Ispmanager 6 business documentation

PHP Composer description

 

PHP Composer description

PHP Composer description

To switch to PHP Composer:

  1. In the Main menu choose Domains.
  2. Select the necessary site and click on the context menu button “”.
  3. In the form that opens choose PHP Composer installed packages:

In the Installed PHP packages form that opens, the following actions are available:

  • Update – to call the command PHP Composer Install;
  • Configuration file – opens composer.json file for editing;
  • Shell client – navigates to the Shell client for the selected site;
  • Delete – deletes the selected dependency. If the dependency being removed is necessary for other dependencies, an error will occur.

Also on this form the installed dependencies are listed with their name, version and description.

Update

Calls the command PHP Composer install.

Installs PHP dependencies described in the composer.json file located in the root directory of the site.

Configuration file

A project using PHP Composer contains a composer.json configuration file, which is used to install dependencies. The composer.json file is the main PHP Composer configuration file. It contains a list of dependencies, repository settings, and more.

An example of composer.json:

{
    "require": {
            "monolog/monolog": ">=1.0.2 <2.1.2"
    },
    "description": "This example",
    "keywords": ["testing", "example"],
    "type": "project",
    "version": "1.0.0",
    "homepage": "https://example.com",
    "readme": "readme.md",
    "license": "MIT",
    "authors": [{
            "name": "User",
            "email": "user@example.com",
            "homepage": "https://www.example.com",
            "role": "Developer"
    }],
    "support": {
            "email": "support@example.org"
    }
}

Description of the composer.json example:

  • require – JSON with names and versions of repositories to install. The main field;
  • authors – JSON describing the authors of the project, where:
    • email – the author's email address;
    • homepage – the author’s home page;
    • name – the author’s name;
    • role – role in the project;
  • description – project description;
  • homepage – project home page;
  • keywords – key words for searching project in the repository;
  • license – project license type;
  • readme – the path to readme file;
  • support – technical support email address;
  • type – type, may be library, project, metapackage, composer-plugin.
  • version – project version.
The ability to edit PHP Composer configuration files is available both with administrator and user rights.

Shell client

The Shell client allows you to execute additional PHP Composer commands and other commands in the terminal. shellinaboxd is launched with the rights of the site owner. When opening the terminal, the following actions are performed:

  • navigating to the home directory of the site;
  • adding the path to the php executable file to the PATH variable, according to the version for the selected site.

Delete

Deletes the selected dependencies.

Service files and directories

While PHP Composer is running, the following service files and directories are created in the home directory of the site:

  • composer.phar - PHP Composer executable file.
  • composer.json - a file in JSON format that describes all the third-party packages on which the project depends.
  • composer.lock - the file to which the current list of installed dependencies and their versions are saved.
  • vendor - the directory in which dependencies are installed.
  • .cache - the directory where the cache of downloaded repositories is stored.
  • .config - the directory where configuration settings and public keys are stored.

Directories are defended by Deny from all rule in .htaccess. The composer.phar executable file only works on the console version of PHP.

Backup

When performing a site backup, the value of the phpcomposer field is stored in the metadata, the libraries are stored in the site files.

If it is not possible to enable PHP Composer, when restoring, a corresponding entry will be added to the recovery log.

Service data protection

In order to prevent service files and directories from being accessed through the browser, when PHP Composer is enabled, attachments of configuration files for Nginx, Apache and OpenLiteSpeed are added to the configuration files of sites, depending on what is installed on the server. If Nginx + Apache is installed, attachments will be added for both of them.

The list of protected files and directories:

  • composer.phar
  • composer.json
  • composer.lock
  • vendor
  • .cache
  • .config
  • .local

If any dependencies have been installed, then after disabling PHP Composer, the site still has the added attachments. This is necessary so that the files do not become available after disconnecting. Attachments remain if the vendor directory and the composer.json file are present in the root directory.

Nginx

The path to the configuration file:

/etc/nginx/modules-includes/phpcomposer/phpcomposer.conf

The configuration file:

location ~* ^(/composer\.(json|lock|phar)$)|(/(vendor|.config|.cache|.local)/) {        deny all;}

Apache

The path to the configuration file in Debian systems:

/etc/apache2/modules-includes/phpcomposer/phpcomposer.conf

The path to the configuration file in RedHat systems:

/etc/httpd/modules-includes/phpcomposer/phpcomposer.conf

The configuration file:

<LocationMatch "^(/composer\.(json|lock|phar)$)|(/(vendor|.config|.cache|.local))">    <IfModule mod_authz_core.c>        # Apache 2.4        <RequireAny>        Require all denied        </RequireAny>    </IfModule>    <IfModule !mod_authz_core.c>        # Apache 2.2        Order Deny,Allow        Deny from All    </IfModule></LocationMatch>

OpenLiteSpeed

The path to the configuration file:

/usr/local/lsws/conf/modules-includes/phpcomposer/phpcomposer.conf

The configuration file:

context exp: ^(/composer\.(json|lock|phar)$)|((/vendor|.config|.cache|.local)) {        allowBrowse 0}