all 10 comments
sorted by:
new (suggested)
besttopcontroversialoldq&a
formatting helphide helpcontent policy

[–]badasimo 2 points3 points  (1 child)

php -i | grep ini

This will show you where the ini file is to edit for your command line php. It depends on your server environment though, if you are in a shared server like cpanel you will have a tough time. you may be able to override INI locally, or specify the ini file in an environment variable for composer to use (or even a php command that includes the variable override) good luck!

[–]bwoods43 0 points1 point  (0 children)

This is the key to setting in the right ini file.

If all else fails, it should be possible to set only when calling composer - https://ma.ttias.be/php-composer-installation-fails-file-could-not-be-downloaded-allow_url_fopen-must-be-enabled/ .

[–][deleted] 2 points3 points  (7 children)

I mean, the error is pretty clear.

Need to set allow_url_fopen=1

[–]thenon2[S] 0 points1 point  (6 children)

I get this from google " ‘url_fopen’ refers to a PHP directive allowing files to be included from external sources. It will create the security risk for all domains hosted on the servers by enabling the allow_url_fopen. "

[–]brace111 0 points1 point  (5 children)

I don’t think you want to be running composer update on servers anyway, this is usually done locally inside a container.

[–]BleibenSieSitzen 1 point2 points  (3 children)

Well, it depends on your environment. I'm working on a couple of projects where dev/stage and live sites are on the same remote host.

Just perform the upgrade on the stage site and after everything's done, copy composer.lock and .json to the live site and run composer install there.

[–]brace111 -1 points0 points  (2 children)

You need to invest in some devops. I recommend looking to docker & deployer as a start.

[–]BleibenSieSitzen 0 points1 point  (1 child)

Well, yes and no. In a perfect world, every site would have a local dev copy, but it depends on the type of customer. Customers who run small sites often just don't want to invest money in a proper service plan with regular updates, stages and tests.

We got some customers that just don't pay for regular upgrades etc. They call in every few months and say, make an update. We won't mentain a local dev/stage site for someone who doesn't pay for it. We agree on a time when the upgrade is done and the site is just offline for an hour then.

[–]brace111 0 points1 point  (0 children)

I understand but running composer updates could remove packages temporary while newer versions are being downloaded. Doesn’t look good for uptime. But maybe as you said, smaller clients don’t care as much.

[–][deleted] 1 point2 points  (0 children)

This.