06/02/2018
Private Composer repository with Satis – Part 1
Everyone in PHP world knows what Packagist is. Whenever you need to pull some PHP library with composer, you’ll probably pull it from Packagist. But, what to do with your code that shouldn’t be publicly available? Something reusable, private, and self-hosted? You can pay for private Packagist, but if you already have your own infrastructure, maybe a lightweight free solution is good enough for your needs. That’s where Satis comes in.
Yes, there is a documentation page and there are some guides on the Internet about how you can setup Satis, but when it comes to actually installing, configuring and using it – there are a couple of more steps which you’ll need to do than those written in the guide. This article will hopefully guide you through the whole process – from installing prerequisites to using it in your projects. The guide will be based on the following system:
- CentOS7
- firewalld
- Apache (httpd)
- PHP 7.1 (from Webtatic repository)
We’ll assume that you already have these installed and configured and focus on what Satis needs.
Installing prerequisites
You can skip reading about prerequisites which you already have.
PHP extensions
Satis needs ext-dom PHP extension, but you probably have this one installed already. However, if you don’t have it, then you need to install it.
To check if the ext-dom is installed, you can use the following command:
If it’s not installed, you’ll need to:
Git and Composer
The next two prerequisites are Git and Composer. To install Git, simply use:
Composer has several installation methods and you can take a look at them here: https://getcomposer.org/doc/00-intro.md#installation-linux-unix-osx. We’ll use this one:
sudo mv composer.phar /usr/local/bin/composer
Installing Satis
Set up Apache virtual host
We will install Satis on a subdomain (satis.yoursite.com).
First, create directories for Satis Apache logs and document root.
sudo mkdir -p /var/www/satis/logs
After, you need to create virtual host configuration file for satis.yoursite.com
DocumentRoot /var/www/satis/html
ErrorLog /var/www/satis/logs/error.log
CustomLog /var/www/satis/logs/access.log combined
Close the text editor and restart httpd service
Install Satis
To install Satis, simply pull the project witll Composer. To keep everything related to Satis in one place, we’ll install Satis in /var/www/satis/app directory:
cd /var/www/satis/app
composer create-project composer/satis --stability=dev --keep-vcs
Secure document root with Apache password authentication
If you are using publicly available subdomain, you’ll need to secure your document root. After Satis runs and picks up your Git repositories, as a result it will be accessible through a web browser. You can see all your repositories and download zip archives of each of their versions directly from the web interface. So, let’s protect it with htpasswd.
Open your Satis Apache configuration file and add configuration for htpasswd authentication. Your virtual host configuration file for Satis should look like this:
ServerName satis.yoursite.com
DocumentRoot /var/www/satis/html
ErrorLog /var/www/satis/logs/error.log
CustomLog /var/www/satis/logs/access.log combined
<Directory "/var/www/satis/html>
AuthType Basic
AuthName "Restricted Content"
AuthUserFile "/var/www/satis/html/.htpasswd"
Require valid-user
</Directory>
</VirtualHost>
Don’t restart Apache just yet. We’ll need to create .htpasswd file first and add the first user to it.
You will be asked to supply a password for your_first_user. The -c flag is for creating a new file. If you want to add more users later, you can use the same command but without -c flag.
You can now restart Apache to apply the changes:
Add htpasswd authentication to Composer
Since your Satis server will use Composer to distribute packages, Composer on the server needs to be configured to be able to use your password protected site. Composer stores authentiucation credentials in ~/.composer/auth.json file which you’ll need to edit and add htpasswd credentials:
"http-basic": {
"satis.yoursite.com": {
"username": "your_first_user",
"password": "your_first_users_password"
}
}
}
Add https – Let’s Encrypt with certbot
If you don’t already have a wildcard SSL certificate for your domain, it would be a good idea to secure communication with your Satis server by enabling https. Fortunatelly, that’s easy and free by using Let’s Encrypt (https://letsencrypt.org/).
First, let’s install prerequisites. We will be using certbot (https://certbot.eff.org/) to generate and apply Let’s encrypt certificate. Certbot is available in the EPEL repository. In order to use SSL certificates, we will also need mod_ssl.
sudo yum install python-certbot-apache
The next thing to do is to check whether default HTTPS port is open in firewalld:
If https is not listed in your public services, you’ll need to:
Aa an alternative, you can lookup and open HTTPS port (instead of a service):
sudo firewall-cmd --zone=public --permanent --add-port=443/tcp
Now we can use certbot to install our SSL certificate and enable it on satis.yoursite.com
certbot --apache -d satis.yoursite.com
sudo systemctl restart httpd
Certbot will ask a series of questions during the setup, but they are all pretty much self-explanatory. The only advice is to always enable HTTPS and disable HTTP entirely when certbot asks you about it.
The last step is to make sure that the certificate is auto-renewed:
crontab -e
Furthermore, you’ll need to add the following entry in crontab:
Conclusion
If you have followed this guide properly, you should now have the following:
- Installed Satis on your server
- Prepared a subdomain for satis: satis.yoursite.com
- Secured your Satis front-end with Apache htpasswd
- Installed and configured HTTPS for satis.yoursite.com
However, we still haven’t added any repositories which Satis should monitor. Since this article is long enough, we’ll cover adding repositeories and day-to-day use of Satis in Part 2 of the article.