Automate with Grunt: The Build Tool for JavaScript

Automate with Grunt: The Build Tool for JavaScript now in print and shipping

Introducing the new PHP on Heroku

PHP developers are makers at heart. The core strength of PHP has always been in creating a tight feedback cycle between developers and their audiences. That strength is the reason why PHP powers so many of the world’s biggest and best web properties such as Facebook and Etsy. But as developers of those and similar apps know, PHP hasn’t always enjoyed some of the runtime, management or infrastructure elements its peer communities like Ruby on Rails, Python with Django, and Node have had for some time.

As one of the web’s largest PHP shops, Facebook has been an advocate and innovator for the language, but it’s been hard for PHP developers beyond Facebook’s walls to take advantage of that innovation. We’ve been fortunate to work with Facebook on a variety of occasions, and with their F8 Conference next door to our office here in San Francisco, we thought it would be a great opportunity to help bring some of their and the PHP communities’ latest innovations to developers everywhere, by announcing today full Heroku support for the new PHP. If you are in town for F8, please join us tonight for a pre-conference PHP meetup at our office right next door to the main venue.

This new PHP is built on new runtimes and frameworks, marrying the familiarity and productivity of the popular language with the best practices of other modern frameworks – letting PHP developers take their favorite language further than ever. The new PHP is perfectly suited for modern development and deployment Heroku helped create, and is available today. More specifically, Heroku is making available in public beta today:

Native HipHop Support

At the foundation of the new PHP is Facebook’s HipHop VM, a modern, high-performance runtime for PHP that promises orders of magnitude speed improvements while retaining compatibility. With help from the Facebook team, this VM is now available as part of the Heroku buildpack, so developers can quickly deploy their PHP code onto this new VM just as they would Rails or Python. Specifying running with the traditional VM or HHVM is now a trivial switch for PHP apps on Heroku.

Packaging and First Class Frameworks

Declarative and explicit dependency management is a core facet of building apps in this new world. This ensures:

  • A clean development pipeline
  • Ease in onboarding new developers to your project
  • Parity between development and production closer thus making running production apps easier.

This form of structured dependency management has been available in other Heroku supported languages for years, and now PHP via Composer has copied the best of breed from all of them. Further the new PHP brings with it many new frameworks such as Symfony and Laravel which bring forward this new type of development.

Together dependency management and these newer frameworks help to better deliver apps that can both be brought to market quickly, but also maintained and scaled in a predictable fashion today on Heroku.

Heroku XL Support

With these enhancements, PHP can take advantage of the benefits Heroku introduced with XL, offering a complete path for companies to deploy and scale PHP in high scale, high performance contexts. PX Dyno compatibility brings even greater performance to PHP apps running on Heroku, and coupling with HHVM support delivers performance for even the highest scale sites. And with premium support for PHP, developers and enterprises both can deploy their PHP apps with the confidence of having 24 x 7 technical resources available to them.

Getting Started

Enough talk though, let's give it a try. First let’s create our standard hello world application with an index.php file:

<?php

echo "Hello World!";

?>

Now we’re going to create our composer.json file, which in this case will be empty because we’re not using any dependencies at all for our application:

touch composer.json

Finally let’s commit it to git, create our heroku application, and deploy.

$ git init
Initialized empty Git repository in ~/hello_heroku_php/.git/
$ git add .
$ git commit -m "Initial import of Hello Heroku"
[master (root-commit) 06ba0a7] Initial import of Hello Heroku
 2 files changed, 5 insertions(+)
 create mode 100644 composer.json
 create mode 100644 index.php
$ heroku create 
Creating safe-ridge-5356... done, stack is cedar
http://safe-ridge-5356.herokuapp.com/ | git@heroku.com:safe-ridge-5356.git
$ git push heroku master
...
$ heroku open

And now we have a working PHP app.

In Conclusion

We’d like to thank so much of the community for helping drive so much innovation in PHP, from the creators of Composer to the Facebook team working on HHVM. We look forward to seeing what you build with this new PHP support on Heroku and welcome any feedback or comments as you dig in.

PHP – a look back, a look forward

The history of PHP is the history of the web. Long-time developers will remember how PHP changed the universe of web development. PHP brought two key innovations to the table when it first launched. First, it was interpreted, which meant you could edit a file in place, then refresh the page and see the result. This quick feedback loop was why so many started with PHP and is still a cornerstone of what makes the language so useful. Second, it was the first widespread templating language which enabled intermixing of HTML and PHP code. Every other major web language and framework since PHP has followed suit.

Over time, PHP became a cornerstone of the “LAMP stack”. The LAMP stack consisted of Linux, Apache, MySQL, and PHP, and helped to define the world of open source we all take for granted today. The ubiquity of open-source software in web development is near-absolute now, but it was the success of these technologies that redefined an industry.

Of course PHP wasn’t perfect and other languages and their frameworks came along to contend with PHP as the years went by. In fact, Heroku’s founders ran a PHP consultancy called Bitscribe which focused on PHP development before founding Heroku. They eventually moved from PHP on to Ruby on Rails, which led to the creation of Heroku when they discovered that the Rails ecosystem lacked good hosting options.

A Modern PHP

The best way to get someone to do the right thing is to make it the easiest thing to do. That’s why we’ve built Heroku to support and encourage the best practices of modern software development out of the box. We’ve captured a lot of this experience in the Twelve-Factor App Manifesto, and now we’ve also applied it to our new PHP support on the platform. Here’s a look at just of the few of they ways they apply:

The days of live on-server editing along with all the late nights and outages it inevitably leads to are fortunately behind us. Version control is ubiquitous today, and it’s rare to meet a development team not collaborating using a tool like Phabricator or GitHub. Unfortunately, it’s still far too common for system libraries, web servers, and extensions to be mismatched between dev, staging, and production environments. On Heroku, your git integrated deployment pipeline allows you to “git push” to deploy code with confidence whether it’s to your development environment or to production. We’ll use Composer to automatically ensure you get exactly the right version of all your code’s dependencies every time, including configuring either Apache or Nginx, and all your system dependencies.

Although many other languages have grown their own rudimentary native web servers, it’s still most common to pair PHP with a dedicated web server. Apache is the most common choice and very well understood, but Nginx is certainly growing in popularity. We support both, and in order to improve dev-prod parity, we’ve built a composer package that lets you, the developer, choose which one you prefer, receive a sensible configuration out-of-the-box, and further configure them with ease whether you’re running on Heroku, your local machine, or anywhere you please.

Today and Tomorrow

In today's world, PHP developers choose from a huge variety of technology options. These include modern data stores like PostgreSQL, Redis, and MongoDB, front-end frameworks like Angular, and platforms like, of course, Heroku.

In fact, for many modern PHP applications the notion of the LAMP stack seems limiting. Fortunately, PHP developers on Heroku can fearlessly take advantage of just about any technology they can imagine. For example, every PHP app on Heroku includes a free PostgreSQL database with support for a wide variety of powerful features like full-text search, and native JSON types. If Postgres isn’t to your liking our add-on marketplace brings the entire ecosystem to your fingertips. If you’ve got a technology need, you’ll probably find just the add-on you’re looking for.

One piece of future direction we’re incredibly excited about is Hack. Hack brings a whole host of new developments to PHP. Many PHP developers have heard about HHVM, Facebook’s high performance PHP virtual-machine project. Hack is another project from that team, and it includes great new features like an improved collections library, asynchronous method calls, and even the world’s friendliest type-system – all while supporting vanilla PHP code and enabling you to adopt it incrementally as you discover the features you need. And Hack is available for you to try directly on Heroku today with this new PHP support.

We should note though, Hack is quite new, and we encourage you to give it a try, but at this point support for Hack should definitely be considered experimental and we would encourage you to test it thoroughly before putting anything into production.

When you put all these pieces together, it’s inarguable: PHP’s future is bright. Hundreds of thousands of PHP developers ship code every day. From Facebook to Etsy to WordPress: big companies continue to invest in PHP. Between the long-term stewardship of Zend and the new creative energies Facebook’s Hack language have brought to the community, it’s clear that no matter what flavor of PHP you choose there’s an ever more powerful, flexible future… with lots of fast feedback.

Whether you’re engineering high-scale mission-critical systems every day or you’re just making things for yourself and your friends, try the new PHP in public beta on Heroku today.

Happy making, and welcome to Heroku.

Beyond Heartbleed: Improved Security for Encrypted Connections

The announcement earlier this month of the “Heartbleed” bug (CVE-2014-0160) in OpenSSL once again focused attention on the technology used to secure communications on the Internet. Heartbleed was a very serious vulnerability and we moved as quickly as possible to patch systems and eliminate this threat on behalf of our customers.

But security is not just about fire drills, there are many steps that can be taken over time to continually improve security. Over the last months we have rolled out several security improvements to Heroku SSL Endpoints, including:

These enhancements have already been rolled out and are in effect for you today if you are running on our Cedar stack and using ssl:endpoint. If you are using the legacy ssl:hostname plan you will need to switch to ssl:endpoint to take advantage of the improvements.

With the new changes, your applications on Heroku now use the most up-to-date practices for securing incoming traffic. You can verify this by using an SSL testing tool like SSL Labs from Qualys. You should score at least an “A” using this tool. To get an “A+”, you will need to implement HTTP Strict Transport Security in your application. Our SSL endpoints will pass the appropriate headers through to your users.

Perfect Forward Secrecy?

While all of these changes are valuable, we want to draw some extra attention to Perfect Forward Secrecy. Imagine that an attacker is able to record the encrypted communication between a client and server for some time. Then at a later point, the attacker manages to steal the private key from the server. Perfect Forward Secrecy ensures this stolen private key cannot be used to decrypt communications from the past.

Heartbleed is an example of a bug that can be exploited to steal private keys. Should a similar bug be discovered in the future, you can now rest assured that past communications cannot be decrypted.

A Quick Note on BEAST

We often get questions about the BEAST attack, as SSL Labs will show it is no longer mitigated on the server side. BEAST is considered to be most effectively mitigated in clients at this point, so we have chosen to prioritize newer ciphers over the BEAST server mitigation. Qualys has an excellent write-up on this this, if you would like to learn more.

Six days to complete the Rails hosting survey

Attention all Ruby on Rails Developers… you have six days to complete the 2014 Rails Hosting Survey.

All of the results will be shared with the community. Consider this your civic duty of the day. :-)


<p><a href="http://rails-hosting.com/">http://rails-hosting.com</a></p><div class="feedflare">