Here is my actual configuration vhost conf on each of my domains :
<VirtualHost *:80>
...
php_value error_log /var/log/php-logs/domainName/error.log
...
</VirtualHost>
What can I do to keep this path (one directory by domain) but to split the php logs by day (20131218.log, 20131219.log, etc. instead of error.log) ?
Wrikken (see comments) suggests simply using logrotate - but in order for this to work, you need to close and reopen every file handle referencing the log - if you are using a Linux distribution with logrotate already configured for Apache and PHP is invoked via mod_php and you don't mind the interruption to the service, then you just need to add this file to the logs rotated for Apache. But this becomes very messy if you want to keep your server up or you are using php-fpm. But you didn't tell us about the webserver, the operating system or the SAPI version.
Other solutions
(on Linux/Unix/BSD) use the system logging daemon (error_log=syslog) nd configure that to rotate the logs
on Apache, if the error_log is ini is unset, then errors are sent to stderr, and Apahce writes these to it's error log: and you can configure this to run via a bundled filter which automatically rotates logs
Related
in /usr/local/nginx/logs/ I have a huge www.access.log file.
It grows undefinitely (last time I truncated it was 3.5 GB) with a new log entry every time a php script is called.
Every line looks like this:
- - 21/Feb/2016:00:59:09 +0100 "GET /index.php" 200 /absoulute-path/index.php 10,373 1280 96,40%
The file is written by php-fpm process
Browsing thru the various configuration files (nginx, php.ini....) I cannot find the directive to write logs to that file.
How can I disable it?
Given the format and the informations provided in the sample log entry posted in the question the huge log file has nothing (directly) to do with nginx nor with its configuration files, despite it's located in .../nginx/logs/
That ....access.log file is written by php-fpm worker processes when a specific option is set into php-fpm's configuration file php-fpm.conf
The file (on my server) is located into /etc/
At some point in the configuration file there is:
; The access log file
; Default: not set
; access.log = /usr/local/nginx/logs/$pool.access.log
By default that option is not set and should remain unset; as far as I know the log file it produces is used to test php-fpm proper operation.
If the line is uncommented by removing the semicolon...
; The access log file
; Default: not set
access.log = /usr/local/nginx/logs/$pool.access.log
...then a .access.log file prefixed with the pool name (www in the case exposed in the question) is generated. And it grows quickly as each time a php script is run due to a request a new log entry is appended.
You have to change the nginx.conf configuration file in this way:
server {
(...)
access_log off;
}
nginx.conf is located in /usr/local/nginx/conf, /usr/local/etc/nginx or /etc/nginx
See more here
Edit: see also How to disable Nginx logging, Disable access logging and ngx_http_log_module
Disable this is not a good practice .
Those files can give your very sensitive and informative information about your site visitor .
You can make some changes to make log files take a smaller space and easy to maintain.
You can make compression , Log Rotation to avoid filing up disk space and manage your log files .
Please check this link.
I am with Linux the 5th day only.
I am used to XAMPP based projects in Windows, where everything is out-of-box and easy.
But unreadable cyrillic letters in GitBash (when typing ls -la), file names no longer, than 256 symbols and absolutely non-secure access to non-public project folders forced me to switch to Linux Mint 17 KDE (Debian - Ubuntu fork).
After long searches in Internet I did all that is mentioned below.
I am absolutely frustrated with fact that when I type in browser address bar my first PHP script with <?php phpinfo(); inside (http://site1/foo.php) - everything is OK.
However the second (e.g. bar.php), the third (start.php) etc. scripts from the same folder - ERROR (no such file on server).
I made different sets of scripts in ~/server/site2 and ~/server/site3 and the necessary commands.
I made different parent folders (server2, html, sites).
I cleared Firefox cache.
The result is the same: the first script in a newly created folder is OK, - all the following ones - FAIL.
Any ideas?
Here is the code https://yadi.sk/d/Vi4VVho3bN3Ps
Sorry, I don't have comment ability yet but just so you know, you can use XAMPP on Linux, however it is generally not recommended outside of development.
SOLVED.
According to http://httpd.apache.org/docs/2.2/en/vhosts/ I needed Name-based Virtual Hosts (More than one web site per IP address) described here http://httpd.apache.org/docs/2.2/vhosts/name-based.html.
For this I needed to uncomment or create NameVirtualHost *:80 directive in httpd.conf.
However, here https://wiki.apache.org/httpd/DistrosDefaultLayout#Debian.2C_Ubuntu_.28Apache_httpd_2.x.29: is stated that debian based linux distros use two config files (/etc/apache2/apache2.conf and /etc/apache2/ports.conf) instead of classic httpd.conf one.
Neither of my two config files had NameVirtualHost *:80 directive.
Therefore, I created it in /etc/apache2/apache2.conf.
This didn't work even after checking access rights to folders and files in my user folder (644 instead of 755 also OK) and sudo a2dissite site1.conf, sudo a2ensite site1.conf, service apache2 reload.
I made PC reboot - and voila! - I see my virtual hosts in browser.
I'm currently in the process of moving a Wordpress and Drupal website from a hostgator account to a VPS purchased by the client. The VPS has "WHM vps" installed.
I've had a whole lot of problems with this for such a simple task (such as the provider having deprecated configuration options in the my.cnf file causing MySQL to not startup correctly, and having to import a ridiculously large database from Drupal causing all sorts of problems).
But the most recent problem I've run into is the site simply not executing and just returning an Error 500. PHP is installed, but I can't find the PHP5_Module in the Apache Modules, instead there is "suphp_module" which is a shared module. PHP Error Reporting is switched on, as is error reporting in the .htdocs file.
If I add AddType application/x-httpd-php .php to the mime type it just causes the PHP files to download upon being loaded.
I'm honestly running out of ideas here, is it because php is not correctly installed, do I have to reinstall php5?
EDIT: Added the Apache Logs, not sure if the first line has anything to do with it however.
SoftException in Application.cpp:357: UID of script "/home/creative/public_html/index.php" is smaller than min_uid
Premature end of script headers: index.php
You have to assign the php to other owner and group as it is probably assigned to root:root that isn't secure, so the system prevent the execution
You can assign the webserver user and group that is likely to be apache if you're running httpd
I am trying to access a file /etc/ipsec.conf from the PHP code. The code was tested firstly on the windows server, at that moment I have given the access to c:\abc\ipsec.conf.
The access was given in httpd.conf in wamp using this
<Directory "c:/abc/">
Allow from all
Deny from none
Order allow,deny
</Directory>
Now when I tried testing the code in the Suse Linux I am receiving this error
**Warning: fopen(/etc/ipsec.conf) [function.fopen]: failed to open stream: Permission denied in /srv/www/htdocs/nsg/_ipsec.php on line 6**
I have given 777 permission to the /etc directory and also to the file. The directory /etc is also added to the httpd.conf, but still I am receiving the same error.
As some comments point out, giving 777 to /etc is a bad idea.
To get access from within your php script, you should change the group (see chown) of the file to the same group apache/php is operating and give proper group permissions via chmod. For security sakes, apache only should have access to that only file in /etc.
edit If you're using SEliunx or something similiar, this may not work. I just wanted to point out the general way to go (which is not 777-ing files).
And, of course, sanitize your inputs, prevent path traversal, and be paranoid.
edit 2
Note: When safe mode is enabled, PHP checks whether the directory in
which the script is operating has the same UID (owner) as the script
that is being executed.
So you should really make sure that, with safe-mode on, the wwwrun user is in the same group that owns /etc (WAIVING A RED FLAG ABOUT SECURITY CONCERNS HERE). Otherwise, you just apply this to the conf file you want to read-write to.
But, for satisfying security and permissions, Apache2 suEXEC may be the solution for you.
The suEXEC feature provides Apache users the ability to run CGI and SSI programs under
user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI
program executes, it runs as the same user who is running the web server.
Sou you'd just create an independent user.
I propose you to write a SUID helper executable which changes /etc/ipsec.conf as required by your PHP script. Then, you PHP script could execute your SUID executable to issue the required commands.
This solution is pretty secure. Your SUID executable could make sure only authorized changes are being done to ipsec.conf, which adds another layer between your webserver and the critical file.
If you are careful, you could write the helper executable in PHP. In this case you would have to use sudo (and configure /etc/sudoers accordingly) as script cannot be directly made SUID.
I just want my apache to register some of my predefined environment so that i can retrieve it using getenv function in php. How can i do this? I tried adding /etc/profile.d/foo.sh with export FOO=/bar/baz using root and restarted apache.
Environment variables are inherited by processes in Unix. The files in /etc/profile.d are only executed (in the current shell, not in a subshell) when you log in. Just changing the value there and then restarting a process will not update the environment.
Possible Fixes:
log out/log in, then start apache
source the file: # . /etc/profile.d/foo.sh, then restart apache
source the file in the apache init script
You also need to make sure that /etc/profile.d/ is sourced when Apache is started by init rather than yourself.
The best fix might also depend on the distribution you are using, because they use different schemes for configuration.
You can use SetEnv in your config files (/etc/httpd/conf.d/*.conf, .htaccess ...). Additionally you should be able to define them in /etc/sysconfig/httpd (on RPM-based distribs) and export them (note: not tested).
Note: it wouldn't surprise me if some distributions tried quite hard to hide as much as possible, as far as system config is concerned, from a publically accessible service such as Apache. And if they don't, they might start doing this in a future version. Hence I advise you to do this explicitly. If you need to share such a setting between Apache and your shells, you could try sourcing /etc/profile.d/yourprofile.sh from /etc/sysconfig/httpd
Apache config files allow you to set environment variables on a per site basis.
So if your web server is serving pages from two logical sites you can have the same environment variable set differently for each site and thus get your PHP to react differently.
See the Apache mod_env for details:
If you need env vars for Apache only, what worked for me was editing the /etc/apache2/envvars and restart of Apache. I added these settings:
export LANG='en_US.UTF-8'
export LC_ALL='en_US.UTF-8'