Join the community today
Become a Member

Panel

Discussion in 'Add Ons' started by raciasolvo, Dec 4, 2016.

  1. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Today I installed the letsencrypt certificate for the main server, edited virtual.conf and cleaned server home directory. The result is the add-ons panel :D

    panel.jpg

    I will post some code later.
     
    Last edited: Dec 4, 2016
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    very interesting :)
     
  3. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    When I installed the letsencrypt certificate for the main server a virtual host has been created. Why not? Main server is vhost too (virtual.conf) :)

    The home directory contains many useful programs. I decided to make them more accessible for easy use. I edited the /usr/local/nginx/html/index.html.

    Code (Text):
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html
        xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
        <head>
            <title>Centmin Mod Admin Area</title>
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
            <style type="text/css">
                            /*
                <![CDATA[*/
                            body {
                                    background-color: #fff;
                                    color: #000;
                                    font-size: 0.9em;
                                    font-family: sans-serif,helvetica;
                                    margin: 0;
                                    padding: 0;
                            }
                            :link {
                                    color: #c00;
                            }
                            :visited {
                                    color: #c00;
                            }
                            a:hover {
                                    color: #224;
                            }
                            h1 {
                                    text-align: center;
                                    margin: 0;
                                    padding: 0.6em 2em 0.4em;
                                    background-color: #43a6df;
                                    color: #fff;
                                    font-weight: normal;
                                    font-size: 1.75em;
                                    border-bottom: 2px solid #e3e3e3;
                            }
                            h1 strong {
                                    font-weight: bold;
                            }
                            h2 {
                                    font-size: 1.1em;
                                    font-weight: bold;
                            }
                            hr {
                                    display: none;
                            }
                            .content {
                                    padding: 1em 5em;
                            }
                            .content-columns {
                                    /* Setting relative positioning allows for
                                    absolute positioning for sub-classes */
                                    position: relative;
                                    padding-top: 1em;
                            }
                            .content-column-left {
                                    /* Value for IE/Win; will be overwritten for other browsers */
                                    width: 47%;
                                    padding-right: 3%;
                                    float: left;
                                    padding-bottom: 2em;
                            }
                            .content-column-left hr {
                                    display: none;
                            }
                            .content-column-right {
                                    /* Values for IE/Win; will be overwritten for other browsers */
                                    width: 47%;
                                    padding-left: 3%;
                                    float: left;
                                    padding-bottom: 2em;
                            }
                            .content-columns>.content-column-left, .content-columns>.content-column-right {
                                    /* Non-IE/Win */
                            }
                            img {
                                    border: 2px solid #fff;
                                    padding: 2px;
                                    margin: 2px;
                            }
                            a:hover img {
                                    border: 2px solid #224;
                            }
                            .cmlogo {
                                    text-align: center;
                            }
                            /*]]>*/
                
            </style>
        </head>
        <body>
            <h1>
                <strong>Centmin Mod Admin Area</strong>
            </h1>
            <div class="content">
                <div class="content-middle">
                    <p>Some usefull text.</p>
                </div>
                <hr />
                <div class="content-columns">
                    <div class="content-column-left">
                        <ul>
                            <li>
                                <h2>Server</h2>
                                <ul>
                                    <li>
                                        <a href="/cinfo/">System Stats</a>
                                    </li>
                                </ul>
                            </li>
                            <li>
                                <h2>NGINX</h2>
                                <ul>
                                    <li>
                                        <a href="/nginx_status">Nginx Status</a>
                                    </li>
                                    <li>
                                        <a href="/vhost_status">Vhost Traffic Status</a>
                                    </li>
                                </ul>
                            </li>
                            <li>
                                <h2>Cache</h2>
                                <ul>
                                    <li>
                                        <a href="/memcache_ecf3130a.php">MemCache</a>
                                    </li>
                                    <li>
                                        <a href="/62970556_opcache.php">OpCache</a>
                                    </li>
                                </ul>
                            </li>
                            <li>
                                <h2>PHP</h2>
                                <ul>
                                    <li>
                                        <a href="/phpstatus">Status</a>
                                    </li>
                                    <li>
                                        <a href="/phpping">Ping</a>
                                    </li>
                                    <li>
                                        <a href="/d87c2276_phpi.php">Info</a>
                                    </li>
                                    <li>
                                        <a href="/62970556_opcache.php">OpCache</a>
                                    </li>
                                </ul>
                            </li>
                            <li>
                                <h2>MySQL</h2>
                                <ul>
                                    <li>
                                        <a href="/1448_mysqladmin32377/">phpMyAdmin</a>
                                    </li>
                                </ul>
                            </li>
                            <li>
                                <h2>GeoIP</h2>
                                <ul>
                                    <li>
                                        <a href="/geoip.php">Check Your IP</a>
                                    </li>
                                </ul>
                            </li>
                        </ul>
                    </div>
                    <div class="content-column-right">
                        <div class="cmlogo">
                            <p>
                                <a href="http://centminmod.com/" target="_top">
                                    <img src="cmlogo.png" width="320" height="259" border="0" align="middle" alt="CentminMod.com Nginx Auto Installer">
                                </a>
                            </p>
                        </div>
                    </div>
                </div>
            </div>
        </body>
    </html>
    


    And I downloaded the icon :)
    Code (Text):
    cd /usr/local/nginx/html
    wget https://community.centminmod.com/favicon.ico
    

    Now I can add any scripts at the panel and easy to use them on different devices. @eva2000 , it is a good starting point for creating a lightweight panel. ;)

    I edited virtual.conf for secure main server (I use the panel on different devices). virtual.conf coming soon.
     
    Last edited: Dec 5, 2016
    • Like Like x 1
    • Agree Agree x 1
  4. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    definitely inspiration (y):)
     
    • Funny Funny x 1
    • Optimistic Optimistic x 1
  5. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I want to use the panel with different devices. For trusted devices I set a magic cookie.
    If the magic cookie is not set, you can not get data from the server.
    If the magic cookie is set, the server checks the static IP or password is required for dynamic IP.
    You have to type the magic URL in the browser to set the magic cookie.

    So it is necessary to have the magic cookie and the IP/password to access the server.

    virtual.conf:
    Code (Text):
    # remove server names from HTTP header
    more_clear_headers              Server;
    more_clear_headers              X-Powered-By;
    
    # https://forum.nginx.org/read.php?2,152294,152401#msg-152401
    ssl_session_cache               shared:SSL:10m;
    ssl_session_timeout             60m;
    
    # https only
    server {
        listen 80;
        server_name                 {$hostname};
        return 301                  https://$server_name$request_uri;
    }
    
    server {
        listen 443                  ssl http2;
        server_name                 {$hostname};
    
        # Magic URL
        error_page 418              = @cookie;
        recursive_error_pages       on;
        if                          ($uri = "/Try/to/find/my/Magic/URL/") { return 418; }
    
        # Magic cookie
        # [TODO] autoupdate cookie every week
        if                          ($cookie_{$cookie_name_64_bytes} != "{$cookie_value_64_bytes}") { return 444; }
    
        access_log                  /home/nginx/domains/{$hostname}/log/access.log combined buffer=256k flush=60m;
        error_log                   /home/nginx/domains/{$hostname}/log/error.log;
    
        include                     /usr/local/nginx/conf/ssl/{$hostname}/{$hostname}.crt.key.conf;
        include                     /usr/local/nginx/conf/rs/ssl.conf;
    
        # Secure
        satisfy                     any; # Check IP or password
        allow                       127.0.0.1;
        #allow                      your_ip;
        deny                        all;
        auth_basic                  "Private";
        auth_basic_user_file        /home/nginx/domains/{$hostname}/htpasswd_adminlogin;
    
        root                        /usr/local/nginx/html;
    
        location    /               { }
        location =  /nginx_status   { stub_status on; }
        location    /vhost_status   {
            access_log              off;
            vhost_traffic_status    on;
            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;
        }
        location ~ ^/(phpstatus|phpping)$ {
            fastcgi_pass            127.0.0.1:9000;
            fastcgi_param           SCRIPT_FILENAME $fastcgi_script_name;
            include                 fastcgi_params;
        }
    
        # Magic Cookie
        location    @cookie         {
            add_header              Set-Cookie "{$cookie_name_64_bytes}={$cookie_value_64_bytes}; Path=/; Domain={$hostname}; Max-Age=604800; Secure; HttpOnly; SameSite=strict";
            more_set_headers        "Content-Type: text/html";
            return 200              '<html><body><a href="https://{$hostname}">Welcome!</a></body></html>';
        }
    
        # Let’s Encrypt (staticfiles.conf)
        #location =  /.well-known/acme-challenge/ { access_log off; more_set_headers "Content-Type: text/plain"; }
    
        include                     /usr/local/nginx/conf/php.conf;
        include                     /usr/local/nginx/conf/staticfiles.conf;
        #include                    /usr/local/nginx/conf/errorpage.conf;
    }
    
    # default servers
    server {
        listen 80                   default_server;
        return 444;
    }
    
    server {
        listen 443                  ssl http2 default_server;
        return 444;
        include                     /usr/local/nginx/conf/ssl/{$hostname}/{$hostname}.crt.key.conf;
        include                     /usr/local/nginx/conf/rs/ssl.conf;
    }


    I use own /usr/local/nginx/conf/rs/ssl.conf because I test letsencrypt now. It is very similar to the settings of the centminmod:
    Code (Text):
        # at http{}
        #ssl_session_cache          shared:SSL:10m;
        #ssl_session_timeout                60m;
        ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    
        http2_max_field_size        16k;
        http2_max_header_size       32k;
        # mozilla recommended
        ssl_ciphers                 EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
        ssl_prefer_server_ciphers   on;
        ssl_buffer_size             1369;
        ssl_session_tickets         on;
    
        # enable ocsp stapling
        resolver                    8.8.8.8 8.8.4.4 valid=10m;
        resolver_timeout            10s;
        ssl_stapling                on;
        ssl_stapling_verify         on;


    I need only one password for panel and I commented out these lines.
    /usr/local/nginx/html/62970556_opcache.php:
    Code (Text):
    ///////////////// Password protect ////////////////////////////////////////////////////////////////
    /*if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
               $_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME ||$_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {
                Header("WWW-Authenticate: Basic realm=\"OpCache Login\"");
                Header("HTTP/1.0 401 Unauthorized");
                echo <<<EOB
                    <html><body>
                    <h1>Rejected!</h1>
                    <big>Wrong Username or Password!</big>
                    </body></html>
    EOB;
                exit;
    }*/
    

    /usr/local/nginx/html/memcache_ecf3130a.php
    Code (Text):
    ///////////////// Password protect ////////////////////////////////////////////////////////////////
    /*if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
               $_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME ||$_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {
                            Header("WWW-Authenticate: Basic realm=\"Memcache Login\"");
                            Header("HTTP/1.0 401 Unauthorized");
    
                            echo <<<EOB
                                    <html><body>
                                    <h1>Rejected!</h1>
                                    <big>Wrong Username or Password!</big>
                                    </body></html>
    EOB;
                            exit;
    }*/


    And I can use short names for addons.

    Password setting:
    Code (Text):
    cd /home/nginx/domains/${hostname}
    htpasswd -c htpasswd_adminlogin {$username}
    


    So I have the panel for addons and some scripts.
     
    Last edited: Dec 5, 2016
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    interesting approach with the magic cookie ! Thanks for sharing :D

    Definitely gives me a few ideas :)
     
    • Like Like x 1
  7. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Yes, very simple technique. :)

    Are all centminmod scripts can run with arguments (without reading data from the keyboard)? I could use the PHP to startup centminmod scripts.
     
  8. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    not entirely sure I understand what you're asking ? which scripts ?
     
  9. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    acme.sh for example.
     
  10. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I want to run this script from the panel.
     
  11. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    acme.sh is 3rd party letsencrypt client used by addons/acmetool.sh and both those scripts require arguments as outlined here

    acme.sh and addons/acmetool.sh are shell scripts meant to be run from SSH command line.
     
  12. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Ok, I try to run acmetool.sh using shell_exec.
     
  13. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    no guarantees it will work via php calls.. but welcome to try :)
     
    • Like Like x 1
  14. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I see how to bypass some code, for example:
    Code (Text):
    if [[ "$NOTICE" = [yY] && "$UNATTENDED" != [yY] ]]; then
      echo
      echo "-------------------------------------------------"
      echo "acmetool.sh is in beta testing phase"
      echo "please read & provide bug reports &"
      echo "feedback for this tool via the forums"
      echo "https://centminmod.com/acmetool"
      echo "-------------------------------------------------"
      echo
      read -ep "continue [y/n] ? " _proceed
      if [[ "$_proceed" != [yY] ]]; then
        echo
        echo "aborting..."
        echo
        exit
      fi
    fi
    

    Args or environment... or I can't. :) Reading from the keyboard is usually a problem for shell_exec.
     
  15. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Not so much inputs from the keyboard. :)
    Code (Text):
    # cat acmetool.sh | grep "read -ep"
      read -ep "continue [y/n] ? " _proceed
      read -ep "Enter SSL certificate domain name you want without www. prefix host: " input_domain
      read -ep "Enter custom webroot path you want: " input_webroot
      read -ep "is this path correct ? [y/n]: " webrootpath_correct
          read -ep "Enter custom webroot path you want: " input_webroot
          read -ep "is this path correct ? [y/n]: " webrootpath_correct
      read -ep "continue ? [y/n]: " manual_continue
      read -ep "Enter option [ 1 - 13 ] " sslmenuissue_options
      read -ep "Enter option [ 1 - 13 ] " sslmenurenew_options
      read -ep "Enter option [ 1 - 13 ] " sslmenureissue_options
      read -ep "Enter option [ 1 - 10 ] " sslmenu_options
    
     
  16. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    hehe
     
  17. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    What? :) Can I assign a value to a variable NOTICE without editing the script?
     
  18. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    addons/acmetool.sh supports persistent config files at /etc/centminmod/acmetool-config.ini and /etc/centminmod/custom_config.inc so any variables added to either file is usable by addons/acmetool.sh
     
    • Informative Informative x 1
  19. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Without NOTICE='n' I got
    Code (Text):
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://centminmod.com/acmetool
    -------------------------------------------------
    
    continue [y/n] ?
    
    aborting...
    

    :)
     
  20. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    2:48 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I can't set NOTICE :(
    Code (Text):
    # cat acmetool-config.ini
    NOTICE='n'
    


    I got:
    Code (Text):
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://centminmod.com/acmetool
    -------------------------------------------------
    
    
    aborting...
    


    Because options are loaded later test
    Code (Text):
    if [[ "$NOTICE" = [yY] && "$UNATTENDED" != [yY] ]]; then
      echo
      echo "-------------------------------------------------"
      echo "acmetool.sh is in beta testing phase"
      echo "please read & provide bug reports &"
      echo "feedback for this tool via the forums"
      echo "https://centminmod.com/acmetool"
      echo "-------------------------------------------------"
      echo
      read -ep "continue [y/n] ? " _proceed
      if [[ "$_proceed" != [yY] ]]; then
        echo
        echo "aborting..."
        echo
        exit
      fi
    fi
    
    ...
    
    if [ -f "/etc/centminmod/acmetool-config.ini" ]; then
      . "/etc/centminmod/acmetool-config.ini"
    fi
    
    if [ -f "/etc/centminmod/custom_config.inc" ]; then
      # default is at /etc/centminmod/custom_config.inc
      . "/etc/centminmod/custom_config.inc"
    fi
    
     
    Last edited: Dec 6, 2016
    • Informative Informative x 1