GymFlow’s Symfony backend reads runtime configuration from environment variables. The committedDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Lokhy87/gymApp/llms.txt
Use this file to discover all available pages before exploring further.
backend/.env.dev file only contains APP_SECRET. Variables like DATABASE_URL and JWT_PASSPHRASE must be provided via a backend/.env.local file (gitignored) or injected through the container environment at runtime. The table below documents all variables the application requires.
For a production deployment, create a
backend/.env.local file and set each variable there. This file is gitignored by Symfony by default and will not be committed to the repository.Backend environment variables
Application
| Variable | Default (.env.dev) | Description |
|---|---|---|
APP_ENV | dev | Symfony environment. Set to prod for production deployments. |
APP_SECRET | 44119a0f3ac3f66c42e542c4576e2344 | A cryptographic secret used to sign cookies and CSRF tokens. Must be a long, random string. |
Database
| Variable | Required value | Description |
|---|---|---|
DATABASE_URL | mysql://root:root@gymflow-db-server:3306/gymflow?serverVersion=10.11.16-MariaDB&charset=utf8mb4 | Doctrine DBAL connection string. The hostname gymflow-db-server is the Docker Compose service name resolved inside gymflow_network. Must be set in .env.local — not present in .env.dev. |
DATABASE_URL format for MariaDB follows the Doctrine DSN convention:
serverVersion query parameter must match the MariaDB version defined in docker-compose.yml (mariadb:10.11). Doctrine uses it to generate version-appropriate SQL.
JWT authentication
GymFlow useslexik/jwt-authentication-bundle to issue and validate JSON Web Tokens. The bundle reads an RSA key pair from backend/config/jwt/:
| Variable | Description |
|---|---|
JWT_PASSPHRASE | Passphrase used to encrypt the RSA private key at config/jwt/private.pem. Required at runtime to sign new tokens. Must be set in .env.local — not present in .env.dev. |
config/packages/lexik_jwt_authentication.yaml. The key files are referenced by path inside the container and are not stored as environment variables.
To generate a fresh RSA key pair, run the following inside the PHP container:
Mailer
| Variable | Development default | Description | |---|---| |MAILER_DSN | null://null | Symfony Mailer transport DSN. The null://null value discards all outgoing mail silently, which is suitable for development. Replace with an SMTP DSN for transactional email in production (e.g., smtp://user:pass@smtp.example.com:587). |
CORS
CORS is managed bynelmio/cors-bundle. The configuration is defined in config/packages/nelmio_cors.yaml and is not controlled by environment variables. The current settings are:
^/api/routes: allow origin*, methodsGET POST PUT DELETE OPTIONS, headersContent-Type Authorization X-Requested-With,max_age3600.^/routes: allow origin matching^http://localhost:[0-9]+(any localhost port), same methods and headers.
config/packages/nelmio_cors.yaml and set allow_origin to the exact list of permitted origins.
Frontend environment
The Angular frontend reads its API base URL fromfrontend/src/environments/:
| File | production | apiUrl |
|---|---|---|
environment.ts | false | http://localhost:8050/api |
environment.prod.ts | true | /api |
ng serve), the frontend calls the API at http://localhost:8050/api, which maps to the gymflow_php_server container on port 8050. In a production build, apiUrl resolves to /api and relies on the web server or reverse proxy to route /api requests to the Symfony backend.
Related pages
Docker Compose setup
Container definitions, port mappings, and the gymflow_network configuration.
Database setup
Run migrations and load reference data into the MariaDB container.
Authentication
How GymFlow issues and validates JWT tokens for all API requests.
Quickstart
End-to-end walkthrough from clone to logging your first workout.