Apache vhosts on mySQL database

this is possible??

:DDD

Imagine, vhosts on mysql, and one php script control all!! :D

4 Replies

no,

http://httpd.apache.org/docs/vhosts/mass.html

Look there.

Actually it looks like it is possible. Check out the phpMyWebHosting project's documentation.

Another alternative would be to have a PHP script write virtual hosts out of the database to a new conf file for inclusion in the main Apache conf file.

The script would be easy to write, but the process would be scary to automate in my opinion because it would require PHP being able to write to Apache conf files and restart Apache! Scary…

However, add a little human intervention and just use PHP to dump you an up to date virtual hosts conf file, and it might be kind of slick.

I imagine vhost settings are not something you will really update very dynamically (unless business is so bustling that you have people coming in and moving out every second).

In that case, consider using a flat file instead of MySQL tables to store your vhost config. Store your hostname-to-directory mappings in a RewriteMap-compatible format, and then depend on mod_rewrite to direct requests to the right place for you.

mod_perl has the ability to dynamically generate configuration file sections at runtime, by embedding code into httpd.conf (though I think you still have to restart the server to have changes take effect, as normal).

Dynamic vhosts is one of the examples given for this functionality, but I wouldn't want a modperl-enabled httpd being used for every request. modperl is a little… heavyweight.

Practically, I'd build a set of scripts which manages the httpd.conf, and responds to requests from a management webpage if needed.

The script running the webpage should not run as root - you really don't want anything web-accessible having that sort of access to your server! If I were setting this sort of thing up, I'd keep a queue of configuration changes to make in a database, which the website can append things to.

I'd have a seperate script - again, not setuid root - which monitors this database for changes. It would then make the changes, using sudo to become root only when needed.

That way, there are several layers of protection between the website and the root account - a bug in the website can't give access to the entire system. Even if there's a bug in both the website and the queue-runner script, the attacker is still limited by the restrictions placed on sudo.

Okay, this post is now a bit longer than I intended. My main point can be summed up as something along the lines of "you can do this, but do you really want to, and can you do it securely?"

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct