Hi

I was wondering, how can I run php scripts on another port, say 81 instead of 80 and grant permission to issue commands like 'service httpd restart' service cpanel restart , mv , rm etc..

Any idea ?


Harris

How does litespeed webserver's admin panel work ( which is made with PHP ) in another port ? The admin panel can perform tasks such as 'service lsws restart'

So run another web server on port 81 that is an interface to restarting other services? What if that service goes down? Imo, just stick to restarting things in ssh.

Anywho to answer the question, yes, it is possible just install another web server to run on port 81 instead of the default 80 and write a custom php application.

So, that means, install another webserver on port 81 and perform ssh commands using custom made php script ?

I have another doubt. So , can't we perform the same commands on 80 with apache and php compiled with apache ?

Actually what I am trying to make is a simple php script which runs on another port , say 81, and has root power to perform any tasks including the rebooting of server, restarting services etc. Is that possible ?

Or atleast perform some file modifications and executions of files , within the allowed path.

You're over thinking the matter.

If you're using an application on port 81, or port 80 to restart services, it is no matter what using ssh commands in some form, whether its direct or indirect.

I don't see a point in using port 81 or having another application to restart services on a server, its 1 more thing to worry about security.

My suggestion is to use a port monitoring service, and if a problem occurs ssh into the server and fix it that way, not rely on another web application to restart the services for you, because what happens if that service goes down as well? You're **** out of luck.


Yes it is possible. Will i show you how to do it? No, if you provide code to look at, then I will gladly assist you. But i don't recommend it at all, as it is a security risk imo. You already have cpanel.. what do you need this script for? You're trying to develop a control panel on top of a really powerful control panel from the sounds of it.. useless if you have cpanel.

You're trying to develop a control panel on top of a really powerful control panel from the sounds of it.

Yes exactly. That's what I want. But please! don't call it really a control panel and it is not on top of cpanel.
I just want to install ngnix webserver on a VPS on port 80 and host less than 10 domains on it. What I am thinking is to install ngnix on port 80 and develop a simple control panel which can add domains to the ngnix confiuration and remove if needed. So, after adding the domain, the webserver must be restarted.

That's what I wanted. I just typed 'service cpanel restart' for just an example. Actually I wanted to perform other commands.

So, how can you help me in this ?


Also, cPanel uses its own backend php , you know ? Its custom configured for cpanel.

I am actually thinking something like that. I need a custom php executable file for my control panel and other for the domains hosted. You got me ? !

Yes exactly. That's what I want. But please! don't call it really a control panel and it is not on top of cpanel.
I just want to install ngnix webserver on a VPS on port 80 and host less than 10 domains on it. What I am thinking is to install ngnix on port 80 and develop a simple control panel which can add domains to the ngnix confiuration and remove if needed. So, after adding the domain, the webserver must be restarted.

That's what I wanted. I just typed 'service cpanel restart' for just an example. Actually I wanted to perform other commands.

So, how can you help me in this ?


Also, cPanel uses its own backend php , you know ? Its custom configured for cpanel.

I am actually thinking something like that. I need a custom php executable file for my control panel and other for the domains hosted. You got me ? !

One, cpanel is written mostly in Perl, uses open-source php projects.

Also, i won't write this code for you.. and you wouldn't have to do it on port 81.. just do it on port 80 as well in a protected environment imo.

As far as coding, if you need someone to write this, then my suggestion is to use the employment forum, as you won't get this free or close to free, it takes time to develop such a thing. I'm too busy for it, sorry.

Actually what I am trying to make is a simple php script which runs on another port , say 81, and has root power to perform any tasks including the rebooting of server, restarting services etc. Is that possible ?

Or atleast perform some file modifications and executions of files , within the allowed path.

If you do this (which I don't recommend for the same security issues that others have noted), here's my recommendations:

1. Run a separate server instance
2. Use a high number port that won't likely be in a port scanner's range
3. Block that port in iptables from any but a few trusted IPs
4. In the apache conf, also allow access only to those IPs (in case your firewall rules get flushed)
5. Also in apache conf, require authentication
6. Don't run that apache instance as root, but rather a trusted account (like htadmin)
7. In your PHP scripts, use sudo to execute commands that need to be run as root
8. In your sudoers setup, give htadmin only the exact permissions that it needs

Or...write a cron job that checks the webserver periodically and restarts it if needed. (<-- path of least resistance)

One, cpanel is written mostly in Perl, uses open-source php projects.

Also, i won't write this code for you.. and you wouldn't have to do it on port 81.. just do it on port 80 as well in a protected environment imo.

As far as coding, if you need someone to write this, then my suggestion is to use the employment forum, as you won't get this free or close to free, it takes time to develop such a thing. I'm too busy for it, sorry.

No no , you are mistaken. I don't want you to write the codes for me. I know how to write the code. But I am not sure about the setup I need to make first for granting my application the root power to perform commands such as rm -rf , mv and edit files under certain directory.


I also wanted to ask that, if I write a php program to read /etc/passwd running under 80, then another user who host their files on the same server, can also read the file /etc/passwd. Right ?

That's actually why I wanted to run the application under a new port, say 81, with custom php backend. So that I can disable the harmful functions in the customer's php.ini file. We both use seperate php.ini

I am not sure you are getting me or not ?


In simple sentence, I want to give my php application the permission to use "system" command and I don't want my customers use this command using their own php script.s

Harris

If you do this (which I don't recommend for the same security issues that others have noted), here's my recommendations:

1. Run a separate server instance
2. Use a high number port that won't likely be in a port scanner's range
3. Block that port in iptables from any but a few trusted IPs
4. In the apache conf, also allow access only to those IPs (in case your firewall rules get flushed)
5. Also in apache conf, require authentication
6. Don't run that apache instance as root, but rather a trusted account (like htadmin)
7. In your PHP scripts, use sudo to execute commands that need to be run as root
8. In your sudoers setup, give htadmin only the exact permissions that it needs

Or...write a cron job that checks the webserver periodically and restarts it if needed. (<-- path of least resistance)

Are you telling that I use 80 for apache and 81 for other webserver ?

Harris

Its not simple.. it's possible to do it. Its just the whole security factor is the issue. My suggestion is to use write console applications, and run them through sudo root in ssh to perform the applications, i'd write them in python. This is what I do.

I do this for lighttpd:

I have an entire python console app that I run through sudo root, this way it cant be accessed through the web. I use my app, i get a list of actions I can perform for lighttpd, create a new domain, creates a new user, directory, ftp account with given params. Restarts lighttpd. I can go through them, and disable them temp, have them active for so many hours (use for sub domains - testing so i don't have sub domains that shouldn't be around for too long to prevent leaching), manage my ip addresses, name servers, etc. 100% command based through sudo root for max security, could obviously be configured to be done with other privileged users.

I highly recommend this route, as no one would know you're using it.

And no, this isn't a "simple sentence" you're just not very clear in exactly what you want, either way what you describe isn't secure at all.

If you can code this, then you already know its not very secure lol.

Alright. I just know the coding, for adding domains to the ngnix webserver config file but I haven't think more about it.

OK, Anybody know, how can I make new port like WHM 2086 ?
I just want to put a simple php or html file under /usr/new
and when I open http://serverip:3333 I want to see this file.

Harris

Are you telling that I use 80 for apache and 81 for other webserver ?

Harris

There's no need to run two DIFFERENT webservers. It is possible to run two separate instances of apache, installed in two different locations.

There's no need to run two DIFFERENT webservers. It is possible to run two separate instances of apache, installed in two different locations.


But as you can read above, I am not trying to use apache. I am trying to remove it completely and make a new system using nginx webserver.

Harris

But as you can read above, I am not trying to use apache. I am trying to remove it completely and make a new system using nginx webserver.

Harris

Look at the nginx documentation, it is explained.

EDIT:
I would offer to help more, but i have to currently update a few applications i maintain atm.

EDIT2:


server {
listen 1337;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.html index.htm;
}


Pretty straight forward.

Look at the nginx documentation, it is explained.

EDIT:
I would offer to help more, but i have to currently update a few applications i maintain atm.

EDIT2:


server {
listen 1337;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.html index.htm;
}


Pretty straight forward.

Thanks for the suggestion. I read the nginx wiki already and thus I got interest in this. We have a client who is having a large website which actually need high resources. The client is hosting the site on a 1GB Ram VPS using cPanel and apache. The problem is that Apache just hangs or is always busy. That's why we are thinking to inplement ngnix and as you know, cpanel doesn't support nginx so we have to make a simple control panel for him which can add / remove domains ( simply editing the ngnix config file ) and it need not be having lot of features like other control panels.

Harris

Thanks for the suggestion. I read the nginx wiki already and thus I got interest in this. We have a client who is having a large website which actually need high resources. The client is hosting the site on a 1GB Ram VPS using cPanel and apache. The problem is that Apache just hangs or is always busy. That's why we are thinking to inplement ngnix and as you know, cpanel doesn't support nginx so we have to make a simple control panel for him which can add / remove domains ( simply editing the ngnix config file ) and it need not be having lot of features like other control panels.

Harris

Why would you go the nginx route when you already have cpanel? Why not diagnose the problem with apache under cpanel?

You will need to add a virtual server for your script on another port.
You will also have to give the user some kind of sudo rights, this can be a massive security flaw though.

Thanks for the suggestion. I read the nginx wiki already and thus I got interest in this. We have a client who is having a large website which actually need high resources. The client is hosting the site on a 1GB Ram VPS using cPanel and apache. The problem is that Apache just hangs or is always busy. That's why we are thinking to inplement ngnix and as you know, cpanel doesn't support nginx so we have to make a simple control panel for him which can add / remove domains ( simply editing the ngnix config file ) and it need not be having lot of features like other control panels.

Harris

Then streamline your apache config. It takes a LOT of traffic to slow down a properly configured apache daemon. If the site's that busy, it's probably time for a dedicated server, but I'd be willing to bet there's a lot you could do to speed up apache...if apache is even the root of the problem.

If their site is making 20 db connections per page hit on a slow connector, it won't matter what webserver you're using...

Sounds like you're about to throw the baby away with the bathwater, not to mention I'm sure your client won't be thrilled with the downtime/hassle/tech support issues involved in moving to a new server and hammering out all of the bugs and security issues inherent in a home-grown control panel.

I'll even google it for you ;) http://www.rocg.uta4you.at/manual/misc/perf-mja.html

Please post your apache conf