A lot of people don’t realize how easy it is to write an API with PHP. It really is as easy as having a simple PHP script accepting GET variables, and when you add in some security, you can pretty much do anything you want with a single script that accepts variables from any authenticated source.  So a little while ago I posted about the new cPanel XML API and how to integrate that with your own scripts – well now, I’ll use that as an example to show you how to write an API for their API, a.k.a, an API connector.   Though in real applications you wouldn’t need an API, all you’d need is a PHP script that accepts GET or POST input to perform some kind of action. In this example, we’ll have a script that automatically adds DNS zones to a nameserver that runs cPanel as well.

Most APIs do the same thing – you have a script, then that script accepts post/get variables, then does something.

The Interface (addzone.php):

You guy remember the one I posted a while back – well, we’ll use the same one only a tad different.  This is the script that runs statically on the server, which accepts the variables passed through the URL:


<?php
// API for adding a DNS zone to ns cluster
$isinclude = “1″; // specifies $isinclude for xmlapi.php
// GET & POST definitions

$key = “098f6bcd4621d373cade4e832627b4f6″;
$domain = $_GET['domain'];
$ip = $_GET['ip'];

// Validation – make sure that we have the right information

if($_POST['key'] != $key){ echo “Invalid key!!”; die(); }
if(empty($domain)){ echo “Domain value missing!!”; die(); }
if(empty($ip)){ echo “IP Value missing!!”; die(); }

$theServer = “ns1.v-nessa.net”; // the server to connect to
$apiPath = “/xml-api/adddns?domain=$domain&ip=$ip”; // the xml api path

$user = “root”; // use to connect to whm as

// ns1 hash (whm > remote access)

$rhash = “e9917f16b3fda69137192725a06b68e7
230e99fd445473807e33d637878641a5
–edited out for sake of length–
f673567ab443acedc77f9aec62ff953f”;

// Include the API connector
include(“xmlapi.php”);

// Output XML Result
$xmlObject=simplexml_load_string($xmlresult);

echo $xmlObject->result->statusmsg . “\n”;

?>

The file that is called via include() is the basic xml function file which constructs all of the variables from the outser script (shown above).  You can get a copy of of xmlapi.php from here, but for this example you need to comment out the output.

Now all we need to do is pass the variables that the script needs in order to know what information to process, which is $ip and $domain.  Therefore, in order to successfully call this API, you would enter the following in a browser:

http://v-nessa.net/api/addzone.php?domain=test.v-nessa.net&ip=205.134.252.71

This will pass the ‘domain’ and ‘ip’ variables to addzone.php, which uses the XML API to connect to WHM and add a dns zone on the nameserver ns1.v-nessa.net.  This is a problem though – what’s to keep outsiders from finding this and abusing it?  Well, there are several forms of non-interactive authentication you can use, such as:

• Have an allow list of ips that can access the script (look up environmental variables at php.net)
• Requiring a key or token

I generally use a key, though there are better ways to do this.  The way I’m about to show you is simple and secure, but slightly limits the way your API can be called.

First, I generated an md5 hash and defined it in the scipt (remember $key = “098f6bcd4621d373cade4e832627b4f6″; ?).  Then all I need to do is make sure that key is used whenever I call the API. Notice that in addzone.php it’s defined as a POST variable?  That is mainly for preference but you can just as easily make it a GET variable and just add it to your URL line.  Here I want it to be posted, so I can call the API through cURL as follows:

curl -k http://v-nessa.net/api/addzone.php?domain=test.v-nessa.net&ip=205.134.252.71 -d key = “098f6bcd4621d373cade4e832627b4f6

And there you have it! A very simple way to write an API using POST and GET.

So if you read my post a little while back about my lasting suspicion that my roommates and I are giving room and board to a few unwanted furry little bastards, I can now confirm that my suspicion is correct. On Christmas eve I was doing some dishes and I noticed that Capone was staring blankly at a cabinet by the refrigerator. After Harley joined him and they both sat and stared at one for a good 10 minutes, I figured they just wanted something in the cabinet so I opened it up to see what was so appealing. I swear as soon as I did that Capone stuck his face in there and Harley pushed him aside and just dove in, pulling out something in her mouth as well as a shelf full of vases that came crashing to the floor.

It was about then that I heard this squeaking noise like what you hear in dog toys, and realized that she was carrying a big stinkin’ rat in her mouth. Though the thing had just gotten caught in a rat trap that our exterminator put in and was well alive and dangling out between Harley’s teeth, the entire kitchen started to smell like someone microwaved a dead fish wrapped inside a tortilla filled with pickles.

You can thank my sister Torie for wanting to document this experience by taking pictures:

So what do blood-hungry puppies do after catching furry intruders? Well, Capone says, “Please sir may I have another” :

Then they both pass out from a hard night’s work:

I can think of a few things that are wrong with that title but in all seriousness…don’t you ever wonder where cPanel stores the config changes that you make in WHM?  Automation is the key nowadays, and lately that’s required me to get a little down and dirty with cPanel to find its deepest secrets. *This information is not official documentation, nor is it backed up by cPanel or set in stone.  In other words, don’t blame me if you mess up your server.

These are files that store the information read and used by WHM (as of 11.23.6)

• The Book of Eli movie

• IP addresses: /etc/ips
• Reserved IPs: /etc/reservedips
• Reserved IP reasons: /etc/reservedipreasons
• IP address pool: /etc/ipaddrpool
• Access hash (WHM remote access key): /home/user/.accesshash or /root/.accesshash
• cPanel update preferences: /etc/cpupdate.conf
• Basic cPanel/WHM setup:  /etc/wwwacct.conf
• System mail preferences: /etc/localaliases
• Exim open relay list: /etc/alwaysrelay
• Server-wide max emails per hour: /var/cpanel/maxemailsperhour
• Tweak settings: /var/cpanel/cpanel.config
• Packages: /var/cpanel/packages/
• Features: /var/cpanel/features/
• User data: /var/cpanel/users/ and /var/cpanel/userdata
• Apache templates: /var/cpanel/templates/apache(1,2)
• Exim config template: /etc/exim.conf.localopts
• Exim mail IPs: /etc/mailips
• rDNS for mail ips: /etc/mail_reverse_dns
• Clustering: /var/cpanel/cluster/root/config
• Service manager: /etc/chkserv.d
• Users and their domains: /etc/userdomains
• Users and their main domains: /etc/trueuserdomains
• Users and their owners: /etc/trueuserowners
• Main cPanel IP: /var/cpanel/mainip
• cPanel version: /usr/local/cpanel/version
• Resellers: /var/cpanel/resellers
• Reseller nameservers: /var/cpanel/resellers-nameservers

These are a few scripst that you can use to achieve the same  results of their WHM equivalents:

• Initialize quotes: /scripts/initquotas
• Compile Apache: /scripts/easyapache  (you can pass additional options – see EasyApache 2 docs)
• Update cPanel: /scripts/upcp
• Enable/disable tweak settings: /scripts/smtpmailgidonly on|off
• Change PHP API and suExec settings: /usr/local/cpanel/bin/rebuild_phpconf
• Suspend an account: /scripts/suspendacct <user> <reason>
• Terminate an account: /scripts/killacct <user>

Obviously there are a ton more, and just about anything done in WHM can be done directly on the server.  The main things to remember:

Scripts are mainly stored in /scripts and /usr/local/cpanel/bin

Data files are in /var/cpanel

Config files are in /etc/ and /usr/local/cpanel

This is definately something I couldn’t pass up the opportunity to blog about.  This site that one of my coworkers came across (that we also happen to host) allows you to virtually give yourself a boob job:

Heavy Load movie download http://tryonanewbody.com

If you go to the demo section you’ll have a little picture of a petite blonde and a choice of your cup size ( A – D ).  Of course we’ll leave it to Brad to take is a step further:

So people at work have been nagging me to get a Twitter

account — why?  So they know everything I’m doing all the time?  Finally I just decided to go with the flow and so far it hasn’t been that bad — as soon as I joined and started “watching” my boss, I had like 6 co-workers join as watchers.  I think the idea of Twitter is great, but it kind of seems like a stalking tool.  I mean, anyone can “watch” you and know exactly what you’re doing.  Good thing they at least have a block tool to keep the creeps out, eh?

Anywho, you can see my status at any time on my side bar.  And if you’re not a creepy pervert, feel free to watch me as well =)

It’s been about a while since cPanel 11.1 came out and the proxy script from cpanelproxy.net that we all know and love stopped working. Well, the cPanel devs came through for us again and incorporated an Apache-based proxy feature to natively allow users behind firewalls to connect to cPanel over port 80, similar to the way the previous php-based cpanel proxy worked. This was a peace of cake on new server setups, where all you had to do was check on the proxy options in WHM “Tweak Settings” and include mod_proxy in your Apache build. However, I had a very difficult time getting this to work on previous servers that did not already have those features. After bringing this up to Mr. Ken from cPanel (who, by the way, is the most awesomest person in the cpanel bunch), I was finally able to come up with a procedure for getting this to work without having to completely recompile Apache which is a no-no on more mature production servers.

First, if you haven’t already, run a cpanel update to the latest version which at the time of my writing is 11.23. Once the update is complete, log into WHM > Tweak Settings and check off these options (only the first is required):


Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port

Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts.

Allow users to create cpanel, webmail, webdisk and whm subdomains that override automatically generated proxy subdomains

Now, to install mod_proxy (for Apache 1.3 and 2.x)

Download the source for your Apache version. If you’re not sure what that is, you can find out from your phpinfo file or in some cases by typing ‘httpd -v’ from command line.

wget http://apache.mirrors.tds.net/httpd/apache_1.3.41.tar.gz
tar -xvzf apache_1.3.41.tar.gz
cd apache_1.3.41/src/modules/proxy (will just be /modules/proxy for Apache 2 sources)

You need to compile the mod_proxy module with apxs to add it to httpd.conf. For Apache 1.3.x:

/usr/local/apache/bin/apxs -i -a -c mod_proxy.c

For Apache 2.2 (not sure about 2.0 since we don’t run that version on any of our systems) I found that you have to compile mod_proxy with two of its submodules in order for the proxy feature in cpanel to work:

/usr/local/apache/bin/apxs -i -a -c mod_proxy.c proxy_util.c
/usr/local/apache/bin/apxs -i -a -c mod_proxy_http.c

The restart Apache and verify that it is able to start. In my case, when I just compiled the mod_proxy module I got some error about ap_proxy_lb_workers, but when I added proxy_util that fixed the problem. Then I wasn’t able to get the cpanel proxy feature to work without mod_proxy_http. There is one last step with Apache, where you need to add the proxy virtualhost entries in. cPanel has this set up as one virtualhost entry for all the subdomains as well as https, which didn’t quite work in my case because we have shared SSL certificates on the main IP. So I added the following lines between the <VirtualHost> tags for the main hostname and shared ssl hostname:

ServerAlias cpanel.* webmail.*
RewriteEngine On
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteRule ^/(.*) http://127.0.0.1:2082/$1 [P]
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P]
UseCanonicalName Off

These are just the ones for webmail and cpanel, but webdisk and whm ones can be added as well.

All you need to do now is setup the subdomains so that customers can access them. The best way to do this is to specify the username:

/scripts/proxydomains --user=username add

To do all accounts on the server (which can take a while):

/scripts/proxydomains add

To list all the options for this script simply type /scripts/proxydomains .

Um….what?

I thought something was up when for the last month my traffic rate went from 300,000 in May to only 24,000 in June, even moreso when I found out my pagerank dropped from a 6 to a 4. I was de-Googled! Apparently a month or so ago a spam comment slipped past Akismet and got posted to my blog, and that meant that my site no longer meets the “quality” guidelines for Google. I found the post and removed it, but upon filling out their reconsideration form it appears that it takes 4-6 weeks to be reviewed and added back. Man, that sucks….

Anywho, I’d hate to do this mainly because I’m lazy, but I’ve set Wordpress to send new comments to moderation again so I have to manually approve them. What I’m confused about is that if my site doesn’t meet quality guidelines for Google, where does this guy fit in?

Chkservd is the service in cPanel that checks to make sure that services are running, then restarts them if necessary. It’s also responsible for the ‘Service Manager’ section in cPanel, which is an interface where added services can be easily checked on and off.
To add a new service, create a line in /etc/chkserv.d/chkservd.conf in the same format as the others:

service:1

1 means the service should be enabled, 0 means it’s off.
In /etc/chkserv.d each service has its own file. Create a file called as the name of the service you are monitoring. The contents of the file are in the format of:

#SERVICE = PORT, SEND, RESPONSE, RE-START COMMAND

There are two ways that cPanel checks services with chkservd:

• Connection-based monitoring – By default, cPanel will try to connect to the service’s specified port, issue a command, and if a response is received within 10 seconds it will consider the service to be online. For instance, FTP:

service[ftpd]=21,QUIT,220,/scripts/restartsrv_ftpserver

• Process-based monitoring – cPanel will check for a specific process to determine whether it is online. For instance, named:

service[named]=x,x,x,/scripts/restartsrvr_bind,named,named|bind

If you have more than one restart command, you can separate them with semicolons in order of preference that they should be run. Output of these commands will be logged to the chkservd.log
After you’ve created the service’s configuration file, restart chkservd:

/etc/init.d/chkservd restart

You should then see the service listed in WebHost Manager in the ’service manager section’
Chkservd logs are in /var/log/chkservd.log. Checks are done every 8 minutes, and everyone online service gets a +, offline services get a -. If the service is determined to be offline, the restart command(s) specified in that service’s chkservd configuration file is issued and the output is logged.

If you don’t even have chkservd installed, it’s probably missing and you need to install it.

We get a TON of requests for the PHP APC pecl module because after having adopted suPHP into our configuration, eAccelerator is worthless. It’s quick to install, and especially if you’re running suPHP or phpsuexec, each user can maintain their own settings within their local php.ini without me having to do anything — basically the best thing that a lazy system admin can ask for.

Soooo, here’s how you install it:


wget http://pecl.php.net/get/APC-3.0.17.tgz
tar -xvzf APC-3.0.17.tgz

phpize
./configure && make && make install


Then just add “extension=/apc.so” to your php.ini and you’re done. With PHP under Apache this will load the APC module for everyone, but for suPHP users you’ll need to add it to their php.ini which will also allow them to modify their own APC settings. These are the ones I recommend using:

apc.enabled = 1

apc.shm_segments = 1

apc.shm_size = 30

apc.optimization = 0

apc.ttl = 7200

apc.user_ttl = 7200

apc.num_files_hint = 1000

apc.mmap_file_mask = /tmp/apc.XXXXXX

Now, if you want to get even sexier with it I came across this little tool that monitors the performance of APC on your server.

For Christmas this year my sisters and I bought my mom a Pomeranian that she named Teddy (though my sisters and dad subsequently named him Simon, Maverick, Titus, and Leo). Side note: here’s documented evidence that my Dad does indeed like dogs:

Now ask me why it took me 17 years to beg my dad for a dog, and I still didn’t get one until I was 20 when I was already out of the house. Anyways, we in the Vasile household believe that pets are as much part of a family as people are, which is why I animately insist that my son, Capone, and my niece, Harley, are the only grandkids that my parents are getting anytime soon. Well, this concept kept in mind, the addition of Teddy means that I have a new 4-year-old half brother. I’ve always been the youngest in the family but I’ve so far completely my sisterly duty of taking my little bro to see Santa clause with his uncle Capone:

Merry Christmas!!!