Category Archives: Development

Xdebug in Docker

Yesterday Dmitri Goosens wrote about how to integrate Xdebug into almost any Docker Setup in PHPStorm. An article that I definitely need to digest a bit more as the PHPStorm integration is something that I often neglect. I am happy when it works on the CLI 😁

One thing though that Dmitri skips though (an dfor good reasons) is how to get Xdebug into your Docker environment.

As I have done that quite a number of times by now I thought I’d share the way I do it currently.

This is my Dockerfile

FROM php:8.3-rc-fpm
RUN PHPIZE_DEPS="autoconf \
      cmake \
      file \
      g++ \
      gcc \
      libc-dev \
      libpcre2-dev \
      make \
      git \
      pkgconf \
      re2c" \
    && XDEBUG_VERSION="" \
    && if [ "$(php -v | head -n 1 | grep 8.3)" != "" ]; then XDEBUG_VERSION="-3.3.0alpha3"; fi \
    && apt-get update \
    && apt-get install -y $PHPIZE_DEPS \
    && pecl install xdebug${XDEBUG_VERSION} \
    && docker-php-ext-enable xdebug \
    && echo "xdebug.mode=debug\nxdebug.discover_client_host=on\nxdebug.start_with_request=yes\nxdebug.log_level=0" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
    && apt-get remove -y $PHPIZE_DEPS

That should install a running version of Xdebug on whatever version of PHP you are using and even allows to use the soon to be relesased PHP8.3.

The main lines here are

    pecl install xdebug${XDEBUG_VERSION} \
    docker-php-ext-enable xdebug \

everything else is decoration resp. necessary that those two lines can do their magic.

Feel free to adapt the FROM line to whatever PHP-version you want to use from dockers official PHP-image (remember that that is not maintained by the PHP folks! It’s maintained by Docker!)

After a docker build -t phpxdebugtest . you should now be able to call docker run phpxdebugtest php -v and see this

PHP 8.3.0RC5 (cli) (built: Nov 1 2023 05:26:54) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.0RC5, Copyright (c) Zend Technologies
with Xdebug v3.3.0alpha3, Copyright (c) 2002-2023, by Derick Rethans

And now have fun integrating that Xdebug enabled PHP-Container into your PHPStorm.

Tweaking a WordPress blog for the fediverse

The Fediverse is taking off. Slightly. Not sure yet whether it’s similar to “Linux on Desktop” but no matter what it’s all about federation. And making it easier to get content right into the timeline of people is worth investigating.

So I decided to try the ActivityPub plugin and see where it leads me.

Installation of the plugin is straight forward. Head to “new Plugins”, search for ActivityPub, install and activate it.

The cool thing is: That’s it!

At least when you have setup your WordPress blog out of the box.

You can now follow the author on the fediverse by checking for @[authorname]@[blog-URI] . So in my case that would be @heiglandreas@andreas.heigl.org

And of course in my case it didn’t work out-of-the-box. Why should it.

Why? Well: Two reasons:

  • One was that I use the Yoast SEO plugin which by default (or did I actually set it up that way?) did redirect requests to the author-page back to the main website. Which is kind of counter productive when you want information about the author. So I changed those settings (“Yoast SEO” => “Search Appearances” => “Archives” – Set “Author Archives” to On)
  • The other was that I am running this blog from a subfolder. Which is something so common, that the plugin authors already have that in their FAQ on the plugin page. So I headed over to the server-config, made the mentioned tweaks, restarted the server and – voila – everything works!

Now I was able to find and follow @heiglandreas in my Mastodon-Client.

Things that I need to figure out now

The next things on my todo-list are:

  • That’s all nice and dandy on a personal blog. But how do I implement this so that people can actually follow a blog with changing authors – like for example 24daysindecember (did I mention that we are looking for people that want to contribute?)
  • Is there a possibility (or does it at all make sense) to somehow integrate that into my default fediverse-account? Or to get my personal account over to the andreas.heigl.org domain? Or to setup an @andreas@heigl.org fediverse account that also contains the stuff from the blog…

But those are questions that I will possibly answer in a

Transliter… what?

Every now and then I am challenged with modifying Unicode-strings. Whether by converting from any non-ASCII script to ASCII or handling differently normalized strings, all of these actions are called “Transliteration”

I first encountered that when I built an application that create PDF-Files on a Linux-Server that would then be overwritten from an application running on a mac that had the folder mounted via CIFS. Everything was working great. Until one of the people thought it would be a great idea to enter a filename with a german Umlaut. So the application created the file “example_ä.pdf” on the server. After some time we realized that there was a second file in that folder with the name “example_ä.pdf”.

Wait!

What?

Continue reading Transliter… what?

Named Parameters

Currently an awesome RFC to introduce Named Parameters to PHP is in the voting phase. As I voted against this RFC and some people asked me about my reasoning I thought I share it here.

After this tweet I had some interesting conversations on and off twitter that made me think about my take on named parameters back and forth.

And as much as I like the idea of named parameters I still see one major issue in the currently proposed implementation: Changing Parameter names.

Continue reading Named Parameters

Handle self-signed certificates with PHPs LDAP-Extension

Often I see questions on StackOverflow stating that connecting to LDAP-Servers secured with self-signed certificates is difficult and troublesome. Very often the accepted answer or the one with the most votes is actually the worst answer, as usually it requires to completely ignore certificates. So basically swapping the certificate would not be noticed, leaving the connection wide open for a Man-in-the-Middle attack and therefore somehow defeating the purpose of secure connections.

But how does one connect securely to an LDAP-Server secured with a self-signed certificate?

I did some tests and summarized my findings in a github-repo.

In essence it boils down to retrieving the current certificate either from the admin of the LDAP-Server or via OpenSSL using this command:

$ echo \
| openssl s_client -connect openldap:636 2> /dev/null \
| openssl x509 -text \
| sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' \
> /path/to/cert.pem

And then – at least when you have a supported PHP-Version – add the following lines to your ldap-code:

ldap_set_option(null, LDAP_OPT_X_TLS_CACERTDIR, '/path/to');
ldap_set_option(null, LDAP_OPT_X_TLS_CACERTFILE, '/path/to/cert.pem');

// either
$ldap = ldap_connect('ldaps://ldap.example.org:636');
// or
$ldap = ldap_connect('ldap://ldap.example.org:389');
ldap_start_tls($ldap);

Note: It’s important to call ldap_set_option before the first LDAP-Command and use null as the first argument. Otherwise it will not work 😉

You want more info? Have a look at the Repos README