSWORD4" => "'$2y$12$RbCl.SsH6yFDHtTq1Bc1xeK3cdkWbtZEmzyVTnMzlOEuVyC5EySg.'"
  "PASSWORD3" => ""
  "PASSWORD2" => ""
  "PASSWORD1" => ""

tagged this as security related because it leads to use weak (alphanum) plain-text passwords.

related but not the same as

side question, as the php-fpm process is started as the user defined in user, which environment files are loaded? tested .bashrc and .profile as this are the locations where php-cli reads the env variables i would be happy to declare them only in one place and use them from cli and fpm. this question is already indirectly asked here Pass environment variables to the PHP CLI and FPM

thinking about creating a bug report on php, as the workaround to this leads in using dotenv files directly:

Environment variables for PHP applications

c33s
  • 1,465
  • 3
  • 20
  • 39
  • Are you writing those escaped strings into a PHP file, or something else? How are they getting from your keyboard to a running PHP program? – Michael Hampton May 17 '18 at 03:44
  • @MichaelHampton i generate the crypted password with symfonys `php bin/console security:encode-password`, copy and paste the result in my pool.conf, then i restart php-fpm and access the test.php file with a bowser. the file is containing a simple `dump($_ENV); dump($_SERVER)`. there the variables are set but empty as soon as they contain a `$`. – c33s May 17 '18 at 12:14

0 Answers0