PHP Composer description
PHP Composer description
To switch to PHP Composer:
- In the Main menu choose Sites.
- Select the necessary site and click on PHP button.
- In the Advanced PHP Settings form, click on the PHP Composer button.
PHP Composer contains the following settings:
- Install — installs dependencies;
- Delete — deletes the selected dependency;
- Configuration file — opens composer.json file for editing;
- Update — calls the command PHP Composer Install;
- Shell client — navigates to the Shell client for the selected site.
This form also lists the installed dependencies with their name, version and description.
Install
Installs dependencies. You can install multiple dependencies at once and specify the versions you want to install.
Delete
Deletes the selected dependencies. If the dependency you are trying to remove is necessary for other dependencies, an error will occur.
Configuration file
A project using PHP Composer contains a composer.json configuration file, which is used to install dependencies. The composer.json file is the main PHP Composer configuration file. It contains a list of dependencies, repository settings, and more.
An example of composer.json:
{
"require": {
"monolog/monolog": ">=1.0.2 <2.1.2"
},
"description": "This example",
"keywords": ["testing", "example"],
"type": "project",
"version": "1.0.0",
"homepage": "https://example.com",
"readme": "readme.md",
"license": "MIT",
"authors": [{
"name": "User",
"email": "user@example.com",
"homepage": "https://www.example.com",
"role": "Developer"
}],
"support": {
"email": "support@example.org"
}
}Description of the composer.json example:
- require — JSON with names and versions of repositories to install. The main field;
- authors — JSON describing the authors of the project, where:
- email — the author's email address;
- homepage — the author’s homepage;
- name — the author’s name;
- role — role in the project.
- description — project description;
- homepage — project homepage;
- keywords — keywords used to search for the project in the repository;
- license — project license type;
- readme — the path to readme file;
- support — technical support email address;
- type — type, for example library, project, metapackage, composer-plugin;
- version — project version.
Update
Calls the command PHP Composer install.
Installs PHP dependencies described in the composer.json file located in the root directory of the site.
Shell client
The Shell client allows you to execute additional PHP Composer commands and other commands in the terminal. The shellinaboxd command can be called with the site owner permissions. When opening the terminal, the following actions are performed:
- navigating to the home directory of the site;
- adding the path to the php executable file to the PATH variable, according to the version for the selected site.
Service files and directories
While PHP Composer is running, the following service files and directories are created in the home directory of the site:
- composer.phar — PHP Composer executable file;
- composer.json — a file in the JSON format that describes all the third-party packages on which the project depends;
- composer.lock — the file to which the current list of installed dependencies and their versions are saved;
- vendor — the directory in which dependencies are installed;
- .cache — the directory where the cache of downloaded repositories is stored;
- .config — the directory where configuration settings and public keys are stored;
Directories are defended by Deny from all rule in .htaccess. The composer.phar executable file only works on the console version of PHP.
Backup
When performing a site backup, the value of the php composer field is stored in the metadata, the libraries are stored in the site files.
If it is not possible to enable PHP Composer, when restoring, a corresponding entry will be added to the recovery log.
Service data protection
In order to prevent service files and directories from being accessed through the browser, when PHP Composer is enabled, attachments of configuration files for Nginx, Apache and OpenLiteSpeed are added to the configuration files of sites, depending on what is installed on the server. If Nginx + Apache is installed, attachments will be added for both of them.
The list of protected files and directories:
- composer.phar
- composer.json
- composer.lock
- vendor
- .cache
- .config
- .local
If any dependencies have been installed, then after disabling PHP Composer, the site still has the added attachments. This is necessary so that the files do not become available after disabling. Attachments remain if the vendor directory and the composer.json file are present in the root directory.
Nginx
The path to the configuration file:
/etc/nginx/modules-includes/phpcomposer/phpcomposer.confThe configuration file:
location ~* ^(/composer\.(json|lock|phar)$)|(/(vendor|.config|.cache|.local)/) { deny all;}Apache
The path to the configuration file in Debian systems:
/etc/apache2/modules-includes/phpcomposer/phpcomposer.confThe path to the configuration file in RedHat systems:
/etc/httpd/modules-includes/phpcomposer/phpcomposer.confThe configuration file:
<LocationMatch "^(/composer\.(json|lock|phar)$)|(/(vendor|.config|.cache|.local))"> <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require all denied </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All </IfModule></LocationMatch>OpenLiteSpeed
The path to the configuration file:
/usr/local/lsws/conf/modules-includes/phpcomposer/phpcomposer.confThe configuration file:
context exp: ^(/composer\.(json|lock|phar)$)|((/vendor|.config|.cache|.local)) { allowBrowse 0}