Personal Packagist with Toran Proxy

SitePoint Sponsors

Most of you reading this already know Composer. For those who don’t, you can read a previous article of mine before contuing. We can all agree that Composer has brought many good things into the PHP world. If one dares however to look for drawbacks, or better put, not included features, he could state that it is not possible to work with private repositories. That argument won’t hold anymore, since there is Toran Proxy.

The end of the Satis era

Before Toran, those that really wanted to use private repositories, could use Satis. Satis enables you to generate a privately hosted Packagist website, with mirrored repositories and your own private repositories. It was compatible with private projects on bitbucket and github and guaranteed security by usage of SSH keys. By mirroring the packages you are using (hosting them on your own server) you will get faster download speeds. Satis was a fine solution but about a month ago Toran was released as a better alternative.

Toran: harder, better, faster, stronger

Toran uses the following description on its website:

Toran acts as a proxy for Packagist and GitHub. It is meant to be set
up on your own server or even inside your office.

This is a better method than what Satis uses: Satis urls override the original packages completely. This means that when your Satis server doesn’t work, all package fetching will fail. With Toran, you can always fall back to the original source (either Github or BitBucket).

Download speeds will also increase: when you are not living close to the US East Coast (where the github servers are located), having a server close to you will help you to download your components faster. Toran mirrors git repositories, which was not possible with Satis. Source installations will also be faster this way.

Setting things up

If you want to verify everything I say here, you can download a personal edition from the website. The installation instructions are easy (just copy paste) and half of it can be done by using the web interface. You need to enter the host domain, the subdomain and optional git mirroring locations. Future updating can be done by executing a simple command.

Toran on Homestead Improved

I will quickly demonstrate how to set up your own Toran site. For easy configuration I will use Homestead Improved, read this if you want to learn how to set it up.

Server Setup

After that installation, open the Homestead.yaml file and under sites: add:

- map:
  to: /home/vagrant/Code/Toran/web

Also add to your hosts file. Now download the personal edition of Toran and extract it in the Toran folder inside your Homestead folder (the Homestead folder is where Homestead.yaml is located). If you connect to your vagrant box via SSH, /home/vagrant/Code is the folder in question. This hostname is pointed to the web folder in the Toran folder you just extracted.

In order for Toran to work, there is only one server configuration setting left to change. Connect to your homestead box via SSH, and edit /etc/nginx/sites-available/ Change:

location / {
    try_files $uri $uri/ /index.php$query_string;


location / {
    try_files $uri /app.php$is_args$args;


This was all the required server configuration. Now go inside /Toran/app/config/ and rename parameters.yml.dist to parameters.yml. Open it and change following settings:

toran_http_port: 8000

Finally, exit the VM and reload it with vagrant reload.

The Wizard

You are only a couple of clicks away from using Toran. Navigate to and the installation will come up. This is where you can enter your license code (see next paragraph) but in our case you can check the box that it is for personal use underneath.

Next, you will define what the cronjob will do: if you don’t want to prefetch any packages, use the lazy setting. If you want to prefetch all defined packages, pick all. After that, there are optional settings for where the git clones will be stored and what prefix URL will be used. This is if your repositories are not publicly available.

If you had a Satis configuration before, you can enter it in the last textbox. Click the install button and we’re done.

Further maintenance

Now you need to manually update everything using the command:

php app/console toran:update

After that, you can set up a cronjob to do this automatically. Specific instructions for your server are given when you navigate to


With the development of Toran, its main (and for the moment only developer) Jordi Boggiano decided to not make it open-source. While Composer and Packagist remain open-source, Toran comes with licenses and fees. You can use Toran personally for free, but when you want to use Toran for your business you’ll have to pay a yearly fee. Exact pricing can be found on the website and custom pricing can be requested.


I want to thank Jordi Boggiano for additional clarifications on this project. If you have a business and want to simplify your dependency management, make sure to check this application out. Comments? Feedback? Leave it below!