如何通过nginx/php执行bash脚本
如何通过nginx/php执行bash脚本
提问于 2017-10-18 08:12:38
我的目标是为那些想要将他们的站点添加到我的CDN服务(https://hostcloak.com)的人提供一种自动生成SSL证书的方法。
下面是通过SSH工作的脚本,但当我尝试通过php执行它时,它就不能工作了
exec("sudo sh /var/autossl $domain 2>&1", $output);下面是bash脚本:
#!/bin/bash
domain=$1
# Set up config file.
cat > /etc/nginx/sites/$domain.conf <<EOF
server {
listen 80;
server_name *.$domain;
root /var/www/$domain;
}
EOF
nginx -s reload
#########################################
set -o nounset
set -o errexit
mkdir -p /var/www/$domain
# Set up config file.
mkdir -p /etc/letsencrypt
cat > /etc/letsencrypt/cli.ini <<EOF
# Uncomment to use the staging/testing server - avoids rate limiting.
# server = https://acme-staging.api.letsencrypt.org/directory
# Use a 4096 bit RSA key instead of 2048.
rsa-key-size = 4096
# Set email and domains.
email = admin@hostcloak.com
domains = $domain
# Text interface.
text = True
# No prompts.
non-interactive = True
# Suppress the Terms of Service agreement interaction.
agree-tos = True
# Use the webroot authenticator.
authenticator = webroot
webroot-path = /var/www/$domain
EOF
# Obtain cert.
certbot-auto certonly
# Set up daily cron job.
CRON_SCRIPT="/etc/cron.daily/certbot-renew"
cat > "${CRON_SCRIPT}" <<EOF
#!/bin/bash
#
# Renew the Let's Encrypt certificate if it is time. It won't do anything if
# not.
#
# This reads the standard /etc/letsencrypt/cli.ini.
#
# May or may not have HOME set, and this drops stuff into ~/.local.
export HOME="/root"
# PATH is never what you want it it to be in cron.
export PATH="\${PATH}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
certbot-auto --no-self-upgrade certonly
# If the cert updated, we need to update the services using it. E.g.:
if service --status-all | grep -Fq 'apache2'; then
service apache2 reload
fi
if service --status-all | grep -Fq 'httpd'; then
service httpd reload
fi
if service --status-all | grep -Fq 'nginx'; then
service nginx reload
fi
EOF
chmod a+x "${CRON_SCRIPT}"
#####################################
# Set up config file.
cat > /etc/nginx/sites/$domain.conf <<EOF
server {
listen 80;
server_name *.$domain;
location / {
proxy_set_header x-real-IP \$remote_addr;
proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header host \$host;
proxy_pass http://google.com;
}
}
server {
listen 443;
server_name *.$domain;
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header x-real_IP \$remote_addr;
proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header host \$host;
proxy_pass http://google.com;
}
}
EOF
nginx -s reload"autossl“在直接通过ssh控制台使用时有效,但是当我通过php的exec函数尝试它时,它显示”命令找不到“用于"nginx -s reload”。
所以我的问题是:我如何通过PHP实现这一点(它必须由我的网站自动完成)
回答 2
Stack Overflow用户
发布于 2017-10-18 09:58:02
想一想你在这里想要做什么。您正在请求www-data (或您的www服务器运行时所使用的任何用户帐户)发出sudo命令。它甚至可能没有su特权。即使是这样,当您第一次尝试使用sudo时会发生什么呢?你必须输入你的密码...
您可以逐个禁用密码要求,但我不建议授予www-data sudo权限。让您网站将请求添加到数据库或其他内容,并每隔几分钟轮询一次具有su权限的用户的cron作业,并让该帐户执行su操作
Stack Overflow用户
发布于 2017-10-18 08:18:05
快速回答:在exec函数中将sh替换为bash,或者修改脚本以使用sh
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/46800984
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号