Using an SSH tunnel to step debug through a firewall

In a previous post I covered how to set up PHP step debugging in Zend Studio. But if that doesn’t work there may be a firewall in between the server and the debugging client, or IDE, preventing the connection. Here is a possible way to get around that.

Note: Of course there is no way to avoid the firewall, but this post assumes a connection to the server using SSH is possible. What we’ll do is allow communications from the server to the client using the Zend Studio default debugging port (10137) forwarded through an SSH tunnel which uses port 22 by default. For this to work an SSH connection must be possible from the client to the server.

While it is possible to do this using command line from Linux or Mac, or using PuTTY on Windows, this example will use the built-in SSH capabilities of Zend Studio 13. For older versions of Zend Studio I recommend using command line or PuTTY linked above.

Assuming step debugging in Zend Studio was already set up as outlined in my previous post we will continue using that setup, but enhance it with an SSH tunnel.

In Zend Studio open the preferences. (Windows|Preferences) With the preferences open, expand the PHP node to get to Servers. Highlight the server configuration to work with, and click Edit.

Screenshot from 2016-04-18 15:07:40

When the Edit Server dialog opens select the SSH Tunneling tab. Check the box to Enable SSH Tunneling, and populate the desired Username and Password. If your server requires the use of an SSH Private Key in order to login, please supply that.

Screenshot from 2016-04-18 14:41:34

Now that the SSH connection is set up we need to add the Port Forwarding for the debugging port. Do this by clicking the Add button in the Port Forwarding section.

Screenshot from 2016-04-18 14:43:45

NOTE: The SSH command would look like this:

$ ssh -R 10137:127.0.0.1:10137 [email protected]: -p 22

Select ‘remote’ to specify which side of the tunnel will be sending communication on the forwarded port, enter the local address the remote side (server) will use and port number to send to. Then enter the port number on the receiving end (the client). Now click Finish to apply the setup, and click finish to exit the preferences.

In the PHP Servers view (Windows|Show View|PHP Servers) right-click the server we just added SSH Tunneling support to and select Open SSH Tunnel. You should then see a brief dialog letting you know the connection was made.

Screenshot from 2016-04-18 14:52:41

We are ready to debug!

Since I was using Zend Server in this example I have Z-Ray available, and while on a page I wished to debug I could simply click on the debug icon and select any of the debugging options.

Screenshot from 2016-04-03 15:24:13

This will cause Zend Debugger to contact Zend Studio for debugging, which in turn will ask the user if they wish to open the debugging perspective.

IMPORTANT NOTE: Debugging over an SSH tunnel is not fast. Therefore you may notice a lag between initiating the debug session and your IDE reacting. After that things speed up, but the initial connection is slow on many networks.

Screenshot from 2016-04-03 15:24:44

If Yes is selected the IDE is now ready to perform any debugging the user desires.

Screenshot from 2016-04-03 15:27:24

Happy debugging!!!

This post is one in a series on debugging. For others click below:

PhpStorm and debugging issue
Setting up step debugging in Zend Studio
Setting up local debugging with PhpStorm

Setting up remote step debugging with Zend Studio

Recently I was helping someone set up step debugging of PHP in Zend Studio to debug a remote site, and had some difficulties. So I decided to create this post to remind me later, and perhaps help others get it set up.

I was doing this on an Ubuntu laptop, so while menus may vary slightly the process should be very similar regardless of OS. Also, I did this using a local VirtualBox virtual machine, using Bridged networking mode to simulate a remote server. In Zend Studio I had a project created with the Zend Framework Skeleton Application, and created a virtualhost in the virtual environment that mirrored that.

NOTE: If the desire is to use a local server the setup is much simpler.

Server setup

While this post doesn’t cover how to install Zend Debugger or Xdebug, ensure one of these are set up correctly. Also, ensure the debugger of choice “knows” where to find the IDE to be debugging from. Zend Debugger can try to do this automatically, or an IP can be manually specified within Zend Debugger or Xdebug. Also, if using Zend Debugger ensure the IP of the client is added to the whitelist. More on how to verify this IP from the client later.

Aiming at the server

The first step, assuming you already have a project created in Zend Studio, is to add a server to the project configuration. Do this in the preferences. (Windows|Preferences)  With the preferences open, expand the PHP node to get to Servers.

Screenshot from 2016-04-03 15:17:07

From there click “New”, and follow the wizard for setup. The first step is to specify the type of server. In my case I was using an install of Zend Debugger that comes with Zend Server, so selected Remote Zend Server. Alternatively I could have easily selected Generic PHP Server to arrive at the same endpoint later.

Screenshot from 2016-04-03 15:17:47

Next, after giving this server a name and URL (ensure the URL actually hits the server), I am prompted for the Zend Server login credentials to gain access to the Zend Server Web API.

Screenshot from 2016-04-03 15:19:09

Entering the user and password authorizes Zend Studio to pull down an API key for interacting directly with Zend Server if I desired to later. (This creates a new Zend Server Web API Key on the server specifically for this client.) Alternatively it is possible to click Cancel and enter the credentials manually.

Again, this is not really required for simply debugging, but I’m including it for completeness sake.

Screenshot from 2016-04-08 09:25:43

At this point a test can be run to ensure we are hitting the server as expected by clicking the Test button.

NOTE: If this doesn’t end in a success you may have some network issues to overcome. See my post on using an SSH Tunnel if you need to.

Screenshot from 2016-04-03 15:20:12

After a success, click OK and then Finish the wizard. If you had troubles, please see my post for using an SSH tunnel.

Enable debugging for the project

With the server set up it is now possible to set up debugging for the Zend Studio project.

In the Preferences (Windows|Preferences) click on the Debug within the PHP node.

Screenshot from 2016-04-03 15:21:16

Though it is possible to specify the PHP Server globally from the resulting option screen I prefer to set up preferences for each project, since most of my projects may be different in any way. So I click Configure Project Specific Settings… link at the top of the dialog and am prompted to specify which project I desire to configure.

Screenshot from 2016-04-03 15:21:57

After selecting the appropriate project I can then appoint the server I just added above, and then specify the Base Path and ensure the Auto-generated Base URL is correct in the lower section.

Screenshot from 2016-04-03 15:22:26

After approving and closing the Preferences, we are ready to debug!!!

Test: If the following step doesn’t work it may be because the debugger on the server cannot find the IDE. In a browser check what ports the IDE is listening on by entering the following URL to hit Zend Studio’s built in web server.

Screenshot from 2016-04-08 09:48:52

If the debug_host doesn’t show an IP address reachable by the server then it may be necessary to manually specify the IP in Zend Studio by altering the server configuration we created previously.

If the IP address should be reachable by the server the issue may be in the configuration on the servers end, or perhaps a firewall or load balancer in between is limiting. Please see my post on how to get around this with an SSH tunnel.

Since I was using Zend Server in this example I have Z-Ray available, and while on a page I wished to debug I could simply click on the debug icon and select any of the debugging options.

Screenshot from 2016-04-03 15:24:13

This will cause Zend Debugger to contact Zend Studio for debugging, which in turn will ask the user if they wish to open the debugging perspective.

Screenshot from 2016-04-03 15:24:44

If Yes is selected the IDE is now ready to perform any debugging the user desires.

Screenshot from 2016-04-03 15:27:24

I hope this helps others. Happy debugging!!!

This post is one in a series on debugging. For others click below:

PhpStorm and debugging issue
Using an SSH tunnel to step debug through a firewall
Setting up local step debugging with PhpStorm

PHPStorm and debugging IP issue

Recently I was helping someone troubleshoot an issue using PhpStorm and Zend Debugger. In this case Zend Studio was able to debug an application using Zend Debugger while PhpStorm was failing unless an SSH tunnel was used. The error received was:

Host ‘127.0.1.1’ is not allowed to open debug sessions – please configure zend_debugger.allow_hosts in the ini file.Failed to connect to host ‘127.0.0.1’, reason: ‘Connection refused’.

The person experiencing this issue was attempting to debug a site in a VirtualBox virtual machine from the host machine. Both the host machine and the virtual machine were running Ubuntu 14.04. At first glance I thought adding 127.0.1.1 to the allowed hosts would do it. But turns out it was more than that.

In this case we knew there was not a firewall blocking access, so it had to be networking.

To start things off I wanted to take a look at what PhpStorm was listening to, so I used the broadcast port 20080 to see this in a browser:

Screenshot from 2016-04-04 16:13:09

So it appears PhpStorm was attempting to use the IP addresses linked to the host systems ‘localhost’ and ‘hostname’, but not an IP address accessible via the network. This meant the server would never be able to send information back to the IDE without the use of an SSH tunnel, because it could not reach 127.0.1.1 or 127.0.0.1 of the host.

Unfortunately PhpStorm doesn’t provide a way to alter the listening IP addresses in the preferences, so we were left with either using an SSH tunnel to allow port forwarding of the listening port (10137) back to the host, or manually informing Zend Debugger where the IDE would be located.

Zend Debugger Tweak

By default Zend Debugger will automatically attempt to detect the IDE settings, as shown below:

Screenshot from 2016-04-04 16:23:04

However, this wasn’t working because PhpStorm was not reporting a usable IP address, so we needed to update the settings manually:

Screenshot from 2016-04-04 16:22:37

NOTE: Checking the box “Use browser’s IP Address” did not fix the issue. The IP address needed to be entered.

With this done, the server now knew where to reach the IDE for debugging sessions. One downside to this is if the host machines IP address changes, this setting will need to be updated.

This post is one in a series on debugging. For others click below:

Setting up step debugging in Zend Studio
Using an SSH tunnel to step debug through a firewall
Setting up local step debugging with PhpStorm

Edit: Please head out to the PhpStorm ticket system and +1 this fix to make this a thing of the past. https://youtrack.jetbrains.com/issue/WI-7465

Fun with Travis CI and PHP projects

I know I should have done this a long time ago, but I finally got my hands dirty with Travis CI.  I wanted to set up a php project on github to use Travis CI to monitor the status, in case I forgot to run the tests prior to pushing.  Unfortunately it was not as easy as it’s made out to be.  But now that I’ve done it once, it’ll be easier next time.  So, here is how I tackled it.

First, creating an account and getting started was easy.  I simply clicked the “sign in” link on the Travis CI site and entered my github credentials which authorized Travis CI to connect to my account. (the site informs you exactly what Travis CI will have access to)  Once that’s done Travis gets all my repos, so I can then activate them for Travis CI.  If that doesn’t happen automatically there is a handy “sync now” button to coax Travis CI.

NOTE: To connect public repos you would use https://travis-ci.org, while for private repos you would use https://travis-ci.com.  While pubic repos are free private ones cost money, though you do get 100 pushes free to get you started.

Second, it’s now time to click the + and add a new repo to be tracked by Travis CI.  After clicking you will be presented with a list of your repos to choose from.  It is simply a matter of turning the repo ON by clicking the switch.  I also clicked the wrench to select the option to “Built only if .travis.yml is present”.

Travis CI add repo

The structure of the app I added looks like this: (including all files needed for travis and unit testing) https://github.com/adamculp/api-consumer

Application structure

Third, I needed to create the .travis.yml file with the directives needed to make it all work.  Here is what my file looked like.

travis.yml file

Pretty simple.  Here is what it all means: I specified what language to use (php), and what versions of the language to test with (5.3, 5.4, and 5.5), I also instructed to have Composer install prior to any other scripts run (needed to ensure there was an autoloader, created by Composer), and finally I add the phpunit command and tell it where to find the phpunit.xml file (in this case it was in the tests directory).

Fourth, ensure that PHPUnit runs as expected locally.  Yes, you will need unit tests on your code.  That’s like one of the main reasons to do this in the first place.  Here is what my phpunit.xml and bootstrap.php look like:

phpunit.xml file

The phpunit.xml file is fairly simple.  It informs where PHPUnit can find the bootstrap.php file (same directory as a the phpunit.xml), and sets a whitelist of directory where code can be found (some use a blacklist and specify not to use the /vendor directory), and what directory to find tests in (the current directory).

phpunit bootstrap.php file

The bootstrap.php file specified by the phpunit.xml file is even simpler, as it only specifies where to find the autoload.php file created by the Composer install.

Fifth, take a quick peek at the settings for the repo on github and you will notice that Travis CI should be already set up and ready for something to be pushed.

github settings

Final, that’s it!  That is everything needed for Travis CI.  Of course this example is very simplistic, since the repo and tests are only on a single wrapper class I created.  But it’s good enough for a start, and if you need more the documentation is pretty good.  With these files created, all that remains is for me to commit changes to git, then do a push to origin at github.  Once the push to origin happens a Travis CI trigger at github fires and informs Travis CI to create a new build on a VM (virtual machine) then run the tests on the newest code.  After Travis CI finishes it lets you know with an email, and through the site. (green = good)

Travis CI feedback

One last thing you may want to do is add the Travis CI image to your README.md at github.  This will allow you and others to see whether the current master branch had a successful build, or if it failed.

[![Build Status](https://travis-ci.org/adamculp/api-consumer.svg?branch=master)](https://travis-ci.org/adamculp/api-consumer)

Travis CI build status indicator

Enjoy!

Zend Server and Sendmail failure bug

While trying to test the sendmail feature of Zend Server 6.3, on Ubuntu and CentOS, there was a bug.  I discovered that utilizing the Mail Preferences area of the Adminitration->Settings page and sending a test email to myself with the Sendmail option ended in an “Unknown error”.

The error returned by Zend Framework 2, which is used by Zend Server 6 was a generic error (Unknown error) if Sendmail returned an error status, but an empty error message.  Not much help, or was it?

Since the error appeared to be caused by Sendmail not returning a proper error the search for the issue led there.  See where my logic was going? My next step was to test sending an email with the PHP mail() function, and see if that shed any light on the issue.  Unfortunately it worked, which meant the issue was elsewhere.  But if the error wasn’t with PHP, Apache, Sendmail, Zend Server, or Zend Framework, where could it be?

At this point I enlisted one of my coworkers, Roman Basayev, who nailed it down.

Of course!  Zend Server on Linux installs Lighttpd for the Zend Server gui, and there must be a setting there for using Sendmail.  Sure enough in the file ‘/usr/local/zend/gui/lighttpd/etc/php-fcgi.ini’ there is a setting for ‘sendmail_path’ and it was empty.  So PHP running on Lighttpd was not able to find Sendmail, and therefore was not getting a decent error message.

The fix:

In the file ‘/usr/local/zend/gui/lighttpd/etc/php-fcgi.ini’ update the ‘sendmail_path’ to be ‘/usr/sbin/sendmail -ti’.  These are the paths on Ubuntu and CentOS, others may vary.

sendmail_path = "/usr/sbin/sendmail -ti"

After restarting Zend Server, all should be good  to go now.