How to Build a Private Composer Repository with Satis for Secure PHP Packages
This guide walks you through setting up a private Composer repository using Satis, covering installation, configuration of satis.json, building the static UI, Nginx integration, and how to publish and consume private PHP packages in your projects.
Overview
Satis is an open‑source tool from the Composer team that builds a static Composer repository. It can host private packages together with third‑party dependencies, allowing projects to fetch packages from an internal source instead of the public Packagist.
Installation
Create a Satis project:
composer create-project composer/satis --stability=dev --keep-vcsCreate a satis.json configuration file. Example:
{
"name": "tinywan/repository",
"homepage": "http://composer.tinywan.com",
"repositories": [
{"type": "git", "url": "[email protected]:Tinywan/hello.git"}
],
"require-all": true,
"require-dependencies": true,
"require-dev-dependencies": true
}Build the static repository UI:
php bin/satis build satis.json distResulting Directory
The command creates a dist folder containing index.html, packages.json and package metadata under include and p2. Deploy this folder to a web server, e.g. /home/www/build/composer/dist.
NGINX Configuration
server {
listen 80;
server_name composer.tinywan.com;
root /home/www/build/composer/dist;
location / {
index index.html index.htm;
expires 1h;
try_files $uri $uri/ /index.html;
}
location ~ .*(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; }
location ~ .*(js|css)?$ { expires 12h; }
location = /robots.txt {
default_type text/html;
add_header Content-Type "text/plain; charset=UTF-8";
return 200 "User-Agent: *
Disallow: /";
}
}Reload Nginx and visit http://composer.tinywan.com to see the private repository.
Using the Private Repository in a Project
Add the repository to composer.json :
composer config repo.packagist composer http://composer.tinywan.comIf Composer blocks HTTP, disable secure‑http: composer config secure-http false Require a private package, e.g.:
composer require tinywan/helloAdding a Private Coding Repository
To host a package on Tencent Coding, create a private repository, import the GitHub project, rename it (e.g., hello-coding) and push a tag:
git tag v1.0
git push origin v1.0Update satis.json to include the Coding repo:
{
"name": "tinywan/repository",
"homepage": "http://composer.tinywan.com",
"repositories": [
{"type": "git", "url": "[email protected]:Tinywan/hello.git"},
{"type": "git", "url": "[email protected]:wiot/cloud/hello-coding.git"}
],
"require-all": true,
"require-dependencies": true,
"require-dev-dependencies": true
}Or add the package via CLI:
php bin/satis add [email protected]:wiot/cloud/hello-coding.git satis.json distRebuild the repository: php bin/satis build satis.json dist Visit the repository URL again to verify the new package appears.
Consuming the Coding Package
composer require tinywan/coding-helloThe command resolves the package from the private Satis repository, installs it, and updates the autoloader.
Automation
Configure GitHub or Coding webhooks to trigger php bin/satis build after pushes.
Use CI tools such as Jenkins to run the build command automatically.
Example webhook automation repository: https://github.com/Tinywan/webhooks
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Tech Hub
Sharing cutting-edge internet technologies and practical AI resources.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.