** Preface: I don't know much about networking. If i described the set up wrong, I'll try again. **
I have a server cluster of serverA, serverB, and serverC all behind a firewall and on a switch. I want to move a file from serverA to serverB programmatically. In the past when I had to move a file on serverA to another location on serverA I just call exec("sudo mv file1 /home/user/file1"); Can I still do this when multiple servers are involved?
EDIT: All great responses guys. I look into how the server's is cluster and find out if it's a mount or what's going on. Thank you EVERYONE! You guys are my hero!
If you use a common share like nfs that is mounted to all the servers, you can use mv on a file.
If you don't have that option, you can transfer the file to another server using scp or rsync.
Well first of all you should use the native functions to move files around. See rename: http://us2.php.net/rename. It would just mean that you need to make sure the permissions are correct in both locations (likely they need to be owned by the apache user)
But in answer to your actual question it really depends on the setup. Generally another server you could move files to would have a mount point and it would look like any other directory so you wouldn't need any changes to your code at all. This is probably the best way to do it.
If you have to use FTP or something like that you'll need to use the appropriate libraries for whatever protocol required.
While this option is probably a bit too complicated to set up, let me point to UDP hole Punching.
If the addresses of all servers are know and fixed, it is able to traverse firewalls and NATed networks.
In principle, portpunching works like this:
Let A and B be the two hosts, each in its own private network; N1 and N2 are the two NAT devices:
A and B try to create an UDP connection to each other
Most likely both attempts fail, since no holes are prepared yet
But: The NAT devices N1 and N2 create UDP translation states and assign temporary external port numbers
A and B contact each others' NAT devices directly on the translated ports; the NAT devices use the previously created translation states and send the packets to A and B
This even works, the addresses of A and B are unknown to each other. In this case, one needs a public known intermediate system S. See the Wikipedia article to learn more.
you can use the linux command line tool SCP to copy files over a network via SSH
make sure SSH certificates are configured on the servers.
Example:
exec("sudo cp [-Cr] [[user#]ServerA:]/path/to/file [more...] [[user#]SERVERB:]/path/to/file
Related
I have a webpage that currently takes an upload from a user and stores this into a directory (/upload). [Linux based Server]
I am looking for a way instead of storing this on the server/in that directory to instead transfer the file onto a local machine. [Running Ubuntu 12.04]
Assuming I already have public/private keys setup how might I go about doing this?
Current Ideas:
ftp transfer
rsync
Ideas:
1) Stop running anything on the server, and forward every byte to your local box. Just run ssh -N -R :8080:localhost:3000 remote.host.com This will allow anyone to hit http://remote.host.com:8080 and get your port 3000. (If you do port 80, you'll need to SSH in as root.) Performance will be kinda bad, and it won't be that reliable. But might be fine for real-time transfer where you're both online at once.
2) use inotifywait to watch the upload dir on the server, and trigger rsync from the server to your local box. (Requires exposing SSH port of your box to the world.) If you sometimes delete files, use unison bidirectional file sync instead. (Although unison doesn't work on long filenames or with lots of files.)
3) Leave the system as-is, and just run rsync from cron on your local box. (Ok, not realtime.)
Of course, most people just use dropbox or similar.Alghough
i want to statically assign the ip address of my arch linux using php. i want to change the ip by using netmask,interface,broadcast,address & gateway.the user puts up the values into a html page.the html page posts the data to the php page.i want to change the ip using this data. HOW TO DO THIS!!
Files also can be used!! right?
..i was thinking of writing directly into the rc.conf using files!!...will this work and how??..i have my arch linux up with apache & php..any of the help is appreciated!!...thanku..:)
You should write yourself a shell-script and launch that via PHP, instead of trying to accomplish such a task with PHP itself.
If you don't know how to do that, you should ask a related question https://unix.stackexchange.com/.
Why would you use PHP to attempt to configure a server?? You should configure the server using pre-existing tools and commands that are designed for that purpose.
$su
# ifconfig <interface, tpyically eth0> down
# ifconfig eth0 192.168.1.105 netmask 255.255.255.0 up
# ifconfig eth0
You COULD wrap those commands in an exec() statement, but I don't see a PHP script having the necessary system permissions to complete them successfully.
In normal condition, you may be not able to do it from web server directly due to security.
There are several problems like permission on /etc files, security context of user in which apache run etc.
One secure way is to create cron task which will run under root account and regularly check for existence of some file which can be generated by apache (php).
Once file will appear you can reconfigure whatever using ifconfig within cron task with appropriate privileges based on content o this file.
Don't forget that your apache should be configured to use all interfaces and not realy on IP based VirtualHosts or you will immediately lose connection to it.
I currently have a web server and a file server on my lan; both have static IP's on the LAN, and the router forwards inbound port 80 traffic to the web server, so the file server is only accessible internally.
I'm toying with the idea of writing a small PHP app that will let me interact with the file server via the web server. So, I wouldn't change anything at the router level - anyone scanning my public IP would still only find port 80 on the webserver.
My questions are pretty high level and don't necessarily have a "right answer". I can see a few ways of doing this, and then looking to open it up for input / ideas.
One is to exec ssh from the webserver to the fileserver, and just run shell commands via exec(ssh) that return directory listings, scp files that I upload, etc. This way is no better than giving someone root on my fileserver if they compromise my php front end, so I'm not too keen on that idea, but am considering it.
Another way would be to just duplicate the contents of the fileserver to the webserver drive, and sync them up periodically, but that's impractical and defeats the purpose of having a central file server, so I've pretty much already dismissed that idea.
That's about all I have so far. Anyone have thoughts or opinions?
You can setup a SFTP chroot jail. What this means is that an authorised account can SFTP in but never have access to a shell. You can also keep an eye on acces via lastlog as well as sshd logs.
Do configure your sshd for key-pair logins as well for the most security. The advantage is you can provide multiple access to a 'common' SFTP account - if the need arises. Just add all the public keys to the target accounts .ssh/authorized_keys2.
This should help:
http://ubuntuforums.org/showthread.php?t=858475
I am trying to limit traffic to my website so that people trying to screenscrape mass amounts of data will be blocked after a while. I am supposed to do this based on the IPs of incoming requests. I believe I have the IP-limiting functionality written but, I'm stumped on how I can test it. I need to be able to change my IP address many times, to simulate valid traffic. I also need to test >20 different IPs, so a proxy solution for each one will not work for me.
I am testing the code on my local machine (running Ubuntu) so I can change my server settings (Apache) if I need to for this test.
I'm behind a corporate network so I cannot change MAC address/ARP settings to be "re-assigned" a new IP. I was hoping for some sort of localhost IP-changing type thing, so I could take advantage of the fact that the server and client were the same machine.
Also, I was trying to avoid changing the code before it is rolled out to production servers, but that may be the best way to do it.
How can I set this up?
Well, what you could do is instead of actually checking the IP do something like this:
$ip = '1337.1337.1337.1337';
Instead of:
$ip = $_SERVER['REMOTE_ADDR']
And then go on to do your IP checking code.
So then when you are done you could make your $ip variable code look like this:
//$ip = '1337.1337.1337.1337';
$ip = $_SERVER['REMOTE_ADDR']
So you can easily turn on and off the "debug switch"
EDIT:
Or even make the IP dynamic:
$ips = Array('192.168.1.220', '120.843.592.86', '256.865.463.563');
$ip = $ips[rand(1,count($ips)-1)];
You can easily do that by running the following command on linux:
ifconfig eth0:0 127.0.0.2
ifconfig eth0:1 127.0.0.3
etc... (creating fake local interfaces)
You may have to configure apache to listen on those ips if you're not listening on 0.0.0.0 (all interfaces), then you can directly access those IPs.
If you want to use other ips, you can easily do that too, but remember to remove them once your tests are done.
This will only work from your local machine, to your local machine.
There are many ways you can test this. The easiest way imo would be to create a list of ARP entries where the IP addresses you are impersonating point to the MAC address of the server. You could then write a simple app that sets the src address to each of the impersonated IP addresses, connect and send whatever HTTP request you want. The server should reply just fine.
You want to consider doing this at the firewall level (if not the corp border firewall than a SW firewall on your host). There are many situations where an abusive host can still take down or affect performance on your site if you are only limiting them at the application level. They are still consuming sockets on and web server worker threads even though you end up rejecting them. You may even have some code that has some expense before the IP check. It really all depends on how lightweight your application is, but one thing is sure, a firewall, whether hardware or sw, can block unruly clients way more efficiently than your application can.
This answer is probably overkill for this application, but I like using tcpdump / libpcap, winpcap, and raw sockets for generating traffic. You not only have great control over the volume going to and from your application, you learn a lot about what you can expect firewall/traffic filter settings to do for you and what kinds of traffic is being blocked that you didn't expect (or that you don't want blocked).
use the random function and set limit to rand(0,255) and concat string in to the IP format. when ever you calling you will get new IP address
I am having the following difficulties:
Three servers A,B,C : A,B in the same network domain; C in another.
PHP scripts executing on server A write to a shared folder on server B.
The same scripts executing on server C fail to write to server B.
PHP looks something like this:
oject->Output('\\\\serverB\\sharedfolder\\file.dummy');
Is there any way I can make this script work elegantly on server C?
When I remote-desktop to server C and want to see the contents of \\serverB\sharedfolder, a login prompt pops up and asks for a user name and password. This I can provide and subsequently access the shared folder on server B. But how could I do this from a PHP script? Is it possible?
The formats are:
UNC — \\servername\sharename%username:password
URL — smb://[[domain;]username[:password]#]server[/share[/path]]
I think the easiest option with security in mind would be to write the content from server C in to a socket where server A,B reside and have an additional script which will save the content written from the socket to your shared folder.....
http://www.php.net/manual/en/function.fsockopen.php