This application is in early alpha which means things might break, depending on your setup. Ubuntu and CentOS are officially supported (tested thoroughly on Ubuntu 14.04 and CentOS 6.5). If you think you've found a problem, kindly post an issue.
- Apache with
mod_rewriteenabled - PHP >= 5.3.23
Optional:
atutility (what's that?)
- Install Composer if you don't already have it:
curl -sS https://getcomposer.org/installer | php- Fetch CronKeep and all of its dependencies onto your directory of choice (preferably, your www directory):
php composer.phar create-project cronkeep/cronkeep --keep-vcs -s dev /var/www/cronkeep- To update CronKeep in the future all you need to do is run these from the CronKeep installation directory:
git pull
composer installFor more information regarding git or Composer, please refer to their docs (git, Composer).
Note that the following instructions are for Apache only.
Create a new /etc/apache2/sites-available/cronkeep.conf file with your favorite text editor, and paste this content inside the file:
<VirtualHost *:80>
ServerName cronkeep.example.com # adjust accordingly
DocumentRoot /var/www/cronkeep/src
<Directory "/var/www/cronkeep/src">
AllowOverride all
</Directory>
</VirtualHost>Enable the virtual host by running:
sudo a2ensite cronkeepPlease note that you may need to adjust your DNS zone settings or edit your operating system's hosts file for the hostname (e.g. cronkeep.example.com) to be reachable. Information on how to do that is outside out of the scope of this article.
At this time, the crontab manager does not feature in-app authentication. It is up to the user to allow and restrict access to CronKeep in their network.
Here's a guide on how to set up Digest Authentication with Apache under Debian / Ubuntu.
This guide is based on an Apache 2.4 installation under Ubuntu 14.04.
- First we'll enable
mod_auth_digest:
sudo a2enmod auth_digest- Next we're setting up the login credentials for a user called john.
mkdir /etc/htdigest
htdigest -c /etc/htdigest/htdigest "cronkeep" john # enter password at the prompt
chmod 644 /etc/htdigest/htdigestNote that we've put the password file in a place where Apache can't accidentally serve it up from. Also, please be mindful that the -c argument should be used only once, to create the password file, and should be left out if you want to onboard additional users, as it will overwrite an existing file of the same name.
- It's in the virtual host we're pointing Apache to the htdigest password file. So let's add these lines to the virtual host that we've previously set up for CronKeep.
Copy these lines to the VirtualHost section:
<Directory "/var/www/cronkeep/src">
AllowOverride all
AuthType Digest
AuthName "cronkeep"
AuthUserFile /etc/htdigest/htdigest
Require valid-user
</Directory>- Finally, we restart Apache for the changes to take effect.
service apache2 restart
There are several variations of this error message, with the user that is denied
access varying (in this case it's www-data).
To allow access you should add the user to the /etc/cron.allow file on a new
line. If the file does not exist, the user that is denied access might be listed
in /etc/cron.deny — locate that file and remove the user from there.
What this error is basically saying is that the crontab utility, which CronKeep uses behind the scenes, is denied access to the /var/spool/cron directory. This is usually the case in a SELinux-enabled environment running in enforcing mode.
You can quickly validate this assumption by temporarily switching SELinux to permissive mode, like this:
$ setenforce permissiveRefresh CronKeep to see that the error is gone. Make sure you switch SELinux back to enforcing mode at the end:
$ setenforce enforcingThe recommended way to allow the crontab utility access to its files, when it's invoked by Apache, is by creating and installing a custom SELinux policy module. You may install the one we've already put together (and tested on a CentOS 6.5 installation) using this one-liner:
$ curl -OfL https://github.com/cronkeep/cronkeep/raw/master/provision/centos/httpd_crontab.pp && semodule -i httpd_crontab.ppThe policy package only contains the minimum security rules needed and nothing more.
It looks like on a SELinux-enabled environment running in enforcing mode, Apache is denied access to read
the PAM configuration file (usually /etc/security/access.conf) which regulates access to the crontab
system utility. The following error is then triggered:
System error You (apache) are not allowed to access to (crontab) because of pam configuration.
Luckily, this can be easily fixed as follows:
setsebool -P allow_httpd_mod_auth_pam 1Please head on to Issues to see if other users have experienced the same error in the past. When opening a new issue, please make sure to include the full text of the error and details about your setup (including web server and operating system versions).
Found a typo in this file or want to propose changes? Just fork and edit this file.