Set environmenti variable to apache user - apache

I would like to remove the password from mysql db code of my application and insert it into the server, i would not be seen by users of the shell. I thought to put it as environment variable of apache user (user running the php code) is possible ?

Yes, it's possible. You can use PassEnv directive to pass OS environment variables to CGI scripts.
In PHP you can use $_ENV to get the value of required variables.

Related

SetEnv not updating my environment variable (noob warning)

I am still an Apache noob, and I am trying to set an environment variable that will be used by my Rails application.
I've read https://httpd.apache.org/docs/2.4/mod/mod_env.html#setenv and done some google and SO searches. I have at least determined that the value to be assigned must be in quotes. However, when I run sudo service apache2 restart, the value of SECRET_KEY_BASE is still not correct (viewed via printenv). I don't know what I don't know. Is there some step i'm missing?
In my apache configuration I have:
SetEnv SECRET_KEY_BASE "e10e721..."
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/some_path
Please let me know what other information I might need to share. Thanks for looking.
There are a few subtle pitfalls here.
First: You can't check it in the terminal you ran that command from. "SetEnv" sets a per-request internal variable that will be copied to CGI-like processes that the server subsequently executes.
Secondly, even if you set a real native environment variable (in e.g. /etc/apache2/envvars) you should not do a restart operation since that will not necessarily reload that particular file. You should do a stop and a start. You still won't see the variable in the command you start the server from, since it was only in the webserver process.
If you want to see the environment of a running process, you can write a basic CGI to dump the environment that was passed down to the CGI script. If you're a PHP user, a basic script with phpinfo() will dump it.
Or, you can determine Apache's process ID with ps and then check /proc/$thepid/env (on Linux).

Access Apache environment variables from mod_perl without %ENV

I using Apache 2.2 and mod_perl 2.0.4. I want to retrieve the value of an environment variable named "A_VARIABLE" in a mod_perl handler which was set in an Apache configuration file as:
SetEnv A_VARIABLE "some value"
In the mod_perl documentation about the PerlSetEnv configuration option, it says the following:
PerlSetupEnv On will allow you to access the environment variables like $ENV{REQUEST_URI}, which are available under CGI. However, when programming handlers, there are always better ways to access these variables through the Apache API. Therefore, it is recommended to turn it Off except for scripts which absolutely require it. See PerlSetupEnv Off.
Is there a way to access to read that variable without using the %ENV hash as the documentation implies? If so, please provide a short example on how to do so.

cannot get environment variables set in Flask application

I tried to set up sensitive information as environment variables in CentOS, and pass them to Flask config file used in main file, i.e. init.py . But it did not work. The Flask application is running under Apache.
I first edit /etc/environment as root user
MAIL_USERNAME="abcde#abc.com"
then logout, login again
Then verify MAIL_USERNAME is set by running
echo $MAIL_USERNAME
This works fine
And in configuration.py, this is how I set MAIL_USERNAME.
MAIL_USERNAME = os.environ.get('MAIL_USERNAME')
for testing purpose,
I print out MAIL_USERNAME
in __init__.py
print(MAIL_USERNAME)
Then from terminal, if I run
python3.4 __init__.py
it print out correct values of MAIL_USERNAME
However, if I tested on web browser, MAIL_USERNAME is just not set. it shows NONE. I verify this by looking Apache log.
Any idea of how this works would be really appreciated.
Thanks
With your CLI, set the environment variable as you want. On Linux and macOS, this is done with export KEY=value.
After that, the environment variable KEY will be available for your Python script or Flask app via os.environ.get('KEY'), like this:
import os
print os.environ.get('key')
>>> value
I had a very similar problem because I used PyCharm terminal to run flask. A similar issue was described and solved here.
My solution was switching to regular cmd (I worked on Windows 10) and just running everything there:
>> set MAIL_USERNAME='bla#example.com'
... (other env variables sets)
>> py manage.py runserver (I run my flask app through a manage script)
I could successfully send an email using my flask app - all the environment variables used in the app were read correctly.
On Linux you can just use export instead of set.
I hope it helps.
Maybe you can use Apache directive PassEnv as mentioned here on Apache's official web documenting how to use environment variables.
There are two kinds of environment variables that affect the Apache HTTP Server.
First, there are the environment variables controlled by the underlying
operating system. These are set before the server starts. They can be used in
expansions in configuration files, and can optionally be passed to CGI scripts
and SSI using the PassEnv directive.
Second, the Apache HTTP Server provides a mechanism for storing information
in named variables that are also called environment variables. This information
can be used to control various operations such as logging or access control.
The variables are also used as a mechanism to communicate with external programs
such as CGI scripts. This document discusses different ways to manipulate and
use these variables.
Although these variables are referred to as environment variables, they are
not the same as the environment variables controlled by the underlying
operating system. Instead, these variables are stored and manipulated in an
internal Apache structure. They only become actual operating system environment
variables when they are provided to CGI scripts and Server Side Include scripts.
If you wish to manipulate the operating system environment under which the server
itself runs, you must use the standard environment manipulation mechanisms
provided by your operating system shell.
I make some of the text cited above bold to make things clearer and maybe easier to explain.
Hope this helps.

propagate operating system variable in apache server

I'm trying to read the operating system variable HOMEPATH from apache but the getenv() doesn't work in the browser but works in command line.
I have read several articles and they say it's a permission issue. But is there a way to propagate the operating system variable to be an apache env variable when apache starts?
I'm assuming you are on linux, and if you aren't I'm just posting this here for record (my search was fruitless, I'm on CentOS 6.5)
From what I understand, there's no way to provide apache any direct access to the environment variables including variables from the environment of the user that started the apache process and global environment variables you've specified within /etc/profile.d startup scripts.
Since I'm using bash, I have a variables.bashrc file that I source from my ~/.bashrc. This variables.bashrc declares my user environment variables. Within my apache startup script (/etc/init.d/httpd) I have added a line
. /path/to/variables.bashrc
that sources the same variables as my user has access to. This makes these environment variables available to apache.
Apache may receive the variables but it can also block the variables unless you explicitly say to pass them on to your scripts. This uses mod_env so you must ensure this module is loaded So you'll have to add
PassEnv VARIABLE_NAME
to the directory/virtual host you are configuring. For example...
<Directory "/path/to/cgi/scripts/">
AllowOverride None
Options None
Order allow,deny
Allow from all
PassEnv VARIABLE_NAME
</Directory>
This will make it available to your CGI scripts, or whatever script may be trying to access environment variables.
I'm not sure if this is the most elegant way to solve this, so I would be interested to see what other people have done to solve this issue... perhaps some automated way (mod_something) to make these variables visible.
Thanks.

Apache2: Environment variables for user http

Is it possible for the apache2 user, http, to have environment variables like normal users do? How would I go about setting those up, if possible?
Your question is not clear about how you want to use the environment variables.
For consideration: if in /etc/httpd/conf/httpd.conf, you put
SetEnv MYVAR 10
then that environment variable should be available in your scripting language (PHP for example). In PHP, it can be accessed by $_SERVER['MYVAR']
Well, if your http user has a login shell, which most don't, you could put it in there. But that's still probably not going to do what you really want. I usually accomplish what you're trying to do by putting the environment variables in /etc/init.d/httpd.