New with lexik/ symfony / Docker and actually i'm running my first project on AWS. ( i know it's too much for a bigginer).
It's a simple API , that generate a token.
**Stack : **symfony 6.4DockerUbuntu LTS 22.04
in my local ENV, Every thing works good. (token generation is less than one secon 333ms)
when i run my project on AWS , token generation takes more thane 2 seconds.Is it normale ??
i tryed connecting to container on aws and i executed a curl from inside :It also takes 2 seconds.
Authentification Methode is basic : i have one USER stored in database.
this is my security file :
security: enable_authenticator_manager: true # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: #unip_ad_user_provider: #id: App\Security\ADUnip\ADUnipUserProvider app_user_provider: entity: class: App\Entity\User property: username firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/api/v1/login stateless: true json_login: check_path: /api/v1/login success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure unsecure: pattern: ^/api/v1/doc security: false api: pattern: ^/api stateless: true jwt: ~ #main: # lazy: true # provider: users_in_memory # activate different ways to authenticate # https://symfony.com/doc/current/security.html#the-firewall # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/v1/login, roles: PUBLIC_ACCESS } - { path: ^/api/v1/dev-route, roles: PUBLIC_ACCESS } - { path: ^/api/v1/healthCheck, roles: PUBLIC_ACCESS } - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }when@test: security: password_hashers: # By default, password hashers are resource intensive and take time. This is # important to generate secure password hashes. In tests however, secure hashes # are not important, waste resources and increase test times. The following # reduces the work factor to the lowest possible values. Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: algorithm: auto cost: 4 # Lowest possible value for bcrypt time_cost: 3 # Lowest possible value for argon memory_cost: 10 # Lowest possible value for argonthis is my nelmio config:
nelmio_api_doc: documentation: servers: #- url : '%env(HTTP_SERVER_URL)%' # description: API over HTTP - url: '%env(HTTPS_SERVER_URL)%' description: API over HTTPS info: title: API OCCEA/KSL EDITIQUE description: API REST pour les flux OCCEA Editique version: '%env(API_VERSION)%' components: securitySchemes: Bearer: type: http scheme: bearer bearerFormat: JWT security: - Bearer: [] paths: /api/v1/login: post: tags: - Web Services Editique summary: GET JWT TOKEN description: Web service for generating token. operationId: getToken security: [] requestBody: required: true content: application/json: schema: type: object properties: username: type: string password: type: string responses:'200': description: Token response content: application/json: schema: type: object properties: token: type: string description: Token JWT'400': description: Bad request content: application/json: schema: type: object properties: code: type: integer description: status code of response message: type: string description: detail about error areas: # to filter documented areas path_patterns: #- ^/api/v1/(?!/doc|doc.json$) # Accepts routes under /api except /api/doc - ^/api/v1/contractDocuments # Accepts routes under /api except /api/doc # ONLY FOR TESTING = RE7 - ^/api/v1/xmlForKsl # Accepts routes under /api except /api/doc # healthCheck - ^/api/v1/healthCheck # Accepts routes under /api except /api/docEntrypoint.sh:
#!/bin/bash# set -e# Note: we don't just use "apache2ctl" here because it itself is just a shell-script wrapper around apache2 which provides extra functionality like "apache2ctl start" for launching apache2 in the background.# (also, when run as "apache2ctl <apache args>", it does not use "exec", which leaves an undesirable resident shell process): "${APACHE_CONFDIR:=/etc/apache2}": "${APACHE_ENVVARS:=$APACHE_CONFDIR/envvars}"if test -f "$APACHE_ENVVARS"; then . "$APACHE_ENVVARS"fi# Apache gets grumpy about PID files pre-existing: "${APACHE_RUN_DIR:=/var/run/apache2}": "${APACHE_PID_FILE:=$APACHE_RUN_DIR/apache2.pid}"rm -f "$APACHE_PID_FILE"# create missing directories# (especially APACHE_RUN_DIR, APACHE_LOCK_DIR, and APACHE_LOG_DIR)for e in "${!APACHE_@}"; do if [[ "$e" == *_DIR ]] && [[ "${!e}" == /* ]]; then # handle "/var/lock" being a symlink to "/run/lock", but "/run/lock" not existing beforehand, so "/var/lock/something" fails to mkdir # mkdir: cannot create directory '/var/lock': File exists dir="${!e}" while [ "$dir" != "$(dirname "$dir")" ]; do dir="$(dirname "$dir")" if [ -d "$dir" ]; then break fi absDir="$(readlink -f "$dir" 2>/dev/null || :)" if [ -n "$absDir" ]; then mkdir -p "$absDir" fi done mkdir -p "${!e}" fidoneecho "inside entrypoint.sh"php --versionbin/console doctrine:database:create --no-interaction --if-not-exists --connection=defaultbin/console doctrine:migrations:migrate --allow-no-migration --no-interactionphp bin/console cache:clearchown -R www-data:www-data /var/www/varexec apache2 -DFOREGROUND "$@"As i sead before, every thing works fine in my docker locally, issue start when it's on aws (it generates the tokken but it take too much time).
- i edited my .env file to specify postegres version.
- compared dockerfile (local - aws container).
- checked envfiles
Expecting :
fast token generation both in local and PRODUCTION
Problem :
- tokken generation time is too long on production (/api/v1/login) // AWS (taking too much time.. more than 2 seconds).
PS:
- local works fine (time generation = 330ms less than one second)
Feel free to make comments on my english :p