How to Source an External Script in /etc/sysconfig/httpd

Learn how to source an external script in /etc/sysconfig/httpd file on CentOS 7 and 8, and why you might want to do that.

If you are using Apache HTTP Server on CentOS 7 or 8, you might have encountered a problem when you want to source an external script in the /etc/sysconfig/httpd file. This file is used to set environment variables for the httpd service, such as HTTPD, OPTIONS, LANG, and so on. However, if you try to use the source command or the dot operator (.) to source an external script, you will get an error message saying that the command is not found or the file does not exist. This is because the /etc/sysconfig/httpd file is not executed by a shell, but by the systemd service manager, which does not support sourcing external scripts. In this article, we will show you how to solve this problem and explain why you might want to source an external script in /etc/sysconfig/httpd.

Why Source an External Script in /etc/sysconfig/httpd?

One reason why you might want to source an external script in /etc/sysconfig/httpd is to avoid hard-coding sensitive information, such as passwords, API keys, or tokens, in the /etc/sysconfig/httpd file. For example, if you are using mod_auth_openidc to authenticate users with an OpenID Connect provider, you need to set the OIDCClientSecret environment variable with the client secret value. However, if you put this value directly in the /etc/sysconfig/httpd file, it will be exposed to anyone who can read the file, which is a security risk. A better way is to store the client secret in a separate file, such as /etc/httpd/conf.d/oidc-secret.sh, and source it in the /etc/sysconfig/httpd file. This way, you can restrict the access to the secret file and protect it from unauthorized users.

Another reason why you might want to source an external script in /etc/sysconfig/httpd is to dynamically set environment variables based on some conditions, such as the hostname, the date, or the environment. For example, if you are using mod_wsgi to run Python applications with Apache, you need to set the WSGIPythonHome environment variable with the path to the Python virtual environment. However, if you have multiple virtual environments for different applications or environments, you might want to switch between them based on some criteria. A possible way is to write a script, such as /etc/httpd/conf.d/wsgi-home.sh, that checks the hostname or the environment variable and sets the WSGIPythonHome accordingly. Then, you can source this script in the /etc/sysconfig/httpd file and have the correct virtual environment for each application or environment.

How to Source an External Script in /etc/sysconfig/httpd?

As we mentioned earlier, the /etc/sysconfig/httpd file is not executed by a shell, but by the systemd service manager, which does not support sourcing external scripts. Therefore, we need to find a way to make systemd execute a shell that can source the external script and pass the environment variables to the httpd service. There are two possible ways to achieve this:

Method 1: Use the EnvironmentFile directive in the /usr/lib/systemd/system/httpd.service file to specify a file that contains the environment variables for the httpd service

This file can be a shell script that sources the external script and prints the environment variables with the format VAR=VALUE. For example, if we want to source the /etc/httpd/conf.d/oidc-secret.sh file, we can create a file named /etc/httpd/conf.d/httpd-env.sh with the following content:

#!/bin/bash
source /etc/httpd/conf.d/oidc-secret.sh
echo "OIDCClientSecret=$OIDCClientSecret"

Then, we can edit the /usr/lib/systemd/system/httpd.service file and add the following line under the [Service] section:

EnvironmentFile=/etc/httpd/conf.d/httpd-env.sh

Finally, we need to reload the systemd daemon and restart the httpd service:

sudo systemctl daemon-reload
sudo systemctl restart httpd

This way, the httpd service will inherit the environment variables from the /etc/httpd/conf.d/httpd-env.sh file, which sources the /etc/httpd/conf.d/oidc-secret.sh file.

Method 2: Use the ExecStartPre directive in the /usr/lib/systemd/system/httpd.service file to execute a shell command before starting the httpd service

This command can source the external script and export the environment variables to a file that can be read by the httpd service. For example, if we want to source the /etc/httpd/conf.d/wsgi-home.sh file, we can edit the /usr/lib/systemd/system/httpd.service file and add the following line under the [Service] section:

ExecStartPre=/bin/bash -c 'source /etc/httpd/conf.d/wsgi-home.sh; export WSGIPythonHome > /run/httpd/wsgi-home'

Then, we can edit the /etc/sysconfig/httpd file and add the following line:

source /run/httpd/wsgi-home

Finally, we need to reload the systemd daemon and restart the httpd service:

sudo systemctl daemon-reload
sudo systemctl restart httpd

This way, the httpd service will source the /run/httpd/wsgi-home file, which contains the environment variable exported by the /etc/httpd/conf.d/wsgi-home.sh file.

Frequently Asked Questions (FAQs)

Question: What is the difference between the source command and the dot operator (.) in shell scripts?

Answer: The source command and the dot operator (.) are equivalent in shell scripts. They both execute the commands in the specified file in the current shell environment, without creating a new subshell. This means that any variables, functions, or aliases defined in the sourced file will be available in the current shell.

Question: What is the difference between the Environment and EnvironmentFile directives in systemd service files?

Answer: The Environment directive allows you to set one or more environment variables for the service directly in the systemd service file, with the format VAR=VALUE. The EnvironmentFile directive allows you to specify a file that contains the environment variables for the service, with the same format. The advantage of using the EnvironmentFile directive is that you can separate the environment variables from the service configuration, and you can use a shell script to generate the environment variables dynamically.

Question: How can I check the environment variables of the httpd service?

Answer: You can use the systemctl show command to display the properties of the httpd service, including the environment variables. For example, to check the value of the OIDCClientSecret environment variable, you can run:

sudo systemctl show httpd -p Environment | grep OIDCClientSecret

Alternatively, you can use the ps command to display the environment variables of the httpd process. For example, to check the value of the WSGIPythonHome environment variable, you can run:

sudo ps -ef --format cmd,euser,egroup,args,env | grep httpd | grep WSGIPythonHome

Summary

In this article, we learned how to source an external script in the /etc/sysconfig/httpd file on CentOS 7 and 8, and why you might want to do that. We showed two possible ways to make systemd execute a shell that can source the external script and pass the environment variables to the httpd service. We also answered some frequently asked questions about sourcing external scripts and environment variables in systemd service files.

Disclaimer: This article is for informational purposes only and does not constitute professional advice. The author and the publisher are not liable for any damages or losses that may result from the use of the information in this article. Always consult a qualified IT professional before making any changes to your system configuration.