7

My System:

  1. CentOS 7.2.1511 (Core)
  2. Apache 2.4.6

I have quite a few environment variables I would like to add to Apache.

I am currently doing it by adding into my /etc/httpd/conf.d/vhosts.conf file like so:

SetEnv API_USERNAME 'my_special_username'
SetEnv API_PASSWORD 'my_special_password'

I am able to access the two environment variables in PHP via:

echo $_SERVER['API_USERNAME'];
echo $_SERVER['API_PASSWORD'];
// or
echo getenv('API_USERNAME');
echo getenv('API_PASSWORD');

Recently, I found out I could also add environment variables via systemd:

I create the file /etc/systemd/system/httpd.service.d/envvars.conf:

[Service]
Environment="API_USERNAME=my_special_username"
Environment="API_PASSWORD=my_special_password"

followed by

systemctl daemon-reload

systemctl restart httpd

I am able to access the two environment variables in PHP via:

echo getenv('API_USERNAME');
echo getenv('API_PASSWORD');
// $_SERVER does not work when I specify environment variables in systemd
echo $_SERVER['API_USERNAME']; // returns blank
echo $_SERVER['API_PASSWORD']; // returns blank

Question

In terms of security or best practices, would it be best to add my Apache environment variables into a configuration file with SetEnv or systemd? Or does it not matter?

djvg
  • 137
  • 7
Jeffrey Wen
  • 284
  • 3
  • 11
  • 1
    The apache config is the more appropriate place for this information if it is specific to what apache is serving and not specific to allowing apache to serve it. To put that another way, you can host many different websites with apache and putting the values in systemd mean that all sites would get these values. If the values are specific to a particular site, put the values in the config file for that site. – tvon Dec 15 '16 at 17:43

1 Answers1

1

I agree with what Tvon says and would like to add more specifically that systemd would really be the wrong place to put those Apache environment variables. Other applications or processes that use Systemd have no need to know about those variables.

I would also consider whether you would be hosting multiple PHP sites on the same server and if so rather than sticking everything in 

/etc/httpd/conf.d/vhosts.conf

I would also consider using the site-available method aka the "debian-way"

How to configure Apache (sites-available vs httpd.conf)

Below method based on this guide for Centos https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7#step-four-%E2%80%94-create-new-virtual-host-files 

sudo mkdir /etc/httpd/sites-available
sudo mkdir /etc/httpd/sites-enabled

Tell Apache to look for virtual hosts in the sites-enabled directory. by editing Apache's main config file and add a line declaring an optional directory for additional configuration files:

sudo nano /etc/httpd/conf/httpd.conf

Add a line to end of file IncludeOptional sites-enabled/*.conf

Save and close the file. Then create a virtual host file.

sudo nano /etc/httpd/sites-available/example.com.conf

<VirtualHost *:80>

</VirtualHost>

Then add the directvies for your first website

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com

    SetEnv API_USERNAME 'my_special_username'
    SetEnv API_PASSWORD 'my_special_password'

    DocumentRoot /var/www/example.com/public_html
    ErrorLog /var/www/example.com/error.log
    CustomLog /var/www/example.com/requests.log combined

</VirtualHost>

Save and close the file. Then make a copy called example2.com.conf for your second website

sudo cp /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-available/example2.com.conf

Edit the file and make relevant changes

sudo nano /etc/httpd/sites-available/example2.com.conf

<VirtualHost *:80>
    ServerName www.example2.com
    ServerAlias example2.com

    SetEnv API_USERNAME 'my_other_special_username'
    SetEnv API_PASSWORD 'my_other_special_password'

    DocumentRoot /var/www/example2.com/public_html
    ErrorLog /var/www/example2.com/error.log
    CustomLog /var/www/example2.com/requests.log combined

</VirtualHost>

You will then need to enable the sites by creating a symlink from the sites-enabled directory to the sites-available directory

sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.conf
sudo ln -s /etc/httpd/sites-available/example2.com.conf /etc/httpd/sites-enabled/example2.com.conf

Then restart apache (usually I do a configtest first to see if any errors)

sudo apachectl configtest

if all okay

sudo apachectl restart

Other benefits of this method is you could create new versions of existing configs and use symlink to point back and forth if any issues with new config or enable/disable websites when necessary.

Community
  • 1
mrjamesmyers
  • 296
  • 1
  • 8