Update composer versions. Remove default SSL cert and DH param genera…

…tion for Vagrant.

composer.json

@@ -66,7 +66,7 @@
         "symfony-cmf/routing":         "1.3.*",
         "twig/twig":                   "1.*",
         "twig/extensions":             "1.*",
-        "guzzlehttp/guzzle":           "~5.0",
+        "guzzlehttp/guzzle":           "~5.3",
         "swiftmailer/swiftmailer":     "5.*",
         "erusev/parsedown":            "~1.6.0",
         "solarium/solarium":           "3.*",
@@ -76,7 +76,7 @@
         "guzzlehttp/cache-subscriber": "0.1.*",
         "asm89/twig-cache-extension":  "~1.0",
         "wikimedia/composer-merge-plugin": "~1.0",
-        "monolog/monolog":"~1.17",
+        "monolog/monolog":"~1.22.0",
         "ambroisemaupate/intervention-request":"~0.1.7",
         "intervention/image": "~2.3.2",
         "erusev/parsedown-extra": "~0.7.1",

samples/vagrant-php7-provisioning.sh

@@ -103,14 +103,19 @@ sudo cp /var/www/samples/vagrant/nginx-conf.conf /etc/nginx/nginx.conf;
 sudo cp /var/www/samples/vagrant/nginx-vhost.conf /etc/nginx/sites-available/default;
 sudo cp /var/www/samples/vagrant/roadiz-nginx-include.conf /etc/nginx/snippets/roadiz.conf;
 
-echo -e "\n--- Generating a unique Diffie-Hellman Group ---\n"
-sudo openssl dhparam -out /etc/nginx/certs/default.dhparam.pem 2048 > /dev/null 2>&1;
-
-echo -e "\n--- Generating a self-signed SSL certificate ---\n"
-sudo openssl req -new -newkey rsa:2048 -days 365 -nodes \
-            -x509 -subj "/C=FR/ST=Rhonealpes/L=Lyon/O=ACME/CN=localhost" \
-            -keyout /etc/nginx/certs/default.key \
-            -out /etc/nginx/certs/default.crt > /dev/null 2>&1;
+#
+# Do not generate default DH param and certificate
+# to speed up Vagrant provisioning
+#
+
+#echo -e "\n--- Generating a unique Diffie-Hellman Group ---\n"
+#sudo openssl dhparam -out /etc/nginx/certs/default.dhparam.pem 2048 > /dev/null 2>&1;
+#
+#echo -e "\n--- Generating a self-signed SSL certificate ---\n"
+#sudo openssl req -new -newkey rsa:2048 -days 365 -nodes \
+#            -x509 -subj "/C=FR/ST=Rhonealpes/L=Lyon/O=ACME/CN=localhost" \
+#            -keyout /etc/nginx/certs/default.key \
+#            -out /etc/nginx/certs/default.crt > /dev/null 2>&1;
 
 echo -e "\n--- Configure PHP-FPM default pool ---\n"
 sudo rm /etc/php/7.0/fpm/pool.d/www.conf;

samples/vagrant/nginx-conf.conf

@@ -36,6 +36,17 @@ http {
 
     keepalive_timeout  65;
 
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
+
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 5m;
+    ssl_session_cache shared:SSL:50m;
+
     include /etc/nginx/conf.d/*.conf;
     include /etc/nginx/sites-available/*;
 }

samples/vagrant/nginx-vhost.conf

@@ -3,54 +3,6 @@ server {
     root /var/www;
     index index.php index.html index.htm;
     server_name _;
-    add_header X-Frame-Options "SAMEORIGIN";
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Content-Type-Options "nosniff";
-
-    include /etc/nginx/snippets/roadiz.conf;
-
-    location /phpmyadmin {
-        root /usr/share/;
-        index index.php index.html index.htm;
-        location ~ ^/phpmyadmin/(.+\.php)$ {
-            client_max_body_size 4M;
-            client_body_buffer_size 128k;
-            try_files $uri =404;
-            root /usr/share/;
-            # Point it to the fpm socket;
-            fastcgi_pass unix:/var/run/php7.0-fpm.sock;
-            fastcgi_index index.php;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            include /etc/nginx/fastcgi_params;
-        }
-        location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)) {
-            root /usr/share/;
-        }
-    }
-    location /phpMyAdmin {
-          rewrite ^/* /phpmyadmin last;
-    }
-}
-server {
-    listen 443 ssl http2;
-    root /var/www;
-    index index.php index.html index.htm;
-    server_name _;
-    add_header X-Frame-Options "SAMEORIGIN";
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Content-Type-Options "nosniff";
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
-
-    ssl_prefer_server_ciphers on;
-    ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
-    add_header Strict-Transport-Security "max-age=31536000";
-
-    ssl_certificate /etc/nginx/certs/default.crt;
-    ssl_certificate_key /etc/nginx/certs/default.key;
-    ssl_dhparam /etc/nginx/certs/default.dhparam.pem;
 
     include /etc/nginx/snippets/roadiz.conf;
 
@@ -76,3 +28,39 @@ server {
           rewrite ^/* /phpmyadmin last;
     }
 }
+#server {
+#    listen 443 ssl http2;
+#    root /var/www;
+#    index index.php index.html index.htm;
+#    server_name _;
+#
+#    add_header Strict-Transport-Security "max-age=31536000";
+#
+#    ssl_certificate /etc/nginx/certs/default.crt;
+#    ssl_certificate_key /etc/nginx/certs/default.key;
+#    ssl_dhparam /etc/nginx/certs/default.dhparam.pem;
+#
+#    include /etc/nginx/snippets/roadiz.conf;
+#
+#    location /phpmyadmin {
+#        root /usr/share/;
+#        index index.php index.html index.htm;
+#        location ~ ^/phpmyadmin/(.+\.php)$ {
+#            client_max_body_size 4M;
+#            client_body_buffer_size 128k;
+#            try_files $uri =404;
+#            root /usr/share/;
+#            # Point it to the fpm socket;
+#            fastcgi_pass unix:/var/run/php7.0-fpm.sock;
+#            fastcgi_index index.php;
+#            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+#            include /etc/nginx/fastcgi_params;
+#        }
+#        location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)) {
+#            root /usr/share/;
+#        }
+#    }
+#    location /phpMyAdmin {
+#          rewrite ^/* /phpmyadmin last;
+#    }
+#}