Your perfect TYPO3 Distribution

Your perfect TYPO3 Distribution

Presented at TYPO3 Developer Days 2018

6c980f722cf236da20f1bb9e9efeb731?s=128

Helmut Hummel

June 23, 2018
Tweet

Transcript

  1. 4.

    Lightning Talk Your perfect TYPO3 Distribution • Focus • Productivity

    • Reliability • Security • Features • Environment aware • Context aware • Pluggable 4
  2. 5.

    Your perfect TYPO3 Distribution Target Audience • Little bit of

    composer knowledge • Not command line agnostic • Interest in simplifying and automating development workflows 5
  3. 6.

    Your perfect TYPO3 Distribution Disclaimer • Can contain traces of

    • Butterflies • Rainbows • Unicorns • Kittens 6
  4. 9.

    9

  5. 26.
  6. 31.

    Reliability Bundling third party code • Describe your dependencies to

    third party code in a file • Specify a version number for every library • Use a tool to evaluate that, fetches the dependencies and puts them into your bundle • Maybe we could use XML or JSON format for that … • … • Wait, what? • Isn't there a tool for that already? 31
  7. 33.

    Reliability Composer • Resolves dependencies recursively • Fetches the code

    effectively • Puts everything in place • Let's you directly use third party code • Reproduces exact same state on consecutive installs 33
  8. 35.

    35

  9. 37.

    37

  10. 41.

    Reliability PackageStates.php • Used by TYPO3 to track which extensions

    should be "active" • Why would you install code, but mark it as "inactive"? • typo3/cms comes with ALL TYPO3 system extensions • But you never need all system extensions in a project 41
  11. 45.

    45 "require": { "helhum/typo3-console": "^5.4", "typo3/cms": "^8.7", "typo3/cms-rte-ckeditor": "^8.7" },

    "scripts": { "post-autoload-dump": [ "typo3cms install:generatepackagestates" ] }
  12. 52.

    52 "require": { "helhum/typo3-console": "^5.4", "typo3/cms": "^8.7", "typo3/cms-rte-ckeditor": "^8.7" },

    "scripts": { "post-autoload-dump": [ "typo3cms install:generatepackagestates", "typo3cms install:fixfolderstructure", "typo3cms install:extensionsetupifpossible" ] }
  13. 54.

    Reliability Benefits • Less cluttered composer.json • Can be a

    nested requirement • Platform agnostic • (works with Windows) 54
  14. 57.
  15. 58.

    Reliability Recap • Use version control (git) • Use one

    repository for a project • Only commit what you maintain (but commit composer.lock) • Fetch dependencies with Composer • Let TYPO3 Console generate PackageStates.php • Let TYPO3 Console generate folder structure • Let TYPO3 Console set up extensions on "composer install" 58
  16. 68.

    Security TYPO3 Subtree split • Every core extension is available

    as individual composer package • typo3/cms-core, typo3/cms-backend, … • All TYPO3 versions starting from 8.7.9 are available • MANDATORY since TYPO3 9.0 (you cannot require typo3/cms ^9.0) • If you have composer based TYPO3 8.7 projects, use it NOW • No symlinks required any more • Packages are directly installed in typo3/sysext 68
  17. 72.

    Every additional file in your document root increases the attack

    surface and is potentially leaking private information 72
  18. 74.

    74 $ ll total 208 drwxr-xr-x 11 helmut staff 374

    Jun 20 22:10 . drwxr-xr-x 5 helmut staff 170 Jun 20 14:54 .. drwxr-xr-x 15 helmut staff 510 Jun 20 22:10 .git -rw-r--r-- 1 helmut staff 66 Jun 20 22:08 .gitignore -rw-r--r-- 1 helmut staff 227 Jun 20 22:08 composer.json -rw-r--r-- 1 helmut staff 94010 Jun 20 22:08 composer.lock -rw-r--r-- 1 helmut staff 800 Jun 20 22:10 index.php drwxr-xr-x 5 helmut staff 170 Jun 20 22:10 typo3 drwxrwsr-x 3 helmut staff 102 Jun 20 22:10 typo3conf drwxrwsr-x 3 helmut staff 102 Jun 20 22:10 typo3temp drwxr-xr-x 15 helmut staff 510 Jun 20 22:10 vendor
  19. 79.
  20. 80.

    Security Recap • Only install code that you need •

    Don't expose vendor directory • Neither expose composer.lock nor composer.json • Don't expose private resources • Only expose public resources and defined entry points • Your TYPO3 document root should only contain 3 PHP files • index.php, typo3/index.php, typo3/install.php • Public assets (icons, css, js, …) 80
  21. 82.
  22. 86.

    86

  23. 87.

    Context Production • Run code as fast as possible •

    All caches enabled • Log only important events • Don't disclose internals • No debug trace • No display errors • TYPO3_CONTEXT=Production (default for TYPO3) 87
  24. 89.

    89

  25. 90.

    Context Development • Development speed is more important than application

    speed • All caches disabled • Log debug output • Disclose all internals • Complete debug trace • Display all errors • TYPO3_CONTEXT=Development 90
  26. 91.

    Environment / Context Configuration matrix 91 Prod Dev Live cache=true

    db=live x/x Staging cache=true db=staging cache=false db=staging Testing cache=true db=test cache=false db=test Dev cache=true db=dev cache=false db=dev
  27. 97.

    Context How to really switch config from prod to dev?

    • Set TYPO3_CONTEXT env var in web server • Look up install tool password • Log into install tool • Go to "Presets" • Select "Debug" preset • Select "Debug" in the preset • Save • Disable Caches in AdditionalConfiguration.php 97
  28. 98.

    98

  29. 99.

    99

  30. 100.

    100

  31. 104.

    Introducing a more powerful concept • Allow splitting configuration into

    multiple files • Allow pulling in environment variables • Allow alternative configuration formats (not only PHP files) • Allow processing configuration • Clearly distinguish between production and development context 104 Environment / Context
  32. 106.

    helhum/typo3-config-handling • Allows splitting configuration into multiple files • Allows

    pulling in environment variables • Allows alternative configuration file formats (not only PHP files) • Allows processing configuration • Clearly distinguishes between prod and dev config 106 Environment / Context
  33. 107.

    helhum/typo3-config-handling • Integrates seamlessly into TYPO3 via AdditionalConfiguration.php • Integrates

    into composer build process and TYPO3 Console • TYPO3 8.7 only • Planned to be integrated into TYPO3 9 LTS 107 Environment / Context
  34. 108.
  35. 109.

    Importing multiple configuration files 109 imports: - { resource: 'includes/*.yaml',

    type: glob } - { resource: 'local.settings.yaml' } Environment / Context
  36. 118.
  37. 119.

    Your perfect TYPO3 Distribution Features • Secure web root with

    only needed code • Convenient during development • Easy onbording • Pluggable • Future proof 119
  38. 122.

    Your Perfect TYPO3 Distribution References • https://asciinema.org/a/188348 • https://asciinema.org/a/188375 •

    Images • https://9gag.com/ • http://www.royalcanin.in • http://happypasta.wikia.com/ • http://emmayajewel.com/ • https://ittybitty.city/ 122