Skip to main content

Install PHP agent on a Lando application server

Before you begin

Steps

Important

Never place the contrast.env file in the application's webroot directory.

  1. In your project's root directory, under the appserver service section of the .lando.yaml file, install the Contrast agent in the default service by adding this configuration:

    services:
  appserver:
    build_as_root:
      - curl https://pkg.contrastsecurity.com/api/gpg/key/public | apt-key add -
      - echo "deb https://pkg.contrastsecurity.com/debian-public/ $(sed -rne 's/^VERSION_CODENAME=(.*)$/\1/p' /etc/*ease) contrast" \ | tee /etc/apt/sources.list.d/contrast.list
      - echo "deb https://pkg.contrastsecurity.com/debian-public/ all contrast" | tee -a /etc/apt/sources.list.d/contrast.list
      - apt-get update && apt-get install contrast-php-agent
      - contrast-php-util enable-agent
env_file:
 - /path/to/contrast.env

  2. In a contrast.env file outside the webroot of your project, enable the connection to Contrast by adding the minimum agent configuration:

    CONTRAST__API__URL={contrastURL}
CONTRAST__API__API_KEY={apiKey}
CONTRAST__API__SERVICE_KEY={serviceKey}
CONTRAST__API__USER_NAME={contrastAgentUserName}
CONTRAST__ASSESS__ENABLE=true
CONTRAST__SERVER__NAME={yourServerName}
CONTRAST__AGENT__LOGGER__PATH=stdout

    Notes

    • Configuring a name for the server.name property prevents the agent from creating a new server entry in the Contrast web interface when the server restarts.

    • The agent.logger.path property is set to stdout to avoid printing agent logs to the webroot directory. Using this configuration, the Contrast agent logs are available by running the lando logs -s appserver command.

    • You can use the Contrast agent configuration editor to verify the agent configuration and export it as environment variables.

  3. To enable the Contrast agent, run the lando start command (if not used previously) or the lando rebuild -y command.

In this section: