Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Laravel Forge API
Feb 28, 2017 @ 14:36:37

The Laravel News site has posted an official announcement about the Forge API being released for public use. Forge is a service that makes it easier to set up and configuration servers by taking care of a lot of the details for you.

Laravel Forge just announced it’s first official API that allows you to create and interact with your servers and sites.

This was a highly requested feature and the API includes support for all the features Forge provides including Servers, Services, Daemons, Firewall Rules, Sites, SSL, and more.

The post includes how to get started with the API, where to get your API token and how to send it over for authorization handling. You can find more information about the Forge API in the documentation on the Forge site.

tagged: laravel forge api release announcement server setup configure

Link: https://laravel-news.com/laravel-forge-api

Zend Framework Blog:
Implement a SOAP server with zend-soap
Jan 25, 2017 @ 11:22:58

The Zend Framework blog continues on its series of posts showing how to create various types of web services using various components from the framework itself. In this latest post they show you how to implement a SOAP server with zend-soap, a component specifically designed to "create, serve, and access SOAP applications, and parse and generate WSDL".

zend-soap provides a full-featured SOAP implementation. SOAP is an XML-based web protocol designed to allow describing messages, and, optionally, operations to perform. It's similar to XML-RPC, but with a few key differences: arbitrary data structures may be described [and] multiple operations may be described in a message as well.

The post goes on to talk about why they're show how to use these other service types when they primarily use REST in Apigility. It also covers some of the benefits using the module has over PHP's own SOAP handling. From there it's all about the code: first just creating the server and then populating it with the classes and functions it allows. The remainder of the post is split between two other methods for setting up the server: using it in a MVC application and as middleware in something like Zend Expressive.

tagged: zendframework soap server zendsoap tutorial api wsdl mvc middleware

Link: https://framework.zend.com/blog/2017-01-24-zend-soap-server.html

Freek Van der Herten:
Using Varnish on a Laravel Forge provisioned server
Jan 05, 2017 @ 14:19:15

Freek Van der Herten has a post to his site showing you how to set up Varnish with a Laravel Forge server. Forge is a service that makes it simpler to set up and manage servers and the applications installed without having to mess with the details yourself.

For a project we’re working on at Spatie we’re expecting high traffic. That’s why we spent some time researching how to improve the request speed of a Laravel application and the amount of requests a single server can handle. There are many strategies and services you can use to speed up a site. In our specific project one of the things we settled on is Varnish. In this post I’d like to share how to set up Varnish on a Forge provisioned server.

He gives a high level overview of what Varnish is and what benefit it provides to your application (complete with illustrations) and includes a link to a presentation introducing Varnish to PHP developers. Then he moves on to installing Varnish on the server, updating the VCL configuration file and opening a port for you to use when connecting to the Varnish service. He shows the difference in the response headers when Varnish handles the response and the updates you'll need to make to get your Laravel application to play nicely with Varnish with this package.

He ends the post with examples of how to test the performance difference and some final steps to update the config and have it run on port 80 instead of the default 6081.

tagged: laravel forge varnish provision server tutorial setup configure performance

Link: https://murze.be/2017/01/varnish-on-a-laravel-forge-server/

TutsPlus.com:
Building Your Startup: Security Basics
Dec 20, 2016 @ 11:55:58

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with this latest article covering the "security basics" you'll need to adequately protect your application. This tutorial touches on both the server-level and code-level security aspects.

In today's episode, we'll dive into the basics of web server security. I'll cover securing the Linux VPS running Meeting Planner and some basic Yii security. In the next episode, I'll dive more into programmatic Yii application security.

The article starts off with the server side of things, introducing hosting options, keeping the server updated, configuring SSH for logins, setting up a firewall and SSL. With that solid base in place, it then starts on the code side covering the built-in functionality used to secure the backend and frontend functionality.

tagged: tutorial series yii2 startup security basics server code

Link: https://code.tutsplus.com/tutorials/building-your-startup-security-basics--cms-26702

TutsPlus.com:
Upgrading Your Linux Server to PHP 7.0
Dec 07, 2016 @ 11:47:25

The TutsPlus.com site has a new tutorial posted showing you how to upgrade your Linux server to run PHP 7.0, the latest major release of the PHP language.

PHP 7 was released last December. Once you've tested your code locally to run on it, it's time to upgrade your production server. Generally, I found that most of my sites run well on it.

However, I suspect that not many sites have upgraded yet. It's often safer and easier to stay on older releases. [...] But PHP 7 has now been out for nearly a year.

In today's episode, I'll walk you through my recommended approach to upgrading to PHP 7 on Ubuntu 14.x and resolving problems with PHPMyAdmin, which a lot of early upgraders ran into.

He starts by helping you identify any customizations that you might have related to PHP 5, specifically related to configuration options. He then provides the commands to remove PHP 5 packages from the system and add in the "ondrej/php" PPA for apt-get as the source for the PHP 7 packages. After a quick apt-get cleanup, he includes the commands to install the "php7" packages, enable a few extra modules and getting phpMyAdmin back up and in working order.

tagged: upgrade server php7 php5 ppa aptget phpmyadmin tutorial

Link: https://code.tutsplus.com/tutorials/upgrading-your-linux-server-to-php-7--cms-27583

Ben Ramsey:
Building PHP Projects on AWS CodeBuild
Dec 05, 2016 @ 10:54:48

Ben Ramsey has a post to his site sharing the process he's worked up to deploy PHP applications on AWS Codebuild, a new service from Amazon Web Services that fills the niche for an easy to spin up and use build server.

The main highlight of re:Invent is always the keynotes and the new services and features announcements they make during the keynotes. One of the new services caught my attention, and I decided to give it a try. That service is AWS CodeBuild.

CodeBuild is designed to be used as part of the AWS CodePipeline, but it may also be used by itself. [...] Out of the box, CodeBuild provides some managed images that you may use to build your projects. These include environments for Android, Java, Python, Ruby, Golang, and Node.js. PHP is missing from this list, but since you’re able to use other images, I decided to see how easy it is to get up and running on CodeBuild with a PHP project. I chose to try out my ramsey/uuid library for a simple test.

He walks you through the creation of a new CodeBuild instance (complete with screenshots of the UI) and how to configure your project, explaining each of the settings as he goes. He includes the full build command he's using for the library running tests, a lint check and codesniffer checks for formatting. He shows how to get the project to build and what the UI will show when the build is successful (all green).

tagged: project aws codebuild pipeline library tutorial setup build server amazon

Link: https://benramsey.com/blog/2016/12/aws-codebuild-php/

SitePoint PHP Blog:
Hashicorp’s Packer – Is It Something for PHP Developers?
Nov 15, 2016 @ 11:38:24

The SitePoint PHP blog has a new article posted taking a look at Packer (from Hashicorp) and if it's something that's relevant to a PHP developer's needs. Packer is a tool that makes it easier to machine images that can be reused across platforms based on a single configuration.

If you do a lot of server work for your clients or on the job, along with development work, then yes. Packer can help you a lot.

If you are only a developer and don’t really do much work on the server directly, then no. Packer won’t be very helpful.

That being said, it is wise for any PHP developer to learn the basics of creating server environments. You will run into these technologies in your career in one way or another (everything you create runs on them!). This specialized knowledge will help your career in the future for sure! At a minimum, you’ll understand your dev-ops colleagues and the work they do much better.

The article starts with a "look back in time" to when server setup was more manual and server admins/developers had to go in and change configurations/update software by hand. From there they move forward to the changes that virtualized servers made possible followed quickly by tools like Vagrant. Vagrant makes it easier to create and configure virtual machines so why would you need something like Packer? The article provides a summary of the features that Packer provides and how its overall workflow operates.

With all this information under your belt, the tutorial then starts in on using the Packer tool:

  • installing the Packer software
  • creating a new server instance
  • setting up the JSON configuration
  • the build process
  • working with provisioners
  • installing the VM with VirtualBox

The environment is now all set up and configured so the next step is, naturally, installing a PHP-based application. They opt for a basic Symfony demo application, showing how to change the configuration to pull it in and set everything up.

tagged: hashicorp developer packer tutorial configuration vagrant server setup

Link: https://www.sitepoint.com/hashicorps-packer-is-it-something-for-php-developers/

SitePoint PHP Blog:
Phpseclib: Securely Communicating with Remote Servers via PHP
Oct 04, 2016 @ 13:37:33

The SitePoint PHP blog has posted a new tutorial by Viraj Khatavkar showing how to use the phpseclib library to securely communicate with remote servers directly from your PHP code.

PHP has an SSH2 library which provides access to resources (shell, remote exec, tunneling, file transfer) on a remote machine using a secure cryptographic transport. Objectively, it is a tedious and highly frustrating task for a developer to implement it due to its overwhelming configuration options and complex API with little documentation.

The phpseclib (PHP Secure Communications Library) package has a developer friendly API. It uses some optional PHP extensions if they’re available and falls back on an internal PHP implementation otherwise. To use this package, you don’t need any non-default PHP extensions installed.

The first step is getting the library installed (via Composer) and a few example use cases including generating SSH keys dynamically and testing a SSH/SFTP connection. The tutorial then talks about three methods you can use with phpseclib to connect to remote servers: using an RSA key, using a password-protected RSA key and just the normal username/password combination. With the connection made they then show you how to:

  • execute (single and multiple) commands on the remote server
  • exit on the first error
  • gather the output from the commands

There's also a bit included about some other interesting configuration options and a few alternatives to the library if phpseclib doesn't work exactly right for your application.

tagged: phpseclib security communication server library tutorial introduction

Link: https://www.sitepoint.com/phpseclib-securely-communicating-with-remote-servers-via-php/

Laravel News:
Learn about Grant Types in Laravel Passport
Aug 24, 2016 @ 10:46:49

On the Laravel News site today they've posted a tutorial helping you learn more about the grant types in the OAuth2 functionality provided by Laravel Passport.

OAuth2 is a security framework that controls access to protected areas of an application, and it’s mainly used to control how different clients consume an API ensuring they have the proper permissions to access the requested resources.

Laravel Passport is a full OAuth2 server implementation; it was built to make it easy to apply authentication over an API for laravel-based web applications.

For those not familiar with some of the terms around OAuth and its handling, they start with a few brief definitions (those that are familiar can skip them). Following this the post gets into the creation of a two kinds of grant handling with Passport: third-party authorizations and first-party applications (your own apps authenticating against the OAuth server). The post ends with a brief mention of creating access tokens manually, but points out that thing functionality should probably only be used during testing.

tagged: laravel passport oauth2 grant types password thirdparty server

Link: https://laravel-news.com/2016/08/passport-grant-types/

Gonzalo Ayuso:
Sharing authentication between socket.io and a PHP frontend
May 16, 2016 @ 10:56:30

In a post to his site Gonzalo Ayuso shows you how to combine authentication between Socket.io and a PHP frontend running a simple Silex-based application.

Normally, when I work with websockets, my stack is a socket.io server and a Silex frontend. Protect a PHP frontend with one kind of authentication of another is pretty straightforward. But if we want to use websockets, we need to set up another server and if we protect our frontend we need to protect our websocket server too.

If our frontend is node too (express for example), sharing authentication is more easy but at this time we we want to use two different servers (a node server and a PHP server). I’ve written about it too but today we`ll see another solution.

He sets up a simple Silex application with three routes - the root (/), a login route and a "private" one requiring a user to be logged in. This last route makes the connection to the websocket server in the template. This connection sends the current session ID to the backend where it's verified with a simple Socket.io middleware. Sometimes the session ID cookie will be set as HttpOnly so he provides an alternative for that: a new endpoint just for getting the current session ID for the websocket request.

tagged: socketio websocket server frontend sharing authentication session silex tutorial

Link: https://gonzalo123.com/2016/05/16/sharing-authentication-between-socket-io-and-a-php-frontend/