starting new project where users can register and system will automatically install cms system for users registered domain and need to solve dynamic setting of the server (apache).
Registration information and info about the associations between domains and actual paths to the cms installation on the server will be stored in Mysql database.
Is there an easy way to configure apache to connect for all unknown domains to a specific php script, which will look into the database and provide the actual path to the relevant cms - apache will than use this info to correctly handle the request?
I think, that "easier" solution might be to use PHP to write the domains/paths/config to a file and force apache to use this file to handle requests - however as I expect, that the number of the domains might be higher and case that some domain will be deleted will not be rare - the file might become full of unwanted rules soon and hard to optimize, also apache restart would be needed in order to use changed file etc..therefore the question about dynamic solution - that might be much easier to manage (for me and for the admin system itself).
Yes - use a wildcard vhost in apache, and mod_rewrite to direct all URLs to your front controller (or use the 404 document handler).
C.
Related
I rule a server where several users have their own webdir, set on /home/user/public_html.
Nginx is running as http.
Everything works OK, but if a php requires a file to be created, it outputs a permission error.
How may I fix this?
Is possible to tell nginx to create all files under /home/username as "username"?
Regards && TIA ^^.
Yes, this is possible. Actually it's not Nginx, it's the FastCGI PHP module which is acting as a specific user. There is a good explanation of how to setup a Debian/Ubuntu system to do that.
Additionally I would create two users and one group per account (e.g. user1, user1-www and user1-group). For FTP you can use user1/user1-group. But the FastCGI PHP module can be configured to act as user1-www/user1-group.
Now you can limit read and write access to the folders of one account.
Your clients are free to allow or forbid write access to any file or directory based on their requirements.
If a PHP process can modify PHP code, you are exposed to be hacked and sites to be manipulated. Limiting write access to data files only reduces this danger. If you are on your own I wouldn't mind but providing hosting services to other people increased your responsibility.
Nowadays, Developers and Professionals tend to use PHP templates because of two reasons. They are manageable and secondly, we don't need to advertise our technology as there are no question marks and .php extensions within the URL.
But how to make non-advertisement of your technology possible while sending a jQuery Ajax request to load a PHP file in a div. I mean we would, have to write $.get('phpfile.php') within the script and one can say that voa he is using PHP hmmmm.
Simply, I want to ask is there is any way of loading a PHP through request without advertising your technology as above told.
Some coding will be honored.
But how to make non-advertisement of your technology possible while sending a jQuery ajax request to load a php file in a div. I mean we would, have to write $.load('phpfile.php') within the script and one can say that voa he is using PHP hmmmm.
I don't get it. jQuery doesn't know about PHP files. If your website has 2 "public pages" www.example.com and www.example.com/foo, then you can access to the /foo page from the homepage with something like $.get("/foo"). Here I use AJAX, jQuery, and nobody knows if my page use PHP or whatever.
Then, you should look for mod_rewrite has explained by verisimilitude, but rewriting url is not the unique solution. Have a look to this site http://builtwith.com/ and enter a random url. Web servers send, by default, a lot of data about themselves, so you should avoid that behavior too if you want to "hide" the technology used. Have a look here http://xianshield.org/guides/apache2.0guide.html. It's "a guide to installing and hardening an Apache 2.0 web server to common security standards.". You may find useful information in there.
Edit
And also, "PHP templates" are not related to pages URL at all. For example, you could have multiple URL which use the same "PHP template".
mod_rewrite is the best answer for all your predicaments. Why not use it? The URL phpfile.php in your above code could be rewritten to achieve the obfuscation...
#pomeh. Good point.
See. two things can be done here.
1) Disable the APACHE signature. In the default configuration of Apache, any page served through it will contain a full signature of the server. Server signatures contain valuable information about installed software and can be read (and exploited). Therefore is it safer to turn off this behavior. This is how you do it. Open Apache’s configuration file (httpd.conf or apache2.conf) and search for ServerSignature . Set it to 'Off'. After that search for ServerTokens and set it to 'Prod'.
2) Set "expose_php" in php.ini to false: Exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header.
3) There are some php obfuscators available which also may be used. I will not recommend them since I've not personally tried them.
There are ways and means beyond these to hide the "technology". By default, a php enabled APACHE web server processes and interprets all files with .php extension. But we can bind any weirdo extension to hide the technology to be processed by the server..
I guess verisimilitude and pomeh already answered this question.
All web servers send information about themselves over the internet. You cant hide that.
If you want to hide file extensions, like 'aspx, php, asp, html' then you will need to use mod_rewrite under Apache or something like URL Rewrite under IIS7.
You can also set default documents under IIS7. This really only works once per web folder. For example you can set default.htm as one of the default documents. When a visitor goes to your website they type www.domain.com and they get a web page. That visitor is actually looking at www.domain.com/default.htm
I'm attempting to build an application in PHP to help me configure new websites.
New sites will always be based on a specific "codebase", containing all necessary web files.
I want my PHP script to copy those web files from one domain's webspace to another domain's webspace.
When I click a button, an empty webspace is populated with files from another domain.
Both domains are on the same Linux/Apache server.
As an experiment, I tried using shell and exec commands in PHP to perform actions as "root".
(I know this can open major security holes, so it's not my ideal method.)
But I still had similar permission issues and couldn't get that method to work either.
But I'm running into permission/ownership issues when copying across domains.
Maybe a CGI script is a better idea, but I'm not sure how to approach it.
Any advice is appreciated.
Or, if you know of a better resource for this type of information, please point me toward it.
I'm sure this sort of "website setup" application has been built before.
Thanks!
i'm also doing something like this. Only difference is that i'm not making copies of the core files. the system has one core and only specific files are copied.
if you want to copy files then you have to take in consideration the following:
an easy (less secured way) is to use the same user for all websites
otherwise (in case you want to provide different accesses) - you must create a different owner for each website. you must set the owner/group for the copied files (this will be done by root).
for the new website setup:
either main domain will run as root, and then it will be able to execute a new website creation, or if you dont want your main domain to be root, you can do the following:
create a cronjob (or php script that runs in a loop under CLI), that will be executed by root. it will check some database record every 2 minutes for example, and you can add from your main domain a record with setup info for new hosted website (or just execute some script that gains root access and does it without cron).
the script that creates this can be done in php. it can be done in any language you wish, it doesn't really matter as long as it gets the correct access.
in my case i'm using the same user since they are all my websites. disadvantage is that OS won't create restrictions, my php code will (i'm losing the advantage of users/groups permissions between different websites).
notice that open_basedir can cause you some hassle, make sure you exclude correct paths (or disable it).
also, there are some minor differences between fastCGI and suPHP (i believe it won't cause you too much trouble).
Is there a free PHP script that allows you to easily add a virtualhost?
I need to do this, because I'll be opening a free forum host, and want to allow users to use their own domain, aside from a free subdomain.
Restarting the server whenever you add a new domain to it could be problematic. If there was ever a problem writing the file, you lose all the sites, and if there is data cached (I'm thinking mainly about APC), you also lose the usefulness of the cache.
Having the default virtual host handle the new domains, and then having the PHP code acting according to $_SERVER['HTTP_HOST'] would be a more robust solution.
Easy way is to wildcard all domains to a set directory then there use mod rewrite to map the specific domains to specific directories or in the case of say a MU wordpress install you can use the domain to map to a user account.
you can edit the .htaccess file on the fly without restarting apache.
couldnt php create a vhost file which is included in the main vhost handle this?
using cron to determine weather there has been updates to the attached vhost you could reload apache
Im running a Drupal Multisite environment on a lamp (debian, apache, php, mysql) server.
My current workflow for a new project is:
Activate a subdomain on my company site (let's say the project will be foo.com, i activate foo.example.com)
Becose of plesk (that's a bit drupal unfriendly) my step are:
Create the new subdomain in plesk, php running in fastcgi mode
Create the database
Delete httpdocs folder, recreate it and make the sites folder
Make a simbolic link to every file into /var/www/vhosts/drupal folder (drupal code base) excapt of sites and tmp folders, robots.txt and .htacces files (that usually will be customized per domain)
Make the folder foo.example.com inside sites, symbolic link to /var/www/vhosts/drupal/sites/all folder, and then back a symbolic link from sites/foo.com to /var/www/vhosts/drupal/sites/foo.example.com (in order to make drush see all the domains to some multisite tasks, like crontab)
Install, configure drupal in the subdomain, doing everythings needed to complete the project
At this point, i need to switch the project from the subdomain to the final domain, foo.com, that will reside o my server too.
I dont like much some kind of other hacks like domain redirects, i want the final project to be a 'clean' (for what clean mean in a multisite environment).
Actually i do those steps:
Creating the domain (via plesk) and database;
Copy the subdomain httpdocs to the full domain httpdocs (cp -a /var/www/vhosts/example.com/subdomains/foo/httpdocs /var/www/vhosts/foo.com/httpdocs)
Change owner and group of httpdocs to match the domain's owner and group
Login into drupal, change webiste info, and filesystem paths.
This let me do what i want, but i have some trouble with node's html contents; espacially for those that contain links, images, and files, that (even if IMCE is configurated to use relative path), will point to /sites/foo.example.com/files/[...] instead of /sites/foo.com/files/[...].. this happen for cck filefields too.
As i said, i need a clean solution, i know i could make a symbolic link from /sites/foo.example.com to /sites/foo.com but i really dont like this way.
So far, i tryed to search/replace all the occourrence into the database sql dump:
sed 's/foo.example.com/foo.com/g' dump.sql > foo.com.sql
But this seem to brake somethings; I get many errors in boostrap file (in the cache unserialize step, even if i cleared all the cache before and after the db export/import) and looks like some utf-8 encoding get broken.
I know the best deal will be to set the development area on a local server, but i need my customer to reach it from outside.. and our adsl situation (static IP and so on) is a bit wired.
Any idea?
p.s: sorry for my bad english, if my question is not clear enought let me know and i'll provide more details)
Your steps are basically what I do, but I am not using Plesk or doing a multisite installation. I just create a new vhost in a VPS instance, and cp -a the docroot, and reconfigure for a new database DSN.
Regarding the SQL problems, I typically edit the SQL dump in a UTF-8 clean editor to prevent that problem. On Windows, I use Notepad++.
I then restore the database, clean all caches, edit settings, and run cron. I will also typically rebuild the search index.
This sequence normally works.
The bootstrap problem likely has to do with the variables table. When you serialize a string (or something with an string), the length gets stored, too. I will do the search and replace, then open up MySQL Query Browser, and search for rows in variable table with the domain name, and fix the lengths by hand. The other option is to determine which option is being stored, and then recreate the setting.