1
我的目標是做一個方法來自動生成誰希望自己的網站添加到我的CDN服務人員的SSL證書(https://hostcloak.com)如何使一個bash腳本通過nginx的/ PHP執行
這裏是腳本通過SSH的作品,而不是當我試圖通過PHP
exec("sudo sh /var/autossl $domain 2>&1", $output);
這裏來執行它是bash腳本:
當通過ssh控制檯直接使用#!/bin/bash
domain=$1
# Set up config file.
cat > /etc/nginx/sites/$domain.conf <<EOF
server {
listen 80;
server_name *.$domain;
root /var/www/$domain;
}
EOF
nginx -s reload
#########################################
set -o nounset
set -o errexit
mkdir -p /var/www/$domain
# Set up config file.
mkdir -p /etc/letsencrypt
cat > /etc/letsencrypt/cli.ini <<EOF
# Uncomment to use the staging/testing server - avoids rate limiting.
# server = https://acme-staging.api.letsencrypt.org/directory
# Use a 4096 bit RSA key instead of 2048.
rsa-key-size = 4096
# Set email and domains.
email = [email protected]
domains = $domain
# Text interface.
text = True
# No prompts.
non-interactive = True
# Suppress the Terms of Service agreement interaction.
agree-tos = True
# Use the webroot authenticator.
authenticator = webroot
webroot-path = /var/www/$domain
EOF
# Obtain cert.
certbot-auto certonly
# Set up daily cron job.
CRON_SCRIPT="/etc/cron.daily/certbot-renew"
cat > "${CRON_SCRIPT}" <<EOF
#!/bin/bash
#
# Renew the Let's Encrypt certificate if it is time. It won't do anything if
# not.
#
# This reads the standard /etc/letsencrypt/cli.ini.
#
# May or may not have HOME set, and this drops stuff into ~/.local.
export HOME="/root"
# PATH is never what you want it it to be in cron.
export PATH="\${PATH}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
certbot-auto --no-self-upgrade certonly
# If the cert updated, we need to update the services using it. E.g.:
if service --status-all | grep -Fq 'apache2'; then
service apache2 reload
fi
if service --status-all | grep -Fq 'httpd'; then
service httpd reload
fi
if service --status-all | grep -Fq 'nginx'; then
service nginx reload
fi
EOF
chmod a+x "${CRON_SCRIPT}"
#####################################
# Set up config file.
cat > /etc/nginx/sites/$domain.conf <<EOF
server {
listen 80;
server_name *.$domain;
location/{
proxy_set_header x-real-IP \$remote_addr;
proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header host \$host;
proxy_pass http://google.com;
}
}
server {
listen 443;
server_name *.$domain;
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location/{
proxy_set_header x-real_IP \$remote_addr;
proxy_set_header x-forwarded-for \$proxy_add_x_forwarded_for;
proxy_set_header host \$host;
proxy_pass http://google.com;
}
}
EOF
nginx -s reload
「autossl」的作品,但是當我嘗試它通過PHP的exec函數,它說:「找不到命令」爲「nginx的-s重裝」
所以我的問題是:如何通過PHP實現這一點(它必須通過我的網站被自動)
試過了,但是我得到了這個:Array([0] =>/usr/local/bin/autossl:第6行:/etc/nginx/sites/yoyyo.com.conf:Permission denied [1] =>/usr/local/bin/autossl:第14行:nginx:command not找到[2] =>請求以root權限重新運行/ usr/local/bin/certbot-auto ... [3] => [4] =>我們相信您已經收到本地系統[5] =>管理員,通常歸結爲以下三件事:[6] => [7] =>#1)尊重他人的隱私。 [8] =>#2)在鍵入之前考慮一下。 [9] =>#3)擁有巨大的權力將會帶來巨大的責任。 [0] => [11] => sudo:沒有tty目前... – John
嗯,第一個錯誤可能是因爲php/nginx有其他權限,您的用戶,第二個因爲nginx命令不在php/nginx路徑bash –
如何將它添加到php/nginx bash的路徑中? – John