restart apache via php

Discussion in 'Programming/Scripts' started by BlackGhost, Feb 14, 2007.

  1. BlackGhost

    BlackGhost New Member

    Hello,

    For the moment I'm setting up a configuration with apache as loadbalancer for jboss in cluster using the ajp13 with the mod_jk. Each jboss-instance runs on a seperate IP. So I've created virtual hosts for each IP on port 80 and 443. Now I want to setup a virtual host on the main IP on port 8443 where I can create a little control panel to automaticly generate vhost files and JBoss instances. My goal is to manipulate the server only via this contral panel. Therefor I need someting to restart apache gracefully in order to take count of the new created vhost-files.
    I found the exec command in php and I to restart http I use /etc/init.d/htpd graceful

    Now how can I put this together in a form with buttons. Do I have to do something for the user that runs the script?

    Please help!!!
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Your control panel would have to run as root to be allowed to restart Apache. If your control panel runs under an Apache vhost (on port 8443), this won't work.
     
  3. sjau

    sjau Local Meanie Moderator

    Code:
    <?php
    
    $submit = $_POST['submit'];
    
    if($submit == "Restart") {
    
    $message = '<p>Apache is being restarted</p>';
    exec('/etc/init.d/httpd graceful');
    $message .= '<p>Apache was restarted</p>';
    
    }
    echo '<html><head><title>Apache Restart</title></head><body>';
    echo $message;
    echo '<form action="" method="post">
    <input type="submit" name="submit" value="Restart"></form>';
    
    ?>
    
    Something like that should do it.

    Save that file, chown it as root and make it 0777 (for testing)... if it works chmod it to rxrxrx
     
  4. martinfst

    martinfst Member Moderator

    To execute a script as root, you should probably set the setuid bit:
    Code:
    chmod +s filename
    However, setting the setuid bit for a script, which is activated by your webserver, is a security risk.

    The alternative is to set a 'flag' somewhere (e.g. by creating a dummy file) and have a root cron script check if that file exists. If exists, restart apache and remove the flag file. Of course there are other mechanisms possible. You could have the crontab scan/run every minute. That way it will only take a minute before action is taken.
     
  5. ctql

    ctql New Member HowtoForge Supporter

  6. martinfst

    martinfst Member Moderator

    Sorry, I wasn't complete. The workaround you found is a correct/complete solution. However, keep in mind there's still a security risk. Make sure you sanity / check every input string in your PHP sripts that calls this suid executable.
     
  7. falko

    falko Super Moderator Howtoforge Staff

    There is a background daemon running as root, /root/ispconfig/sv/ispconfig_wconf, which checks every 10 seconds if the file /home/admispconfig/.run exists. If it exists, the ispconfig_wconf process starts the update process (as root).
    The /home/admispconfig/.run can be created by the Apache user.
     

Share This Page