PHP Composer description
PHP Composer description
PHP Composer description
To switch to PHP Composer:
- In the Main menu choose Domains.
- Select the necessary site and click on the context menu button “…”.
- In the form that opens choose PHP Composer installed packages:
In the Installed PHP packages form that opens, the following actions are available:
- Update – to call the command PHP Composer Install;
- Configuration file – opens composer.json file for editing;
- Shell client – navigates to the Shell client for the selected site;
- Delete – deletes the selected dependency. If the dependency being removed is necessary for other dependencies, an error will occur.
Also on this form the installed dependencies are listed with their name, version and description.
Update
Calls the command PHP Composer install.
Installs PHP dependencies described in the composer.json file located in the root directory of the site.
Configuration file
A project using PHP Composer contains a composer.json configuration file, which is used to install dependencies. The composer.json file is the main PHP Composer configuration file. It contains a list of dependencies, repository settings, and more.
An example of composer.json:
{
"require": {
"monolog/monolog": ">=1.0.2 <2.1.2"
},
"description": "This example",
"keywords": ["testing", "example"],
"type": "project",
"version": "1.0.0",
"homepage": "https://example.com",
"readme": "readme.md",
"license": "MIT",
"authors": [{
"name": "User",
"email": "user@example.com",
"homepage": "https://www.example.com",
"role": "Developer"
}],
"support": {
"email": "support@example.org"
}
}
Description of the composer.json example:
- require – JSON with names and versions of repositories to install. The main field;
- authors – JSON describing the authors of the project, where:
- email – the author's email address;
- homepage – the author’s home page;
- name – the author’s name;
- role – role in the project;
- description – project description;
- homepage – project home page;
- keywords – key words for searching project in the repository;
- license – project license type;
- readme – the path to readme file;
- support – technical support email address;
- type – type, may be library, project, metapackage, composer-plugin.
- version – project version.
Shell client
The Shell client allows you to execute additional PHP Composer commands and other commands in the terminal. shellinaboxd is launched with the rights of the site owner. When opening the terminal, the following actions are performed:
- navigating to the home directory of the site;
- adding the path to the php executable file to the PATH variable, according to the version for the selected site.
Delete
Deletes the selected dependencies.
Service files and directories
While PHP Composer is running, the following service files and directories are created in the home directory of the site:
- composer.phar - PHP Composer executable file.
- composer.json - a file in JSON format that describes all the third-party packages on which the project depends.
- composer.lock - the file to which the current list of installed dependencies and their versions are saved.
- vendor - the directory in which dependencies are installed.
- .cache - the directory where the cache of downloaded repositories is stored.
- .config - the directory where configuration settings and public keys are stored.
Directories are defended by Deny from all rule in .htaccess. The composer.phar executable file only works on the console version of PHP.
Backup
When performing a site backup, the value of the phpcomposer field is stored in the metadata, the libraries are stored in the site files.
If it is not possible to enable PHP Composer, when restoring, a corresponding entry will be added to the recovery log.
Service data protection
In order to prevent service files and directories from being accessed through the browser, when PHP Composer is enabled, attachments of configuration files for Nginx, Apache and OpenLiteSpeed are added to the configuration files of sites, depending on what is installed on the server. If Nginx + Apache is installed, attachments will be added for both of them.
The list of protected files and directories:
- composer.phar
- composer.json
- composer.lock
- vendor
- .cache
- .config
- .local
If any dependencies have been installed, then after disabling PHP Composer, the site still has the added attachments. This is necessary so that the files do not become available after disconnecting. Attachments remain if the vendor directory and the composer.json file are present in the root directory.
Nginx
The path to the configuration file:
/etc/nginx/modules-includes/phpcomposer/phpcomposer.conf
The configuration file:
location ~* ^(/composer\.(json|lock|phar)$)|(/(vendor|.config|.cache|.local)/) { deny all;}
Apache
The path to the configuration file in Debian systems:
/etc/apache2/modules-includes/phpcomposer/phpcomposer.conf
The path to the configuration file in RedHat systems:
/etc/httpd/modules-includes/phpcomposer/phpcomposer.conf
The configuration file:
<LocationMatch "^(/composer\.(json|lock|phar)$)|(/(vendor|.config|.cache|.local))"> <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require all denied </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All </IfModule></LocationMatch>
OpenLiteSpeed
The path to the configuration file:
/usr/local/lsws/conf/modules-includes/phpcomposer/phpcomposer.conf
The configuration file:
context exp: ^(/composer\.(json|lock|phar)$)|((/vendor|.config|.cache|.local)) { allowBrowse 0}