Panel

Today I installed the letsencrypt certificate for the main server, edited virtual.conf and cleaned server home directory. The result is the add-ons panel



I will post some code later.

---

 

When I installed the letsencrypt certificate for the main server a virtual host has been created. Why not? Main server is vhost too (virtual.conf)

The home directory contains many useful programs. I decided to make them more accessible for easy use. I edited the /usr/local/nginx/html/index.html.

Code (Text):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html
    xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <title>Centmin Mod Admin Area</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <style type="text/css">
                        /*
            <![CDATA[*/
                        body {
                                background-color: #fff;
                                color: #000;
                                font-size: 0.9em;
                                font-family: sans-serif,helvetica;
                                margin: 0;
                                padding: 0;
                        }
                        :link {
                                color: #c00;
                        }
                        :visited {
                                color: #c00;
                        }
                        a:hover {
                                color: #224;
                        }
                        h1 {
                                text-align: center;
                                margin: 0;
                                padding: 0.6em 2em 0.4em;
                                background-color: #43a6df;
                                color: #fff;
                                font-weight: normal;
                                font-size: 1.75em;
                                border-bottom: 2px solid #e3e3e3;
                        }
                        h1 strong {
                                font-weight: bold;
                        }
                        h2 {
                                font-size: 1.1em;
                                font-weight: bold;
                        }
                        hr {
                                display: none;
                        }
                        .content {
                                padding: 1em 5em;
                        }
                        .content-columns {
                                /* Setting relative positioning allows for
                                absolute positioning for sub-classes */
                                position: relative;
                                padding-top: 1em;
                        }
                        .content-column-left {
                                /* Value for IE/Win; will be overwritten for other browsers */
                                width: 47%;
                                padding-right: 3%;
                                float: left;
                                padding-bottom: 2em;
                        }
                        .content-column-left hr {
                                display: none;
                        }
                        .content-column-right {
                                /* Values for IE/Win; will be overwritten for other browsers */
                                width: 47%;
                                padding-left: 3%;
                                float: left;
                                padding-bottom: 2em;
                        }
                        .content-columns>.content-column-left, .content-columns>.content-column-right {
                                /* Non-IE/Win */
                        }
                        img {
                                border: 2px solid #fff;
                                padding: 2px;
                                margin: 2px;
                        }
                        a:hover img {
                                border: 2px solid #224;
                        }
                        .cmlogo {
                                text-align: center;
                        }
                        /*]]>*/
            
        </style>
    </head>
    <body>
        <h1>
            <strong>Centmin Mod Admin Area</strong>
        </h1>
        <div class="content">
            <div class="content-middle">
                <p>Some usefull text.</p>
            </div>
            <hr />
            <div class="content-columns">
                <div class="content-column-left">
                    <ul>
                        <li>
                            <h2>Server</h2>
                            <ul>
                                <li>
                                    <a href="/cinfo/">System Stats</a>
                                </li>
                            </ul>
                        </li>
                        <li>
                            <h2>NGINX</h2>
                            <ul>
                                <li>
                                    <a href="/nginx_status">Nginx Status</a>
                                </li>
                                <li>
                                    <a href="/vhost_status">Vhost Traffic Status</a>
                                </li>
                            </ul>
                        </li>
                        <li>
                            <h2>Cache</h2>
                            <ul>
                                <li>
                                    <a href="/memcache_ecf3130a.php">MemCache</a>
                                </li>
                                <li>
                                    <a href="/62970556_opcache.php">OpCache</a>
                                </li>
                            </ul>
                        </li>
                        <li>
                            <h2>PHP</h2>
                            <ul>
                                <li>
                                    <a href="/phpstatus">Status</a>
                                </li>
                                <li>
                                    <a href="/phpping">Ping</a>
                                </li>
                                <li>
                                    <a href="/d87c2276_phpi.php">Info</a>
                                </li>
                                <li>
                                    <a href="/62970556_opcache.php">OpCache</a>
                                </li>
                            </ul>
                        </li>
                        <li>
                            <h2>MySQL</h2>
                            <ul>
                                <li>
                                    <a href="/1448_mysqladmin32377/">phpMyAdmin</a>
                                </li>
                            </ul>
                        </li>
                        <li>
                            <h2>GeoIP</h2>
                            <ul>
                                <li>
                                    <a href="/geoip.php">Check Your IP</a>
                                </li>
                            </ul>
                        </li>
                    </ul>
                </div>
                <div class="content-column-right">
                    <div class="cmlogo">
                        <p>
                            <a href="http://centminmod.com/" target="_top">
                                <img src="cmlogo.png" width="320" height="259" border="0" align="middle" alt="CentminMod.com Nginx Auto Installer">
                            </a>
                        </p>
                    </div>
                </div>
            </div>
        </div>
    </body>
</html>

And I downloaded the icon

Code (Text):

cd /usr/local/nginx/html
wget https://community.centminmod.com/favicon.ico

Now I can add any scripts at the panel and easy to use them on different devices. @eva2000 , it is a good starting point for creating a lightweight panel.

I edited virtual.conf for secure main server (I use the panel on different devices). virtual.conf coming soon.

 

I want to use the panel with different devices. For trusted devices I set a magic cookie.
If the magic cookie is not set, you can not get data from the server.
If the magic cookie is set, the server checks the static IP or password is required for dynamic IP.
You have to type the magic URL in the browser to set the magic cookie.

So it is necessary to have the magic cookie and the IP/password to access the server.

virtual.conf:

Code (Text):

# remove server names from HTTP header
more_clear_headers              Server;
more_clear_headers              X-Powered-By;

# https://forum.nginx.org/read.php?2,152294,152401#msg-152401
ssl_session_cache               shared:SSL:10m;
ssl_session_timeout             60m;

# https only
server {
    listen 80;
    server_name                 {$hostname};
    return 301                  https://$server_name$request_uri;
}

server {
    listen 443                  ssl http2;
    server_name                 {$hostname};

    # Magic URL
    error_page 418              = @cookie;
    recursive_error_pages       on;
    if                          ($uri = "/Try/to/find/my/Magic/URL/") { return 418; }

    # Magic cookie
    # [TODO] autoupdate cookie every week
    if                          ($cookie_{$cookie_name_64_bytes} != "{$cookie_value_64_bytes}") { return 444; }

    access_log                  /home/nginx/domains/{$hostname}/log/access.log combined buffer=256k flush=60m;
    error_log                   /home/nginx/domains/{$hostname}/log/error.log;

    include                     /usr/local/nginx/conf/ssl/{$hostname}/{$hostname}.crt.key.conf;
    include                     /usr/local/nginx/conf/rs/ssl.conf;

    # Secure
    satisfy                     any; # Check IP or password
    allow                       127.0.0.1;
    #allow                      your_ip;
    deny                        all;
    auth_basic                  "Private";
    auth_basic_user_file        /home/nginx/domains/{$hostname}/htpasswd_adminlogin;

    root                        /usr/local/nginx/html;

    location    /               { }
    location =  /nginx_status   { stub_status on; }
    location    /vhost_status   {
        access_log              off;
        vhost_traffic_status    on;
        vhost_traffic_status_display;
        vhost_traffic_status_display_format html;
    }
    location ~ ^/(phpstatus|phpping)$ {
        fastcgi_pass            127.0.0.1:9000;
        fastcgi_param           SCRIPT_FILENAME $fastcgi_script_name;
        include                 fastcgi_params;
    }

    # Magic Cookie
    location    @cookie         {
        add_header              Set-Cookie "{$cookie_name_64_bytes}={$cookie_value_64_bytes}; Path=/; Domain={$hostname}; Max-Age=604800; Secure; HttpOnly; SameSite=strict";
        more_set_headers        "Content-Type: text/html";
        return 200              '<html><body><a href="https://{$hostname}">Welcome!</a></body></html>';
    }

    # Let’s Encrypt (staticfiles.conf)
    #location =  /.well-known/acme-challenge/ { access_log off; more_set_headers "Content-Type: text/plain"; }

    include                     /usr/local/nginx/conf/php.conf;
    include                     /usr/local/nginx/conf/staticfiles.conf;
    #include                    /usr/local/nginx/conf/errorpage.conf;
}

# default servers
server {
    listen 80                   default_server;
    return 444;
}

server {
    listen 443                  ssl http2 default_server;
    return 444;
    include                     /usr/local/nginx/conf/ssl/{$hostname}/{$hostname}.crt.key.conf;
    include                     /usr/local/nginx/conf/rs/ssl.conf;
}

I use own /usr/local/nginx/conf/rs/ssl.conf because I test letsencrypt now. It is very similar to the settings of the centminmod:

Code (Text):

    # at http{}
    #ssl_session_cache          shared:SSL:10m;
    #ssl_session_timeout                60m;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;

    http2_max_field_size        16k;
    http2_max_header_size       32k;
    # mozilla recommended
    ssl_ciphers                 EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
    ssl_prefer_server_ciphers   on;
    ssl_buffer_size             1369;
    ssl_session_tickets         on;

    # enable ocsp stapling
    resolver                    8.8.8.8 8.8.4.4 valid=10m;
    resolver_timeout            10s;
    ssl_stapling                on;
    ssl_stapling_verify         on;

I need only one password for panel and I commented out these lines.
/usr/local/nginx/html/62970556_opcache.php:

Code (Text):

///////////////// Password protect ////////////////////////////////////////////////////////////////
/*if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
           $_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME ||$_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {
            Header("WWW-Authenticate: Basic realm=\"OpCache Login\"");
            Header("HTTP/1.0 401 Unauthorized");
            echo <<<EOB
                <html><body>
                <h1>Rejected!</h1>
                <big>Wrong Username or Password!</big>
                </body></html>
EOB;
            exit;
}*/

/usr/local/nginx/html/memcache_ecf3130a.php

Code (Text):

///////////////// Password protect ////////////////////////////////////////////////////////////////
/*if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
           $_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME ||$_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {
                        Header("WWW-Authenticate: Basic realm=\"Memcache Login\"");
                        Header("HTTP/1.0 401 Unauthorized");

                        echo <<<EOB
                                <html><body>
                                <h1>Rejected!</h1>
                                <big>Wrong Username or Password!</big>
                                </body></html>
EOB;
                        exit;
}*/

And I can use short names for addons.

Password setting:

Code (Text):

cd /home/nginx/domains/${hostname}
htpasswd -c htpasswd_adminlogin {$username}

So I have the panel for addons and some scripts.

 

Yes, very simple technique.

Are all centminmod scripts can run with arguments (without reading data from the keyboard)? I could use the PHP to startup centminmod scripts.

 

acme.sh for example.

 

I want to run this script from the panel.

 

Ok, I try to run acmetool.sh using shell_exec.

 

I see how to bypass some code, for example:

Code (Text):

if [[ "$NOTICE" = [yY] && "$UNATTENDED" != [yY] ]]; then
  echo
  echo "-------------------------------------------------"
  echo "acmetool.sh is in beta testing phase"
  echo "please read & provide bug reports &"
  echo "feedback for this tool via the forums"
  echo "https://centminmod.com/acmetool"
  echo "-------------------------------------------------"
  echo
  read -ep "continue [y/n] ? " _proceed
  if [[ "$_proceed" != [yY] ]]; then
    echo
    echo "aborting..."
    echo
    exit
  fi
fi

Args or environment... or I can't. Reading from the keyboard is usually a problem for shell_exec.

 

Not so much inputs from the keyboard.

Code (Text):

# cat acmetool.sh | grep "read -ep"
  read -ep "continue [y/n] ? " _proceed
  read -ep "Enter SSL certificate domain name you want without www. prefix host: " input_domain
  read -ep "Enter custom webroot path you want: " input_webroot
  read -ep "is this path correct ? [y/n]: " webrootpath_correct
      read -ep "Enter custom webroot path you want: " input_webroot
      read -ep "is this path correct ? [y/n]: " webrootpath_correct
  read -ep "continue ? [y/n]: " manual_continue
  read -ep "Enter option [ 1 - 13 ] " sslmenuissue_options
  read -ep "Enter option [ 1 - 13 ] " sslmenurenew_options
  read -ep "Enter option [ 1 - 13 ] " sslmenureissue_options
  read -ep "Enter option [ 1 - 10 ] " sslmenu_options

 

What? Can I assign a value to a variable NOTICE without editing the script?

 

Without NOTICE='n' I got

Code (Text):

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------

continue [y/n] ?

aborting...

 

I can't set NOTICE

Code (Text):

# cat acmetool-config.ini
NOTICE='n'

I got:

Code (Text):

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------


aborting...

Because options are loaded later test

Code (Text):

if [[ "$NOTICE" = [yY] && "$UNATTENDED" != [yY] ]]; then
  echo
  echo "-------------------------------------------------"
  echo "acmetool.sh is in beta testing phase"
  echo "please read & provide bug reports &"
  echo "feedback for this tool via the forums"
  echo "https://centminmod.com/acmetool"
  echo "-------------------------------------------------"
  echo
  read -ep "continue [y/n] ? " _proceed
  if [[ "$_proceed" != [yY] ]]; then
    echo
    echo "aborting..."
    echo
    exit
  fi
fi

...

if [ -f "/etc/centminmod/acmetool-config.ini" ]; then
  . "/etc/centminmod/acmetool-config.ini"
fi

if [ -f "/etc/centminmod/custom_config.inc" ]; then
  # default is at /etc/centminmod/custom_config.inc
  . "/etc/centminmod/custom_config.inc"
fi