Personal Packagist with Toran Proxy

SitePoint Sponsors
SitePoint Sponsors
Share

Most of you reading this already know Composer. For those who don’t, you can read a previous article of mine before contuing. We can all agree that Composer has brought many good things into the PHP world. If one dares however to look for drawbacks, or better put, not included features, he could state that it is not possible to work with private repositories. That argument won’t hold anymore, since there is Toran Proxy.

The end of the Satis era

Before Toran, those that really wanted to use private repositories, could use Satis. Satis enables you to generate a privately hosted Packagist website, with mirrored repositories and your own private repositories. It was compatible with private projects on bitbucket and github and guaranteed security by usage of SSH keys. By mirroring the packages you are using (hosting them on your own server) you will get faster download speeds. Satis was a fine solution but about a month ago Toran was released as a better alternative.

Toran: harder, better, faster, stronger

Toran uses the following description on its website:
Toran acts as a proxy for Packagist and GitHub. It is meant to be set up on your own server or even inside your office.
This is a better method than what Satis uses: Satis urls override the original packages completely. This means that when your Satis server doesn’t work, all package fetching will fail. With Toran, you can always fall back to the original source (either Github or BitBucket). Download speeds will also increase: when you are not living close to the US East Coast (where the github servers are located), having a server close to you will help you to download your components faster. Toran mirrors git repositories, which was not possible with Satis. Source installations will also be faster this way.

Setting things up

If you want to verify everything I say here, you can download a personal edition from the website. The installation instructions are easy (just copy paste) and half of it can be done by using the web interface. You need to enter the host domain, the subdomain and optional git mirroring locations. Future updating can be done by executing a simple command.

Toran on Homestead Improved

I will quickly demonstrate how to set up your own Toran site. For easy configuration I will use Homestead Improved, read this if you want to learn how to set it up.

Server Setup

After that installation, open the Homestead.yaml file and under sites: add:
- map: toran.app
  to: /home/vagrant/Code/Toran/web
Also add toran.app to your hosts file. Now download the personal edition of Toran and extract it in the Toran folder inside your Homestead folder (the Homestead folder is where Homestead.yaml
is located). If you connect to your vagrant box via SSH, /home/vagrant/Code is the folder in question. This hostname is pointed to the web folder in the Toran folder you just extracted. In order for Toran to work, there is only one server configuration setting left to change. Connect to your homestead box via SSH, and edit /etc/nginx/sites-available/toran.app Change:
location / {
    try_files $uri $uri/ /index.php$query_string;
}
to:
location / {
    try_files $uri /app.php$is_args$args;
}

Configuration

This was all the required server configuration. Now go inside /Toran/app/config/ and rename parameters.yml.dist to parameters.yml. Open it and change following settings:
toran_http_port: 8000
toran_host: toran.app
Finally, exit the VM and reload it with vagrant reload
.

The Wizard

You are only a couple of clicks away from using Toran. Navigate to http://toran.app:8000 and the installation will come up. This is where you can enter your license code (see next paragraph) but in our case you can check the box that it is for personal use underneath. Next, you will define what the cronjob will do: if you don’t want to prefetch any packages, use the lazy setting. If you want to prefetch all defined packages, pick all. After that, there are optional settings for where the git clones will be stored and what prefix URL will be used. This is if your repositories are not publicly available. If you had a Satis configuration before, you can enter it in the last textbox. Click the install button and we’re done.

Further maintenance

Now you need to manually update everything using the command:
php app/console toran:update
After that, you can set up a cronjob to do this automatically. Specific instructions for your server are given when you navigate to http://toran.app:8000/post-install.

Licenses

With the development of Toran, its main (and for the moment only developer) Jordi Boggiano decided to not make it open-source. While Composer and Packagist remain open-source, Toran comes with licenses and fees. You can use Toran personally for free, but when you want to use Toran for your business you’ll have to pay a yearly fee. Exact pricing can be found on the website
and custom pricing can be requested.

Conclusion

I want to thank Jordi Boggiano for additional clarifications on this project. If you have a business and want to simplify your dependency management, make sure to check this application out. Comments? Feedback? Leave it below!

Frequently Asked Questions (FAQs) about Personal Packagist and Toran Proxy

What is the main purpose of using Personal Packagist and Toran Proxy?

Personal Packagist and Toran Proxy are tools used in the management of private and public PHP packages. They provide a reliable and secure way to manage dependencies in your PHP projects. By using these tools, developers can ensure that their projects are always using the correct versions of the packages they depend on, even if the original packages are updated or removed from the internet.

How does Personal Packagist compare to other package management tools?

Personal Packagist stands out from other package management tools due to its ability to handle both private and public packages. It also offers a user-friendly interface, making it easy for developers to manage their packages. Additionally, it provides detailed statistics about package usage, which can be very useful for project management.

What are the benefits of using Toran Proxy?

Toran Proxy acts as a proxy for Packagist, GitHub, and other sources. It caches the packages you use, ensuring that they are always available, even if the original source is down. This can significantly improve the reliability of your projects. It also speeds up the installation of packages by serving them from a local network.

How can I set up Personal Packagist and Toran Proxy?

Setting up Personal Packagist and Toran Proxy involves several steps. First, you need to install the tools on your server. Then, you need to configure them to work with your projects. This involves specifying the sources of your packages and setting up authentication. Detailed instructions can be found in the official documentation.

Can I use Personal Packagist and Toran Proxy for commercial projects?

Yes, both Personal Packagist and Toran Proxy can be used for commercial projects. They are designed to handle the needs of both small and large projects, making them a great choice for businesses of all sizes.

Are there any limitations to using Personal Packagist and Toran Proxy?

While Personal Packagist and Toran Proxy offer many benefits, they do have some limitations. For example, they require a server to run on, which can add to the cost of your projects. They also require some technical knowledge to set up and manage.

How secure are Personal Packagist and Toran Proxy?

Personal Packagist and Toran Proxy are designed with security in mind. They use secure protocols to transfer packages and support authentication to ensure that only authorized users can access your packages.

Can I use Personal Packagist and Toran Proxy with other programming languages?

Personal Packagist and Toran Proxy are specifically designed for managing PHP packages. However, they can be used in conjunction with other tools to manage packages for other programming languages.

What is the cost of using Personal Packagist and Toran Proxy?

The cost of using Personal Packagist and Toran Proxy depends on the size of your projects and the number of packages you need to manage. For detailed pricing information, you can check the official websites of these tools.

Where can I get support for Personal Packagist and Toran Proxy?

Support for Personal Packagist and Toran Proxy is available through their official websites. You can also find a wealth of information and help from the community on various online forums and discussion boards.