gpt4 book ai didi

php - 如何通过 nginx/php 执行 bash 脚本

转载 作者:太空宇宙 更新时间:2023-11-03 13:22:19 34 4
gpt4 key购买 nike

我的目标是为那些想要将他们的站点添加到我的 CDN 服务的人提供一种自动生成 SSL 证书的方法 (https://hostcloak.com)

这是通过 SSH 运行的脚本,但当我尝试通过 php 执行它时却不行

exec("sudo sh /var/autossl $domain 2>&1", $output);

这是 bash 脚本:

#!/bin/bash

domain=$1

# Set up config file.
cat > /etc/nginx/sites/$domain.conf <<EOF
server {
listen 80;
server_name *.$domain;
root /var/www/$domain;
}
EOF

nginx -s reload

#########################################

set -o nounset
set -o errexit

mkdir -p /var/www/$domain

# Set up config file.
mkdir -p /etc/letsencrypt
cat > /etc/letsencrypt/cli.ini <<EOF
# Uncomment to use the staging/testing server - avoids rate limiting.
# server = https://acme-staging.api.letsencrypt.org/directory

# Use a 4096 bit RSA key instead of 2048.
rsa-key-size = 4096

# Set email and domains.
email = admin@hostcloak.com
domains = $domain

# Text interface.
text = True
# No prompts.
non-interactive = True
# Suppress the Terms of Service agreement interaction.
agree-tos = True

# Use the webroot authenticator.
authenticator = webroot
webroot-path = /var/www/$domain
EOF

# Obtain cert.
certbot-auto certonly

# Set up daily cron job.
CRON_SCRIPT="/etc/cron.daily/certbot-renew"

cat > "${CRON_SCRIPT}" <<EOF
#!/bin/bash
#
# Renew the Let's Encrypt certificate if it is time. It won't do anything if
# not.
#
# This reads the standard /etc/letsencrypt/cli.ini.
#

# May or may not have HOME set, and this drops stuff into ~/.local.
export HOME="/root"
# PATH is never what you want it it to be in cron.
export PATH="\${PATH}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

certbot-auto --no-self-upgrade certonly

# If the cert updated, we need to update the services using it. E.g.:
if service --status-all | grep -Fq 'apache2'; then
service apache2 reload
fi
if service --status-all | grep -Fq 'httpd'; then
service httpd reload
fi
if service --status-all | grep -Fq 'nginx'; then
service nginx reload
fi
EOF
chmod a+x "${CRON_SCRIPT}"

#####################################

# Set up config file.
cat > /etc/nginx/sites/$domain.conf <<EOF
server {

listen 80;
server_name *.$domain;
location / {
proxy_set_header x-real-IP \$remote_addr;
proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header host \$host;
proxy_pass http://google.com;
}
}

server {
listen 443;
server_name *.$domain;
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header x-real_IP \$remote_addr;
proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header host \$host;
proxy_pass http://google.com;
}
}
EOF

nginx -s reload

“autossl”在通过 ssh 控制台直接使用时工作,但是当我通过 php 的 exec 函数尝试它时,它说“找不到命令”用于“nginx -s reload”

所以我的问题是:如何通过 PHP 实现此目的(它必须由我的网站自动执行)

最佳答案

想想你想在这里做什么。您要求 www-data (或您的网络服务器运行的任何用户帐户)发出 sudo 命令。它可能甚至没有 su 特权。即使是这样,当您第一次尝试使用 sudo 时会发生什么?您必须输入密码...

您可以单独禁用密码要求,但我不建议授予 www-data sudo 权限。让您的网站向数据库或其他东西添加请求,并每隔几分钟从具有 su 权限的用户那里作为 cron 作业轮询,并让该帐户执行 su 操作

关于php - 如何通过 nginx/php 执行 bash 脚本,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46800984/

34 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com