Skip to main content

Install PHP agent on a Lando application server

Before you begin

Steps

Important

Never place the contrast.env file in the application's webroot directory.

  1. In your project's root directory, under the appserver service section of the .lando.yaml file, install the Contrast agent in the default service by adding this configuration:

    services:
  appserver:
    build_as_root:
      - curl https://pkg.contrastsecurity.com/api/gpg/key/public | apt-key add -
      - echo "deb https://pkg.contrastsecurity.com/debian-public/ $(sed -rne 's/^VERSION_CODENAME=(.*)$/\1/p' /etc/*ease) contrast" \ | tee /etc/apt/sources.list.d/contrast.list
      - echo "deb https://pkg.contrastsecurity.com/debian-public/ all contrast" | tee -a /etc/apt/sources.list.d/contrast.list
      - apt-get update && apt-get install contrast-php-agent
      - contrast-php-util enable-agent
env_file:
 - /path/to/contrast.env

  2. The environment variables are set in the contrast.env file for either an agent token or a legacy configuration. The following variables you can set are proposed changes for your reference.

    • Agent Token: In a contrast.env file outside the webroot of your project, enable the connection to Contrast by adding the minimum agent configuration:

      CONTRAST__API__TOKEN={token value}
CONTRAST__ASSESS__ENABLE=true
CONTRAST__SERVER__NAME={yourServerName}
CONTRAST__AGENT__LOGGER__PATH=stdout

      If your agent configuration refers to both the legacy settings and the agent token, (in environment variables or the YAML file), the legacy settings take precedence. Remove references to the legacy settings to use just the agent token value.

    • Legacy settings: If you are using a PHP agent version earlier than 1.34.0, set these variables:

      CONTRAST__API__URL={contrastURL}
CONTRAST__API__API_KEY={apiKey}
CONTRAST__API__SERVICE_KEY={serviceKey}
CONTRAST__API__USER_NAME={contrastAgentUserName}
CONTRAST__ASSESS__ENABLE=true
CONTRAST__SERVER__NAME={yourServerName}
CONTRAST__AGENT__LOGGER__PATH=stdout

    Notes

    • Configuring a name for the server.name property prevents the agent from creating a new server entry in the Contrast web interface when the server restarts.

    • The agent.logger.path property is set to stdout to avoid printing agent logs to the webroot directory. The Contrast agent logs are available using this configuration by running the lando logs -s appserver command.

    • You can use the Contrast agent configuration editor to verify and export the agent configuration as environment variables.

  3. To enable the Contrast agent, run the lando start command (if not used previously) or the lando rebuild -y command.

In this section: