i can't figure out how i should access the repository from a CakePHP project called fredistrano (you can do CakePHP deploys with a web 2.0 interface). i have fredistrano in my web broadcasting directory on a shared unix web server. when i use tortoisesvn from my laptop, i have to use svn+ssh://username#domain.com/svnpath/trunk/. i tried using the same thing in fredistrano, but i keep getting the svn command error "svn: Network connection closed unexpectedly". i copied and pasted the command: svn export --non-interactive --username myusername --password mypwd svn+ssh://myusername#mydomain.com/home/myusername/svn/mydomain.com/trunk tmpDir 2>&1 into my SSH terminal connected to the shared server and i get a prompt for a password, which i believe is actual a prompt for the SSH password and not the SVN password (see this post). fredistrano is failing because it can't deal w/ the SSH password prompt. i noticed in the fredistrano documentation that the example uses http://ipaddress/svn/test for the SVN URL. i copied my svn to my web broadcasting direrctory and tried this but get a connection refused error. my shared hosting provider is pretty strict and i doubt that i can use that. is there a way i can get svn+ssh to work w/ a PHP script like this (fredistrano is just using shell_exec() to execute svn commands)? is there a way i can get just get svn, http, or https working (or any other method that i don't know about)?
I am interested in this problem, too, and I hope that I'm close to the solution.
I haven't tried to put it into work in my application due to the lack of time and other high-priority tasks, but I guess that it should look something like this:
shell_exec(svn something svn+ssh://...)
$response = trim(fgets(STDIN))
[then check if the response contains password prompt text]
fwrite(STDOUT, 'yourpassword');
[analyze the next response and see if SVN has returned the requested information - log, info, whatever]
"svn: Network connection closed unexpectedly" most probably means that your host has restricted/forbidden access to other hosts. This might imply using sockets at all (SVN, HTTP, etc.) or maybe only non-HTTP. In this case you should try setting up your SVN server to allow HTTP requests (e.g. using mod_dav_svn for Apache).
This is only a guess - see my comment to your question.
How do you authenticate from your dev machine to the svn-server? You might be using a key to authenticate (Do you have putty pageant running?)
maybe check out the Subversion PHP Module (1.0.3) instead of wrapping shell_exec; it requires building from source, with phpize, ./configure and make (just built it against PHP 5.6 and Subversion 1.9.5)... while the Apache Module mod_dav (Subversion via HTTP/HTTPS) is not required for version control, rather an optional method of accessing the repository.
Related
I have developed a web app which shows information in real time from certain actions carried out by different users. For this I use websockets, built in PHP, in a local environment (WAMP) and works fine, but I need this to also work on an external server (web hosting service), which I only have access to through the CPanel and FTP.
Locally I make the websocket work executing next code line through Windows' CMD:
C:\wamp64\bin\php\php7.2.10\php.exe -q C:\wamp64\www\myapp\websocket_daemon.php
My question is, how can I achieve the same result in CPanel, or maybe there is another way?
It is not likely for a shared hosting environment (i.e. Apache with VirtualHost config, PHP, MySQL, and a CPanel interface) to support your websocket application.
For websocket to work, you need to either:
have a port dedicated to websocket in-bound connections; or
have a HTTP/HTTPS server that knows when to upgrade a connection and proxy pass to your websocket application.
To run your own websocket service, you should think about using Virtual Private Server services such as Amazon EC2, DigitalOcean VPS.
For that purpose you will need to have CLI (Command-Line Interface) access to the (Linux) server involved. Assuming that you have such access, running the WS service would look something like
./websocket_daemon.php
The small script assumes that you are in the appropriate folder. However, you need to resolve a few things before you get there:
Step 1: SSH support on your machine
You will need to ensure that your OS supports SSH. Your OS appears to be Windows, so you will need to either install Putty of Git Bash. Read about these technologies
Step 2 Generate an SSH key
In your CPanel, you will need to generate SSH keys:
Click on Manage SSH Keys
Click on Generate a New Key
Use the settings you prefer in order to generate a key, don't worry, you can remove the SSH keys at any time and recreate them if you realize that you prefer a different way to generate them
Read more here: https://docs.cpanel.net/cpanel/security/ssh-access/
SSH keys are composite keys, that is, it consists of a private and a public key. You can share your public key with anyone, but never ever send your private key to anyone. It should be on your computer and possibly saved to backups. Read more about SSH keys here: https://sectigo.com/resource-library/what-is-an-ssh-key
Step 3: Ensure that your computer uses the SSH keys you have generated for CPanel
You will need to tell your OS where the SSH key-pair is located, luckily this is not a new problem, see an exhausting discussion about this topic here: https://serverfault.com/questions/194567/how-do-i-tell-git-for-windows-where-to-find-my-private-rsa-key
Step 4: Test your SSH
Run the following command into your CLI that supports SSH:
ssh <username>#path
If there is no error, then you have successfully tested SSH and you are almost ready to proceed further
Step 5: Upload your Websocket script
You can do this via FTP, as you already know, but you can also do it via SCP. scp would not only use your newly created SSH connection and having fun with it, but it's also secure. Syntax:
scp file.txt remote_username#10.10.0.2:/remote/directory
Step 6: SSH to the server
See Step #4.
Step 7: Navigate to your file's location
Step 8: Ensure that you have the rights to run it
See more here: https://alligator.io/workflow/command-line-basics-file-permissions/
Step 9:: Execute the file
Run
./websocket_daemon.php
If this succeeded, then the job is basically done, you will need some script to run it upon startup and to manage it, but this is not strictly related to the question.
https://oracle-base.com/articles/linux/linux-scripts-running-in-the-background
https://smallbusiness.chron.com/run-command-startup-linux-27796.html
However, if the issue is not resolved yet, read further
Step 10: Ensuring WS support on server
You will need to set up your own WS support. Since you have managed to do so locally on your Windows, hopefully your know-how will work on the remote Linux as well. If not, read more here:
PHP Websocket server in Linux hosting
I'm using Windows 7 x64 Enterprise, IIS, and PHP 5.6.32 in my development environment. My application's website has the following settings:
Anonymous authentication: disabled
Windows authentication: enabled (Negotiate, Negotiate:Kerboeros, NTLM)
App Pool: domain account.
Other than the default PHP extensions, I have Microsoft's PHP SQL Server driver (3.2 version) used in Windows Authentication mode.
My production server is the same setup running on Server 2008 R2.
I am needing to use exec(), shell_exec(), etc. to execute an executable (pdftk if it matters). However, whenever I use any of these functions, I always get "Unable to fork XXX" in the PHP error log. I've tried runing whoami, ping xxx, and other simple commands with the same result. None of the typical shell functions will work--they always result in the same error. I have checked my php.ini file and verified those functions haven't been disabled.
However, in my production environment, I do not have this problem, and I have no clue why. It only seems to be affecting my development environment. During my research, I did stumble across this (http://tech.trailmax.info/2012/12/php-warning-shell_exec-unable-to-execute-on-iis-7/) which, for some reason, does fix my problem; but, it completely breaks my SQL Server Windows authentication (which I need).
I have also disabled my antivirus in hopes maybe it was the culprit. It was not.
While doing more troubleshooting, I did find that proc_open() does work. We are using Prince for generating PDFs and I noticed it was working, while my exec() wasn't. When I looked at the Prince class, I discovered it was using proc_open() which explains why it seems to work.
Does anyone know why exec() and the related functions seem to work without issue in my production environment and not my development environment? And why does proc_open() work but the other shell functions do not? Thanks!
Check the permissions on file 'C:\WINDOWS\system32\cmd.exe'.
You need read/execute permission on this file.
I would recommend using the sysinternals Process Monitor 'procmon.exe' to confirm the user that is trying to run 'cmd.exe'.
Filter on 'Process Name' is 'php-cgi.exe' and 'Path' ends with 'cmd.exe'. Look at the event properties for the task with the access denied error, and it will show you the 'Impersonating' user name. This is usually the 'Internet Guest Account', often 'NT AUTHORITY\IUSR'.
I wanted to post an update to this since I figured out the issue. The answer can be found here in the very last post by 1heer2351 at zonnet dot nl1:
Located the problem and have been able to fix it.
I am using a special user for my Application Pool (say AppPoolUser),
so PHP runs as this user. The new exec function uses
CreateProcessAsUser() with impersonation. This means that the
AppPoolUser must have the right to change the process level token.
You can assign this right to the user in the "Local Security Settings"
-> User Rights Assignment.
I have granted my AppPoolUser the "Replace a process level token"
setting -> fork error has gone.
Thought this might be useful information, so access is required to
cmd.exe but in addition the "Replace a process level token" setting.
This is exactly what I did. I had created a new App Pool User using my domain account. By default, the Replace a process level token setting includes DefaultAppPool. Since I created a new App Pool User, it was not included in this policy setting. Adding the App Pool User I created resolved my issue.
My company have a cloud dedicated server, hosted in google cloud, running centos 7 with apache2, php5.5 and mariadb running.
The webserver is running a private application for business clients and companys. Every client has his own database and subdomain, so they, and their own clients can access his applicacion going to http://theirname.example.net/
I've created an interactive command line script for client creation. It creates user and secure password, ftp custom folder, create mysqldatabase and populate it with a sql file, create subdomains and other thing. Also i've made another version of this script with no user interaction, receiving parameters as the client name via command line arguments ( /path-to/script.sh usertocreate mysqluser mysql pass).
So, here is the deal, i want to create a web interface, password protected, just available for my company IP address, this interface should be able to run these SH scripts (not the interactive ones) with sudo permissions.
I was thinking on create a subserver in other port (like http://example.org:2501) using another instance of apache (or other webserver) which runs with a specified user with sudo permissions enables only in the neccesary folders.
Before doing anything, i've created a PHP script which runs commands to console, and tried to run SUDO commands with that. Allowing apache user to sudoers list (just to make it work during develop). I could run these scripts from my web app without SUDO permissions, but they where not working at 100% (since some commands require SUDO). When i try with sudo i receive a code 127 error responde (permission problem).
I stopped there and decided to investigate the best way to do this.
I have full control of the server machine. Apache2 and everything normal is running well. (mariadb, proftpd with passive mode active -100 ports added- )
SELINUX is DISABLED. Firewalld Running
SSH is available for use
I can install another webserver in another port to accomplish this. If a lot of HTTPD configurations should be changed to accomplish this, i will preffer to install another webserver
I can also install any 3rd party software.
I'm a PHP Developer with low experience in other programming languages, if it's necesary to invoke any other programming language to do this (maybe like Python) i would love some docummentation links
Access to this web application would be limited only to my company's static ip address and will be protected
Any thoughts/ideas ? Thanks in advance
PS: If someone want to edit my text and add some colours and format, edition will be aprovved
EDIT TLDR: I want to run another httpd in another with a webapi. This webapi should can run console commands as SUDO. Access to this webserver will be limited to my company's IP. I'm not sure if this is the best way to do it and i want opinions. Also, i'm not pretty sure if its possible to run sudo commands from php without any trouble.
The situation
I have been developing in php and using wamp for the past 2 years. Then I come across a module to implement a chat system followed by instant notifications. So I go look it up and found this awesome "nodejs" that allows you to connect to connected users in realtime.
This guy nodejs socket.io and php uploaded a way to integrate nodejs socket.io and php without node server.
So I downloaded his project (github) and ran it on my computer but it gave
connection refused error from 8080 So,
I go to nodejs site and install nodejs on my system (windows). It automatically updated my environment variables and I could just go to my command line to run a example project as
path(...)node nodeServer.js
and then run the index file of the project from the shared link and it starts working. everything runs smooth and nice.
MY QUESTION
If without installing nodejs on my system I cannot run the node app in the small example project then how am I supposed to install nodejs on live server (apache) and use command line to start nodejs.
I know this might be too silly but I am really new to nodejs so I don't know if I can run node on live php server. If it is possible then can anyone tell me how can I do that ? or is it just an ideal situation and can't be done.
Node.js do not need to be installed with Apache. Node.js itself provide a server that would listen on a port. You can use Apache or Nginx to use proxy. You can run your application without these server also.
Create a file index.js using the code below and run node index.js
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(1337, '127.0.0.1');
console.log('Server running at http://127.0.0.1:1337/');
Open you browser and enter this url : http://127.0.0.1:1337/ You will see Hello World over there. In this case nodejs is listening on port 1337
If you are using cloud or VPS or any kind of solution that allows you full control of stuff installed, you can just install node.js there and run what you need...
https://github.com/joyent/node/wiki/installing-node.js-via-package-manager
some services will allow you to pick what gets installed... so you just pick nodejs and run it alongside your apache.
However, if you are using shared hosting solution, there is limited number of those actually even hosting node (if any) and solving this would be almost impossible for you.
Second Edit: Sorry for editing twice, but there is a thing with "no nodejs server" in mentioned stackoverflow post - there is actually a server and mentioned need to npm install certain modules... this is not right way to do this, but if you still want to try this you need node installed (and npm along with it) and then you need to npm isntall mentioned packages, add simple server file quoted in the post, run it and then have all you need for your chat...
If you need some help, ping me, but if this is time critical project, rather find some third party solution... and then learn about this one.
TLDR find a hosting service that'll give u admin and support firewall requests, or self host w/ a free dns subdomain and have a script update your ip so you dont have to pay for static.
My Experiences:
You can actually utilize node for input/output stream manipulation as well. Look at gulp and node for more info. Using bower and bluebird on top of a git project makes setting up apps very easy and quick via node.
As for using socket.io w/ a node/wamp setup, I've actually used this in the past. I had wamp installed on the server initially, but I used the apache directives to reverse proxy requests on 8080 to the node.js app from the client scripts.
I did have to install node separately, though, so you'll need something like ramnode maybe (I think they allow hosted apps like iis/mvc etc too).
Easiest hosting setup for development imo was self host wamp/node w/ a free subdomain from afraid.dns.
Otherwise ramnode gives you full access to admin features on your vm, i believe. So you may be able to install node there as long as you request firewall permissions when needed for xtra ports (socket.io used diff ports for requests on page so I didnt have to worry about CORs crap or anything).
I was wondering, whether knockd http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki would be a good was to be able to restart apache without logging into ssh. But my programming question was whether there is a way to send tcp/udp packages via PHP so I can knock via a webclient.
I am aware that this is not the safest way of doing it, but I will only want to do things like update the svn, restart apache without having any passwords in it like with using ssh to do that.
You may use fsockopen() functions... but what you are doing(and the way you are doing it) is very risky from a security standpoit.. as it had been said, ssh is the way:)
If you really want to restart the apache server by using remote access (non-ssh) you can create a small php-daemon, that just watches for a specific file,(ex: /tmp/restart.apache) and when that file appears run exec("/etc/init.d/apache restart") (or whatever the command is for your distribution). This daemon should run as root... and the thing is that the whole security thing is up to you this way, you have to make sure this cannot get arbitrarly executed...
Your portknock ideea... a simple port scanner may restart your apache by mistake:) portknock is recommented to be used in conjunction with a ssh auth , not directly with apache:)
Seriously, you do not want to do what your trying to do.
You should look into calling your remote server through some sort of secure protocol, like SSH. And on the client side, have a small PHP utility application/script that executes remote SSH commands (preferably with a keyfile only based authentication mechanism).
Why not have a PHP script that calls "svn update"? As long as the files are writeable by the user Apache runs as, it works great. Just hit that URL to update the website
For SVN you have whole PHP api, try search SVN on php.net