问题描述
限时送ChatGPT账号..我需要将资源从主服务器同步到从服务器.我使用 rsync 是因为它可以使用增量文件列表递归同步文件夹.我已经能够使用 ssh-keys 让它以最简单的方式工作.一切都很好,但它不能通过 php shell_exec 函数工作.这是我到目前为止所做的,以及我陷入困境的地方.帮助将不胜感激!
I need to synchronize ressources from a master server to a slave server. I use rsync because it can synchronize folder recursively using incremental file list. I have been able to make it work the simpliest way using ssh-keys. Everything is fine but it doesn't work through php shell_exec function. Here is what I have done so far, and where I am getting stuck. Help would be appreciated!
主从服务器在 ubuntu 14.04.4
Master and slave servers are on ubuntu 14.04.4
mkdir ~/.ssh
chmod 0700 ~/.ssh
创建一个没有密码短语的私人/公共 ssh 密钥
ssh-keygen -f ~/.ssh/id_rsa -q -P ""
不确定从服务器是否可以接收主公钥 ssh 密钥
// log in slave server
mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys
将公钥复制到从服务器(我要同步资源的地方)
// log in master server
su ssh-copy-id -i ~/.ssh/id_rsa.pub [slave user]@[slave host]
测试现有文件夹的同步...比方说 www/js/
rsync -avz -e "ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress ~/www/js/ [slave user]@[slave host]:~/www/js/
是的,一切正常.
我登录从服务器,递归删除www/js文件夹.
I log on slave server, remove www/js folder recursively.
我登录主服务器
我创建了一个简单的 php 脚本来测试它是否可以作为shell 命令"工作
I create a simple php script to test if it work within as a "shell command"
test.php
var_dump(shell_exec('rsync -avz -e "ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress ~/www/js/ [slave user]@[slave host]:~/www/js/'));
同步在 php 中不起作用.可能是因为 php 运行宽度 www-data 用户?我怎样才能让它从 pĥp 安全地工作?
The synchronization doesn't work from php. Probably because php runs width www-data user? How can I make it work safely from pĥp?
推荐答案
** 此答案不安全.请看我的另一个回答**
** edit : this answer is not a secure. Please see my other answer **
我终于知道如何让它工作了
I finally found out how to make it work
将私有 ssh-key 复制到 www-data 的主文件夹.然后php就可以通过shell_exec函数rsync了
copy private ssh-key to www-data's home folder. Then php will be able to rsync through shell_exec function
www-data 的主文件夹是/var/www/(在我的情况下是 Ubuntu 14)
www-data's home folder is /var/www/ (in my case Ubuntu 14)
mkdir /var/www/.ssh
chown www-data /var/www/.ssh
chmod 0700 /var/www/.ssh
复制 ssh 密钥并设置适当的权限
cp ~/.ssh/id_rsa /var/www/.ssh
chown www-data /var/www/.ssh/id_rsa
chmod 0600 /var/www/.ssh/id_rsa
这条线现在对我有用:
shell_exec('rsync -avz -e "ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress [absolute_path]/www/js/ [slave user]@[slave host]:~/www/js/');
如果它对某人有帮助...
If it helps someone...
但由于我对安全了解很多,但不能说我是专家,我想知道这是否安全?
But since I know a lot in security but can't say I'm a specialist, I wonder if that is secure ?
这篇关于通过php/linux在服务器之间同步资源的安全方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论