Well, the bash scripts would not be executed on a public web server per se.
The bash scripts in my testing are blade files that I inject variables into and then compile into a gameserver.sh script on the game server host machine not the machine that my laravel app is hosted on.
My laravel app shells into the game server host and executes this bash script that was just uploaded.
The risk is fairly low, these game server host machines are all small VPSs that are mashalled for the sole purpose of hosting game servers, so the risk is limited, not to detract from your very valid criticism.
Hey guys, I've been inspired by the laravel ecosystem into building a personal game server management system for this stupid e-sports hobby.
For some reason I've got it in my head that I want to use PHP for shelling into host machines to handle the provisioning and deployment of these game servers.
I've come up with three distinct plans and made action on each, but when it gets hard I second guess myself with doubts and confusion which make me pick another route and it's an ugly vicious cycle.
Please help me :}
Laravel app uploads a bash script onto the remote server, executes that script then bails on the session.
Create a secondary "extended" queue connection that I can put known long-running messages on and otherwise just keep abusing Laravel into doing my dirty work like I always do.
Use some message queue to send the chore to a ReactPHP loop (like the one in laravel-websockets) that handles all of the SSH-y stuff.
All three options work, I've made all three of them work, but making them work well is a lot of freaking work and I just want to pick one and move onto the vicious cycle and get out of this one.