I have an index.php file that is running some script making mysql requests. For obvious security reason, i'd like to remove the mysql credentials (host, password, user, database) from this script and replace them with some apache environment variables.
I tried to create such variables in /etc/apache2/envvars using following line of code : export MYSQL_USER='my_user' and then I intend to get it back using getEnv php function like this : getenv('MYSQL_USER') but this returns nothing.
Any idea ? Thanks !
Four steps :
in /etc/apache2/envvars : export MYVAR='value'
in /etc/apache2/apache2.conf : PassEnv MYVAR
Restart apache
in the php file located wherever apache2 is running: echo $_SERVER['MYVAR'];
In the virtual host for Apache you could use
SetEnv VARIABLE_NAME value
and the get the value of this variable from your PHP code using
$variable = getenv('VARIABLE_NAME');
You can read more on SetEnv here http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv
If you would like to store passwords in an environment variable, but you don't want other users to be able to read the password or key, you could follow the following steps (tested on Ubuntu 18.04):
Create a file /etc/apache2/conf-available/aws_key.conf
Change the ownership to root sudo chown root:root /etc/apache2/conf-available/aws_key.conf
Change the file permission, so it is only readable for root sudo chmod 600 /etc/apache2/conf-available/aws_key.conf
Put the password or key in the file, e.g. SetEnv AWS_SECRET_ACCESS_KEY abcdefg12345+-987654321
Enable the configuration file sudo a2enconf aws_key
Restart Apache sudo service apache2 restart
This key is accessible in PHP via $_SERVER['AWS_SECRET_ACCESS_KEY'].
Related
I set up the environment path in amazon linux vi /etc/environment as ENV_TYPE=DEV. Environment variable are set up in localhost but it not get the environment in web host.
In apache path /var/www/html I create a index.php with below code:
<?php
echo "env ".getenv('ENV_TYPE');
exit;
?>
I already tried the below commands for setup,
vi etc/environment --> ENV_TYPE=DEV
OUTPUT from my host is " **env **" only but expected Output is "env DEV"
the issue is env only execute in this code , ENV_TYPE not fetched from environment variable!!!
output image
i expected output image is
set the Local environment in the path file /etc/environmet
export ENV_TYPE=DEV
then, save and Create a .htaccess file in the apache path /var/www/html and add the line in .htaccess file.
SetEnv ENV_TYPE "DEV"
Allow the .ht file permission in apache conf (httpd.conf) file
Finally, it's automatically taken the Environment Variable as Dev
my fellow programmers
I do have a question about Apache2 and PHP.
Well, right now I'm trying to make a script that will create new "virtual hosts" from the PHP script, without using sudo command inside PHP.
The solutions with echo passwd | /usr/bin/sudo -S command are not really secure, and I won't use something like that.
Also, I've found the solution with a www-data ALL=(ALL) NOPASSWD: is as well not a solution.
Can someone please shed some light, which is the best solution for that, and what are the best protection measures? In case I need to use a sudo inside a PHP.
Of course, that script will have some part a making a new directory, cp-ing new site files inside a dir, etc...
This sounds like a incredible bad plan security wise. You have to edit apache config files and then reload or restart the apache2 server.
You could do it by editing the sudoers file to give the www-data user the right to reload apache and add a vhost configuration to apache that the www-data user has writing rights on.
Second option is to fake vhosts via php:
<?php
switch ($_SERVER['SERVER_NAME']) {
case "site1.example.com" :
require_once 'some_config_for_site_1.php';
// load scripts from site1 folder.
break;
case "site2.example.com" :
require_once 'some_config_for_site_2.php';
// load scripts from site1 folder.
break;
default:
http_response_code(404);
break;
}
Ok, this is a really bad plan for this, but somehow this is the best solution for this.
To do this in a proper way, I'll use the bash script, and I'll call that script from PHP.
$output = shell_exec("sudo /path/to/script/script.sh $SiteName $Domain");
script.sh
#! /bin/bash
#First parameter given by calling the script
sitename=$1
#Second parameter given by calling the script
domain=$2
#Directorium where are stored files of the web app
dirlocation="/var/www/$sitename"
#Creating a new directorium
mkdir $dirlocation
#Copying the defoult files of app to the just created dir
cp -R /var/www/someapp/* $dirlocation
#Creating the new configurationg file for Apache and VHost
vhost_script="/etc/apache2/sites-available/$sitename.conf"
cat > "${vhost_script}" << EOF
<VirtualHost *:80>
ServerName $domain
DocumentRoot $dirlocation
<Directory $dirlocation>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
EOF
#Enabling the site in Apache
a2ensite $sitename.conf
#Reloading the Apache
systemctl reload apache2.service
Also in order to do this from a PHP, I need to give www-data permission for running only that script with sudo.
To do so open the sudoers file (sudo visudo /etc/sudoers) and add the following line
www-data ALL=(root) NOPASSWD: /path/to/script/script.sh
I know this is maybe not the best solution, but this is what I've found for this purpose.
Disclaimer: This is only a showcase of how to do this, also the bash script here is a really simple one.
I'm trying to set a local environment variable to test my PHP app on a windows machine. I added SetEnv API_HOST /foo/bin in the file C:\Apache24\conf\httpd.conf and restarted the server by executing httpd -k restart at the command line.
In my app I check the variable $_SERVER['API_HOST'] and I always get null and it isn't null in the development server since the environment variable is set there.
I also tried to create confs files, set the env variable and include the files in the httpd.conf, but also doesn't work.
I was expecting this to be straight forward, but it seems something is missing. Any idea why it isn't working?
Thanks.
Sorry, forgot to answer earlier. It started working with the following in the httpd.conf:
<VirtualHost *:80>
DocumentRoot "path/to/project-root"
ServerName localhost
SetEnv API_HOST /foo/bin
</VirtualHost>
And restart the apache server by going to the path C:\Apache24\bin on the cmd and execute httpd -k stop and httpd -k start. I tried httpd -k restart several times before and didn't work, don't know why.
Cheers
I have setup apache according to this article
https://help.ubuntu.com/community/ApacheMySQLPHP
and I have created a new site config in /etc/apache2/sites-available/mysite
and changed the document root and directory to :
DocumentRoot /home/gapton/public_html
<Dictory />
..
..
</Directory>
<Directory /home/gapton/public_html/>
...
...
...
...
</Directory>
and I sudo a2dissite default && sudo a2ensite mysite to disable and enable them, restarted apache2 and things are working.
I then setup vsftpd and config the vsftpd.conf file to :
local_enable=YES
write_enable=YES
connect via Notepad++ with the user 'gapton' and I created a file called test.php under home/gapton/public_html. It would not be readable by Apache it seems. I did sudo chmod -R 755 ~/public_html and it would load alright.
However any subsequent files created via vsftpd will not be readable.
Since I have logged in to the only account gapton when connecting via FTP, then any newly created file should be owned by gapton right? What happens when apache tries to access a file/folder location, what credentials does it access it by?
How do I config it so that all files created by gapton can be read by apache? (Also, is it at all advisable?)
Thanks.
I found the problem.
In older version of vsftpd, the umask they apply when writing file was by default 022.
In the current version, such default value has been changed to 077. This mask read 4 write 2 and execute 1 for everyone except the owner.
Changing the umask value in the vsftpd.conf file back to 022 has solved my problem. Hope this help future users of vsftpd facing the same issue.
In my PHP code I am trying to access my linux system environment variable that I export in /etc/profile.
When I type "printenv" in my terminal, I can see that the variable (called MEMCACHED_1) set.
But my PHP doesn't see that variable, it's neither in $_ENV array nor can I access it with getenv function.
In my php.ini file I set variables_order = "EGPCS". That added a lot of variables to $_ENV, but MEMCACHED_1 is still not there.
What php.ini exactly do you mean? There are /etc/php5/apache2/php.ini (configuration used by scripts run by Apache module) and /etc/php5/cli/php.ini (configuration used by command line scripts). The latter has variables_order = "GPCS" as default setting on Ubuntu.
If you are running your code from command line, try changing /etc/php5/cli/php.ini and setting variables_order = "EGPCS".
If you are using Apache module, you may want to access needed variables as $_SERVER instead of $_ENV, or call getenv() before as comments here suggest: http://php.net/manual/en/reserved.variables.environment.php
UPDATE
Another thing to remember: PHP processes started by Apache module are run with user www-data (or whatever your User variable in Apache configuration says). So, you should also check printenv for correct user:
sudo su -l www-data -c 'printenv'
-- this should have line USER=www-data or something similar (not root, not your login). Make sure MEMCACHED_1 is set there.