my fellow programmers
I do have a question about Apache2 and PHP. Well, right now I'm trying to make a script that will create new "virtual hosts" from the PHP script, without using sudo
command inside PHP.
The solutions with echo passwd | /usr/bin/sudo -S command
echo passwd | /usr/bin/sudo -S command
are not really secure, and I won't use something like that. Also, I've found the solution with a www-data ALL=(ALL) NOPASSWD:
is as well not a solution.
Can someone please shed some light, which is the best solution for that, and what are the best protection measures? In case I need to use a sudo
inside a PHP.
Of course, that script will have some part a making a new directory, cp-ing new site files inside a dir, etc...
This sounds like a incredible bad plan security wise. You have to edit apache config files and then reload or restart the apache2 server.
You could do it by editing the sudoers file to give the www-data user the right to reload apache and add a vhost configuration to apache that the www-data user has writing rights on.
Second option is to fake vhosts via php:
<?php
switch ($_SERVER['SERVER_NAME']) {
case "site1.example.com" :
require_once 'some_config_for_site_1.php';
// load scripts from site1 folder.
break;
case "site2.example.com" :
require_once 'some_config_for_site_2.php';
// load scripts from site1 folder.
break;
default:
http_response_code(404);
break;
}
Ok, this is a really bad plan for this, but somehow this is the best solution for this.
To do this in a proper way, I'll use the bash script, and I'll call that script from PHP.
$output = shell_exec("sudo /path/to/script/script.sh $SiteName $Domain");
script.sh
#! /bin/bash
#First parameter given by calling the script
sitename=$1
#Second parameter given by calling the script
domain=$2
#Directorium where are stored files of the web app
dirlocation="/var/www/$sitename"
#Creating a new directorium
mkdir $dirlocation
#Copying the defoult files of app to the just created dir
cp -R /var/www/someapp/* $dirlocation
#Creating the new configurationg file for Apache and VHost
vhost_script="/etc/apache2/sites-available/$sitename.conf"
cat > "${vhost_script}" << EOF
<VirtualHost *:80>
ServerName $domain
DocumentRoot $dirlocation
<Directory $dirlocation>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
EOF
#Enabling the site in Apache
a2ensite $sitename.conf
#Reloading the Apache
systemctl reload apache2.service
Also in order to do this from a PHP, I need to give www-data
permission for running only that script with sudo. To do so open the sudoers
file ( sudo visudo /etc/sudoers
) and add the following line
www-data ALL=(root) NOPASSWD: /path/to/script/script.sh
I know this is maybe not the best solution, but this is what I've found for this purpose.
Disclaimer: This is only a showcase of how to do this, also the bash script here is a really simple one.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.