Unverified Commit d9dff1b8 authored by Yassine Doghri's avatar Yassine Doghri
Browse files

feat: set app parameter forceGlobalSecureRequests = true forcing requests to go through https 

docs: update INSTALL.md to include SSL certificate requirement + update install instructions
parent fad06e69

INSTALL.md

+30 −14
Original line number Diff line number Diff line
@@ -6,7 +6,9 @@ or shared hosting, you can install it on most PHP-MySQL compatible web servers. 
## Table of contents <!-- omit in toc -->



- [Install instructions](#install-instructions)

  - [(optional) Manual configuration](#optional-manual-configuration)

  - [0. Pre-requisites](#0-pre-requisites)

  - [1. Install Wizard](#1-install-wizard)

  - [1-alt Manual configuration](#1-alt-manual-configuration)

- [Web Server Requirements](#web-server-requirements)

  - [PHP v7.3 or higher](#php-v73-or-higher)

  - [MySQL compatible database](#mysql-compatible-database)
@@ -16,34 +18,44 @@ or shared hosting, you can install it on most PHP-MySQL compatible web servers. 


## Install instructions



0. Create a MySQL database for Castopod Host with a user having access and

### 0. Pre-requisites



0. Get a Web Server with requirements installed

1. Create a MySQL database for Castopod Host with a user having access and

   modification privileges (for more info, see

   [Web Server Requirements](#web-server-requirements)).

1. Download and unzip the latest

2. Activate HTTPS on your domain with an _SSL certificate_.

3. Download and unzip the latest

   [Castopod Host Package](https://code.podlibre.org/podlibre/castopod-host/-/releases)

   onto the web server if you haven’t already.

   - ⚠️ Set the web server document root to the `public/` sub-folder.

2. For broadcasting social activities to the fediverse, add a cron task on your

   web server to run every minute (replace the paths accordingly):

4. Add a cron task on your web server to run every minute (replace the paths

   accordingly):



   ```php

      * * * * * /path/to/php /path/to/castopod-host/public/index.php scheduled-activities

   ```



3. Run the Castopod Host install script by going to the install wizard page

   (`https://your_domain_name.com/cp-install`) in your favorite web browser.

4. Follow the instructions on your screen.

   > ⚠️ Social features will not work properly if you do not set the task. It is

   > used to broadcast social activities to the fediverse.



All done, start podcasting!

### 1. Install Wizard



### (optional) Manual configuration

1. Run the Castopod Host install script by going to the install wizard page

   (`https://your_domain_name.com/cp-install`) in your favorite web browser.

2. Follow the instructions on your screen.

3. Start podcasting!



Before uploading Castopod Host files to your web server:

### 1-alt Manual configuration



The install script writes a `.env` file in the package root. If you cannot go

through the install wizard, you can create and update the `.env` file yourself:



1. Rename the `.env.example` file to `.env` and update the default values with

   your own.

2. Upload the Castopod Host files with `.env`

2. Upload the `.env` file to the Castopod Host Package root on your server.

3. Go to `/cp-install` to finish the install process.

4. Start podcasting!



## Web Server Requirements
@@ -64,12 +76,16 @@ Additionally, make sure that the following extensions are enabled in your PHP: 


### MySQL compatible database



> We recommend using [MariaDB](https://mariadb.org)

> We recommend using [MariaDB](https://mariadb.org).



You will need the server hostname, database name, username and password to

complete the installation process. If you do not have these, please contact your

server administrator.



> NB. Castopod Host only works with supported MySQL compatible databases. It

> will break with MySQL v5.6 for example as its end of life was on February

> 5, 2021.



#### Privileges



User must have at least these privileges on the database for Castopod Host to
@@ -78,7 +94,7 @@ work: `ALTER`, `DELETE`, `EXECUTE`, `INDEX`, `INSERT`, `SELECT`, `UPDATE`. 
### (Optional) Other recommendations



- Redis for better cache performances.

- CDN for better performances.

- CDN for static files caching and better performances.

- e-mail gateway for lost passwords.



## Security concerns

app/Config/App.php

+1 −1
Original line number Diff line number Diff line
@@ -148,7 +148,7 @@ class App extends BaseConfig 
     *

     * @var boolean

     */

    public $forceGlobalSecureRequests = false;

    public $forceGlobalSecureRequests = true;



    /**

     * --------------------------------------------------------------------------

docs/setup-development.md

+6 −1
Original line number Diff line number Diff line
@@ -25,7 +25,7 @@ to help you kickstart your contribution. 
> Know that you don't need any prior knowledge of Docker to follow the next

> steps. However, if you wish to use your own environment, feel free to do so!



## Prerequisites

## Pre-requisites



0. Install [docker desktop](https://www.docker.com/products/docker-desktop).
@@ -41,6 +41,11 @@ git clone https://code.podlibre.org/podlibre/castopod.git 
```ini

CI_ENVIRONMENT="development"



# By default, this is set to true in the app config.

# For development, this must be set to false as it is

# on a local environment

app.forceGlobalSecureRequests=false



app.baseURL="http://localhost:8080/"

app.mediaBaseURL="http://localhost:8080/"