Securely running cron tasks
Table of Contents
The isolation of web server and access server in MageStack provides excellent security for your SSH/FTP (access) environment from that of the web. The automated element that connects the web server, to the access server is the Magento document root, specifically, the Magento cron.
It is not recommended to use the standard Magento cron.sh
, but instead use our secure cron.sh
replacement, follow the [Magento cron configuration][/help/magestack/magento-cron-configuration/] guide for more information.
Running custom tasks
It is common for other cron tasks to be executed independent of the Magento cron. If the files used for these tasks are in the Magento document root, it means that they potentially could be modified from the environment of the web server, and thus affect the access server if not secured.
When executing custom cron tasks, you should execute them via the included cron_task.sh
wrapper, it can be found here,
/microcloud/scripts_ro/cron_task.sh
There are a number of options that can be supplied to run a cron task,
cron_task.sh Usage:
cron_task.sh [domain-group] [method] [script] ([args])
domain-group Domain group (eg. example)
method Binary to execute (eg. php)
script Script path to binary relative to domain-group (eg. /domains/example.com/http/shell/indexer.php)
args (Optional) Arguments to pass to script (eg. --reindexall)
Using the cron_task.sh
wrapper will run the process in the context of the domain-group (ie. the same environment as the web server), this will lead to a more secure, more consistent environment for your processes to run in.
Examples
Re Index every X hours
The following will trigger a reindex of all indexes at 5am each day (you can adjust the command/time to suit your requirements).
0 5 * * * /microcloud/scripts_ro/cron_task.sh "example" "php" "/domains/example.com/http/shell/indexer.php" "--reindexall"