Sur le serveur prod, l'utilisateur 'bot' (cree par Ansible) a UID 1001
alors que l'utilisateur 'appuser' du conteneur PHP etait hardcode a UID 1000,
ce qui causait des erreurs 'Unable to write in var/cache/prod' apres restore
ou deploiement: les fichiers du host appartenaient a bot:bot (1001) et
appuser (1000) ne pouvait pas y ecrire.
docker/php/prod/Dockerfile:
- appuser UID/GID passe de 1000 a 1001 pour matcher bot
- dev/Dockerfile reste a 1000 (les users dev sont generalement 1000)
ansible/deploy.yml:
- chown des dossiers public/uploads/* et var/payouts passe de 1000 a 1001
restore.sh:
- Nouvelle option --owner USER:GRP (defaut: bot:bot, override via RESTORE_OWNER)
- Chown automatique en fin de restore sur var/, public/uploads/, config/cert/, .env.local
- Purge automatique de var/cache (sera reconstruit par PHP)
- Verification root au demarrage (sudo requis pour chown)
- Verification de l'existence du user et group cibles
- Option --skip-chown pour bypass (deconseille)
- Etapes post-migration mises a jour (ajout de make build_prod en premier)
Procedure de migration sur le serveur apres ce commit:
cd /var/www/e-ticket
git pull origin master
make build_prod # rebuild image PHP avec UID 1001
make stop_prod
sudo chown -R bot:bot var public/uploads config/cert .env.local
sudo rm -rf var/cache
make start_prod
make clear_prod
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents stale Doctrine L2 cache and app cache from causing issues
after schema changes. Clears both filesystem cache and Redis pool.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New SECRET_ANALYTICS variable replaces kernel.secret for analytics
- Ansible generates a random 32-char secret at each deploy
- Endpoint token and encryption key change with every deployment
- Existing sessions will get new visitor_id after deploy (expected)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The /admin/infra page was slow because Docker stats API blocks per container.
Now a cron (every 5min) generates var/infra.json via app:infra:snapshot,
and the page reads the static JSON file instantly.
Mount Docker socket in cron container for snapshot access.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The PHP container user needs the docker group to read the socket.
Uses DOCKER_GID env var in dev (defaults to 989) and dynamic GID
detection via Ansible stat in prod.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove Start/Wait/Translate LibreTranslate tasks from deploy.yml
- Add SESSION_HANDLER_DSN with Redis in env.local.j2 for prod sessions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Ansible: healthcheck via PHP container (curl from php, not libretranslate)
- Ansible: exit 0 if LibreTranslate not ready (don't block deploy)
- Ansible: ignore_errors on translation step (non-blocking)
- AccountControllerTest: add testEventQrCode (PNG response) and testEventQrCodeDeniedForOtherUser (403)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TranslateCommand: increase waitForApi retries from 30 to 90 (3 minutes total)
- Ansible deploy: add explicit healthcheck wait step (60×5s = 5min max) before translation
- First launch downloads ~2-4GB of language models, needs more time
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add favicon.png link and apple-touch-icon in base.html.twig
- Add theme-color meta tag (#fabf04)
- Add pwa_dev and pwa_prod Makefile commands
- Add PWA asset generation step in Ansible playbook after cache clear
- Update Caddy static paths for favicon.png, marker.png, manifest.json, sw.js
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Store smime_private_key in encrypted vault
- Add playbook tasks: create cert directory + deploy private key with 0600 permissions
- Certificate public already in git at config/cert/certificate.pem
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- composer install, bun install, bun run build now run inside php container
- Reorder: start containers first, then install dependencies via docker exec
- All php bin/console and dependency commands go through Docker
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create pgbouncer.ini.j2 with auth_type plain (no MD5 hash needed)
- Create userlist.txt.j2 with vault db_password
- Add Ansible tasks to deploy both files before docker-compose
- Mount pgbouncer files as read-only in compose template
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove entire Cloudflare configuration play (DNS, SSL, HSTS, bot management)
- Replace make install_prod with direct git pull, composer install, bun install, bun run build
- Add Docker image pull step before container restart
- Keep server deployment: env, containers, migrations, cache, uploads, Caddy, Supervisor
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add public organizers list page (/organisateurs) with neo-brutalist card grid, social icons, and logo display
- Add organizer detail page (/organisateur/{id}-{slug}) with company info, SIRET, email, address, social links, and events placeholder
- Add slug-based URLs with 301 redirect on wrong slug, getSlug() method on User entity
- Add "Voir les evenements" button on organizer cards linking to detail page
- Add JSON-LD BreadcrumbList to all 17 pages that were missing breadcrumbs (login, forgot_password, register_success, email_verified, legal/*, attestation/*, account/*)
- Add Open Graph meta tags (og:title, og:description, og:image, og:type, og:locale, og:site_name) in base.html.twig with automatic inheritance from title/description blocks
- Add og:image with organizer logo on detail page
- Update sitemap: add /organisateurs to sitemap-main, generate organizer detail URLs in sitemap-orgas with logo images
- Update navbar to highlight "Organisateurs" on detail pages
- Redesign homepage with hero section, marquee, stats counters, how-it-works, and CTA sections
- Add Tailwind v4 @source "../templates" directive to app.scss and admin.scss
- Migrate Flysystem from S3 to local storage (uploads/events, uploads/logos)
- Update Liip Imagine config with FormatExtensionResolver for webp conversion
- Add User entity social fields (website, facebook, instagram, twitter, tiktok), logo upload (Vich), __serialize/__unserialize for session safety
- Add account page settings tab with profile, logo upload, and social media for organizers
- Add Stripe Connect status display and sub-account management in account page
- Delete WebpExtensionSubscriber (replaced by FormatExtensionResolver)
- Add migration for social fields and logo columns
- Add deploy.yml chmod tasks for uploads directories
- Add HomeController tests (detail success, wrong slug redirect, 404 cases)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fuse deploy-caddy.yml and cloudflare.yml into deploy.yml
- Add env.local.j2 template for production secrets
- Vault: add all production secrets
- Workflow: single deploy.yml playbook
- MailerService: rewrite with S/MIME signing, email tracking, unsubscribe
- ngrok-sync: run as root for .env.local write access
- Fix domain references to ticket.e-cosplay.fr
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
