Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Ubuntu 16.04 - Deploy Your Own Satis Server

Previously, we created a PHP package, but this is useless unless we host it on Packagist, or set up our own private server for referencing them, which is what I will now show you how to do, using Satis.

This tutorial will assume you are running Ubuntu 16.04, but the steps will be very similar for other distros.

Related Posts


Install all the necessary packages.

sudo apt update

sudo apt install -y \
  apache2 libapache2-mod-php7.0 \
  php7.0 php7.0-zip php7.0-cli php7.0-dom php7.0-mbstring \
  composer subversion git unzip

Give yourself permission to write to the web folder area.

sudo chown $USER:www-data /var/www

Install Satis using composer. I choose to install the tool to within my home area, but you could install it elsewhere.

cd $HOME
composer create-project composer/satis --stability=stable

After having performed this step, you should see a folder called satis where you are.

Now create a file called satis.json containing all the configuration details for the packages you desire.

    "name": "My Awesome Packages",
    "homepage": "",
    "repositories": [
            "type": "vcs",
            "url": "ssh://"
            "type": "svn",
            "url": "svn://"
    "require-all": true

Now build the package list.

sudo rm -rf /var/www/html
php satis/bin/satis build satis.json /var/www/html
  • If you are using SVN for hosting any of your packages, you will be prompted to enter your username/password.
  • If using something like Gitlab for hosting your packages, you will probably want to configure SSH by setting up a file at $HOME/.ssh/config that specifies the location of the SSH keys to use as well as the usernames to use.


That's it! Your Satis server is now at this server's IP/domain. At this point I would recommend using acme-php to get free SSL certificates from Lets encrypt for the server.

A Note On Security

Don't worry about your satis server being publicly available and "leaking"your private packages. It just acts as a pointer to composer as to where to fetch packages from. People will not be able to fetch the packages unless they have the credentials for where the packages are actually hosted.


Last updated: 19th February 2020
First published: 7th November 2018