Apache vhosts on mySQL database
Imagine, vhosts on mysql, and one php script control all!!
4 Replies
Look there.
phpMyWebHostingdocumentation.
Another alternative would be to have a PHP script write virtual hosts out of the database to a new conf file for inclusion in the main Apache conf file.
The script would be easy to write, but the process would be scary to automate in my opinion because it would require PHP being able to write to Apache conf files and restart Apache! Scary…
However, add a little human intervention and just use PHP to dump you an up to date virtual hosts conf file, and it might be kind of slick.
In that case, consider using a flat file instead of MySQL tables to store your vhost config. Store your hostname-to-directory mappings in a RewriteMap
Dynamic vhosts is one of the examples given for this functionality, but I wouldn't want a modperl-enabled httpd being used for every request. modperl is a little… heavyweight.
Practically, I'd build a set of scripts which manages the httpd.conf, and responds to requests from a management webpage if needed.
The script running the webpage should not run as root - you really don't want anything web-accessible having that sort of access to your server! If I were setting this sort of thing up, I'd keep a queue of configuration changes to make in a database, which the website can append things to.
I'd have a seperate script - again, not setuid root - which monitors this database for changes. It would then make the changes, using sudo to become root only when needed.
That way, there are several layers of protection between the website and the root account - a bug in the website can't give access to the entire system. Even if there's a bug in both the website and the queue-runner script, the attacker is still limited by the restrictions placed on sudo.
Okay, this post is now a bit longer than I intended. My main point can be summed up as something along the lines of "you can do this, but do you really want to, and can you do it securely?"