-1

I want to generate a list of IPs which nginx should block. This list should be updated through actions that are made on the webserver. Like adding a new IP or removing one. This means it creates the "firewall.conf" for nginx.

The problem: nginx does not monitor changes in .conf-files, so I need to run "nginx reload". As our hosting company disallows exec(), I'm not able to execute it.

So my question is: Is it possible to reload nginx .conf-files by an HTTP request?

The idea is to call "http://example.org/?secret=key" and this fires "nginx reload".

mgutt
  • 542

1 Answers1

1

This is surely not possible out of the box. Some ideas as to how you could do it:

  1. If you are able to send signals to the nginx process, you could try to send the HUP signal: posix_kill($pid_of_nginx, SIGHUP). Of course, this requires the POSIX functions in PHP.
  2. Write a program which listens for a reload command on a named pipe and which reacts by reloading nginx. With PHP, you then simply write the necessary command into the named pipe and you are done.
  3. Same as 2. with a program which regularly checks for a specific file at a given location (e.g. /tmp/reload-nginx). In PHP you then create that file and nginx will be reloaded.

EDIT: The "pipe thing" isn't so difficult:

#!/bin/bash
pipe=/tmp/mypipe
trap "rm -f $pipe" EXIT

if [ ! -p "$pipe" ]; then
  mkfifo $pipe
fi

while true; do
  if read line <$pipe; then
    if [ "$line" == "reload" ]; then
      ...do the reload here...
    fi
  fi
done

Now, echo reload >/tmp/mypipe will wake up that script and lets you do what you want.

Oliver
  • 6,076