mirror
/
cyberpanel
mirror of https://github.com/usmannasir/cyberpanel.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improvments to Manage SSL, Hostname SSL and MailServer SSL.

This commit is contained in:
usmannasir 2018-05-21 16:51:28 +05:00
parent be187ddb92
commit 04142345dd
9 changed files with 178 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CyberCP/urls.py
View File

@ -17,7 +17,6 @@ from django.conf.urls import url,include
from django.contrib import admin
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^base/',include('baseTemplate.urls')),
url(r'^', include('loginSystem.urls')),
url(r'^packages/',include('packages.urls')),

2
backup/views.py
View File

@ -641,7 +641,7 @@ def submitDestinationCreation(request):
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
setupKeys = backupUtil.backupUtilities.setupSSHKeys(ipAddress,password,port)
setupKeys = backupUtil.backupUtilities.setupSSHKeys(ipAddress, password, port)
if setupKeys[0] == 1:
backupUtil.backupUtilities.createBackupDir(ipAddress,port)

2
dns/views.py
View File

@ -36,8 +36,6 @@ def createNameserver(request):
except KeyError:
return redirect(loadLoginPage)
def NSCreation(request):
try:
val = request.session['userID']

41
install/FileManager/.idea/workspace.xml
View File

@ -111,7 +111,7 @@
<foldersAlwaysOnTop value="true" />
</navigator>
<panes>
<pane id="Scratches" />
<pane id="Scope" />
<pane id="ProjectPane">
<subPane>
<expand>
@ -128,12 +128,12 @@
<select />
</subPane>
</pane>
<pane id="Scope" />
<pane id="Scratches" />
</panes>
</component>
<component name="PropertiesComponent">
<property name="WebServerToolWindowFactoryState" value="false" />
<property name="last_opened_file_path" value="$PROJECT_DIR$" />
<property name="last_opened_file_path" value="$USER_HOME$/sample-provisioning-module" />
<property name="DefaultHtmlFileTemplate" value="HTML File" />
<property name="list.type.of.created.stylesheet" value="CSS" />
</component>
@ -169,16 +169,18 @@
<workItem from="1525085664919" duration="10000" />
<workItem from="1525683960581" duration="13000" />
<workItem from="1526291898810" duration="13000" />
<workItem from="1526512471223" duration="71000" />
</task>
<servers />
</component>
<component name="TimeTrackingManager">
<option name="totallyTimeSpent" value="36418000" />
<option name="totallyTimeSpent" value="36489000" />
</component>
<component name="ToolWindowManager">
<frame x="1466" y="-4" width="1303" height="780" extended-state="6" />
<editor active="true" />
<layout>
<window_info id="Project" active="true" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="true" show_stripe_button="true" weight="0.23443505" sideWeight="0.5" order="0" side_tool="false" content_ui="combo" />
<window_info id="Project" active="false" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="true" show_stripe_button="true" weight="0.23443505" sideWeight="0.5" order="0" side_tool="false" content_ui="combo" />
<window_info id="TODO" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.33" sideWeight="0.5" order="6" side_tool="false" content_ui="tabs" />
<window_info id="Event Log" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.33" sideWeight="0.5" order="7" side_tool="true" content_ui="tabs" />
<window_info id="Database" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.33" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
@ -376,6 +378,35 @@
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/php/caller.php">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="558">
<caret line="31" column="23" lean-forward="false" selection-start-line="31" selection-start-column="23" selection-end-line="31" selection-end-column="23" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/php/fileManager.php">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<folding>
<element signature="n#listForTable#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#readFileContents#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#writeFileContents#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#createNewFolder#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#createNewFile#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#deleteFolderOrFile#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#compress#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#extract#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#moveFileAndFolders#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#copyFileAndFolders#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#renameFileOrFolder#0;n#fileManager#0;n#!!top" expanded="false" />
<element signature="n#cleanInput#0;n#fileManager#0;n#!!top" expanded="false" />
</folding>
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/php/fileManager.php">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">

11
plogical/backupSchedule.py
View File

@ -1,14 +1,12 @@
import thread
import pexpect
import CyberCPLogFileWriter as logging
import subprocess
import shlex
from shutil import rmtree
import os
import requests
import json
import time
from backupUtilities import backupUtilities
from re import match,I,M
class backupSchedule:
@ -26,7 +24,7 @@ class backupSchedule:
def createBackup(virtualHost, ipAddress, backupLogPath , port):
try:
backupSchedule.remoteBackupLogging(backupLogPath, "Preparing to create backup for: "+virtualHost)
backupSchedule.remoteBackupLogging(backupLogPath, "Preparing to create backup for: " + virtualHost)
backupSchedule.remoteBackupLogging(backupLogPath, "Backup started for: " + virtualHost)
finalData = json.dumps({'websiteToBeBacked': virtualHost})
@ -132,9 +130,8 @@ class backupSchedule:
return 0
for virtualHost in os.listdir("/home"):
if virtualHost == "vmail" or virtualHost == "cyberpanel" or virtualHost == "backup":
continue
backupSchedule.createBackup(virtualHost, ipAddress, backupLogPath, port)
if match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', virtualHost, M | I):
backupSchedule.createBackup(virtualHost, ipAddress, backupLogPath, port)
except BaseException,msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [prepare]")

20
plogical/backupUtilities.py
View File

@ -497,17 +497,24 @@ class backupUtilities:
else:
return [0,"Host is Down."]
expectation = "password:"
expectation = []
expectation.append("password:")
expectation.append("Permission denied")
command = "ssh -o StrictHostKeyChecking=no -p "+ port +" root@"+IPAddress+" mkdir /root/.ssh"
command = "sudo ssh -o StrictHostKeyChecking=no -p "+ port +" root@"+IPAddress+" mkdir /root/.ssh"
setupKeys = pexpect.spawn(command,timeout=3)
setupKeys.expect(expectation)
index = setupKeys.expect(expectation)
## on first login attempt send password
setupKeys.sendline(password)
if index == 0:
setupKeys.sendline(password)
elif index == 1:
return [0, 'Please enable password authentication on your remote server.']
else:
raise BaseException
## if it again give you password, than provided password is wrong
@ -534,7 +541,7 @@ class backupUtilities:
logging.CyberCPLogFileWriter.writeToFile(setupKeys.before + " " + str(msg) + " [setupSSHKeys]")
return [0, str(msg) + " [TIMEOUT setupSSHKeys]"]
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [setupSSHKeys]")
logging.CyberCPLogFileWriter.writeToFile(setupKeys.before + " " + str(msg) + " [setupSSHKeys]")
return [0, str(msg) + " [setupSSHKeys]"]
@staticmethod
@ -670,8 +677,9 @@ class backupUtilities:
@staticmethod
def host_key_verification(IPAddress):
try:
command = 'sudo ssh-keygen -R '+IPAddress
command = 'sudo ssh-keygen -R ' + IPAddress
subprocess.call(shlex.split(command))
return 1
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [host_key_verification]")
return 0

80
plogical/sslUtilities.py
View File

@ -174,31 +174,64 @@ class sslUtilities:
ipData = f.read()
serverIPAddress = ipData.split('\n', 1)[0]
## Obtaining Domain IPs
if aliasDomain == None:
ipRecords = sslUtilities.getDNSRecords(virtualHostName)
if ipRecords[0] == 1:
if serverIPAddress == ipRecords[1] and serverIPAddress == ipRecords[2]:
command = "certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
logging.CyberCPLogFileWriter.writeToFile(
"SSL successfully issued for domain : " + virtualHostName + " and www." + virtualHostName)
else:
if serverIPAddress == ipRecords[2]:
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
logging.CyberCPLogFileWriter.writeToFile(
"SSL is issued without 'www' due to DNS error for domain : " + virtualHostName)
else:
logging.CyberCPLogFileWriter.writeToFile(
"DNS Records for " + virtualHostName + " does not point to this server, issuing self signed certificate.")
return 0
else:
try:
logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)
command = "certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
output = subprocess.check_output(shlex.split(command))
logging.CyberCPLogFileWriter.writeToFile(
"Failed to obtain DNS records for " + virtualHostName + ", issuing self signed certificate.")
"Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName)
except subprocess.CalledProcessError, msg:
logging.CyberCPLogFileWriter.writeToFile(
"Failed to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)
try:
logging.CyberCPLogFileWriter.writeToFile(
"Trying to obtain SSL for: " + virtualHostName)
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
output = subprocess.check_output(shlex.split(command))
logging.CyberCPLogFileWriter.writeToFile(
"Successfully obtained SSL for: " + virtualHostName)
except subprocess.CalledProcessError, msg:
logging.CyberCPLogFileWriter.writeToFile('Failed to obtain SSL, issuing self-signed SSL for: ' + virtualHostName)
return 0
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
if not os.path.exists(pathToStoreSSL):
os.mkdir(pathToStoreSSL)
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
##
if output.find('Congratulations!') > -1:
###### Copy SSL To config location ######
srcPrivKey = "/etc/letsencrypt/live/" + virtualHostName + "/privkey.pem"
srcFullChain = "/etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem"
if os.path.exists(pathToStoreSSLPrivKey):
os.remove(pathToStoreSSLPrivKey)
if os.path.exists(pathToStoreSSLFullChain):
os.remove(pathToStoreSSLFullChain)
shutil.copy(srcPrivKey, pathToStoreSSLPrivKey)
shutil.copy(srcFullChain, pathToStoreSSLFullChain)
return 1
elif output.find('no action taken.') > -1:
return 1
elif output.find('Failed authorization procedure') > -1:
logging.CyberCPLogFileWriter.writeToFile(
'Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.")
return 0
elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1:
logging.CyberCPLogFileWriter.writeToFile(
'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.")
return 0
else:
@ -256,7 +289,6 @@ class sslUtilities:
## SSL Paths
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
if not os.path.exists(pathToStoreSSL):
@ -309,7 +341,7 @@ class sslUtilities:
return 0
def issueSSLForDomain(domain,adminEmail,sslpath, aliasDomain = None):
def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain = None):
try:
if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath, aliasDomain) == 1:

96
plogical/virtualHostUtilities.py
View File

@ -161,17 +161,15 @@ class virtualHostUtilities:
## Creating Per vhost Configuration File
if virtualHostUtilities.perHostVirtualConf(completePathToConfigFile,administratorEmail,virtualHostUser,phpVersion) == 1:
if virtualHostUtilities.perHostVirtualConf(completePathToConfigFile,administratorEmail,virtualHostUser,phpVersion, virtualHostName) == 1:
return [1,"None"]
else:
return [0,"[61 Not able to create per host virtual configurations [perHostVirtualConf]"]
@staticmethod
def perHostVirtualConf(vhFile, administratorEmail,virtualHostUser, phpVersion):
def perHostVirtualConf(vhFile, administratorEmail,virtualHostUser, phpVersion, virtualHostName):
# General Configurations tab
try:
confFile = open(vhFile, "w+")
@ -317,6 +315,10 @@ class virtualHostUtilities:
deny = " deny 0.0.0.0/0\n"
accessControlEnds = " }\n"
phpIniOverride = "phpIniOverride {\n"
php_admin_value = 'php_admin_value open_basedir "/tmp:/usr/local/lsws/Example/html/FileManager:/home/' + virtualHostName + '"\n'
endPHPIniOverride = "}\n"
defaultCharSet = " addDefaultCharset off\n"
contextEnds = "}\n"
@ -330,9 +332,22 @@ class virtualHostUtilities:
confFile.writelines(allow)
confFile.writelines(deny)
confFile.writelines(accessControlEnds)
#confFile.writelines(phpIniOverride)
#confFile.writelines(php_admin_value)
#confFile.writelines(endPHPIniOverride)
confFile.writelines(defaultCharSet)
confFile.writelines(contextEnds)
## OpenBase Dir Protection
#phpIniOverride = "phpIniOverride {\n"
#php_admin_value = 'php_admin_value open_basedir "/tmp:/home/' + virtualHostName + '"\n'
#endPHPIniOverride = "}\n"
#confFile.writelines(phpIniOverride)
#confFile.writelines(php_admin_value)
#confFile.writelines(endPHPIniOverride)
confFile.close()
except BaseException, msg:
@ -535,12 +550,22 @@ class virtualHostUtilities:
confFile.writelines(compressArchive)
confFile.writelines(access_Log_end)
## OpenBase Dir Protection
#phpIniOverride = "phpIniOverride {\n"
#php_admin_value = 'php_admin_value open_basedir "/tmp:' + path + '"\n'
#endPHPIniOverride = "}\n"
#confFile.writelines(phpIniOverride)
#confFile.writelines(php_admin_value)
#confFile.writelines(endPHPIniOverride)
# php settings
sockRandomPath = str(randint(1000, 9999))
scripthandler = "scripthandler {" + "\n"
add = " add lsapi:" + virtualHostUser+sockRandomPath + " php" + "\n"
add = " add lsapi:" + virtualHostUser + sockRandomPath + " php" + "\n"
php_end = "}" + "\n" + "\n"
confFile.writelines(scripthandler)
@ -605,6 +630,7 @@ class virtualHostUtilities:
confFile.writelines(procHardLimit)
confFile.writelines(extprocessorEnd)
confFile.close()
except BaseException, msg:
@ -1541,27 +1567,33 @@ def issueSSLForHostName(virtualHost,path):
if os.path.exists(destCert):
os.remove(destCert)
adminEmail = "email@" + virtualHost
letsEncryptPath = "/etc/letsencrypt/live/" + virtualHost
retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
if retValues[0] == 0:
print "0," + str(retValues[1])
return
if os.path.exists(letsEncryptPath) and os.path.exists(pathToStoreSSL):
pass
else:
shutil.copy(pathToStoreSSLPrivKey, destPrivKey)
shutil.copy(pathToStoreSSLFullChain, destCert)
adminEmail = "email@" + virtualHost
command = 'systemctl restart lscpd'
cmd = shlex.split(command)
subprocess.call(cmd)
retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts"
command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath
cmd = shlex.split(command)
subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
if retValues[0] == 0:
print "0," + str(retValues[1])
return
shutil.copy(pathToStoreSSLPrivKey, destPrivKey)
shutil.copy(pathToStoreSSLFullChain, destCert)
command = 'systemctl restart lscpd'
cmd = shlex.split(command)
subprocess.call(cmd)
vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts"
command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath
cmd = shlex.split(command)
subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
print "1,None"
print "1,None"
except BaseException,msg:
logging.CyberCPLogFileWriter.writeToFile(
@ -1575,13 +1607,22 @@ def issueSSLForMailServer(virtualHost,path):
pathToStoreSSL = virtualHostUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHost
adminEmail = "email@" + virtualHost
srcPrivKey = pathToStoreSSL + "/privkey.pem"
srcFullChain = pathToStoreSSL + "/fullchain.pem"
retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
if retValues[0] == 0:
print "0," + str(retValues[1])
return
letsEncryptPath = "/etc/letsencrypt/live/" + virtualHost
if os.path.exists(letsEncryptPath) and os.path.exists(pathToStoreSSL):
pass
else:
adminEmail = "email@" + virtualHost
retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
if retValues[0] == 0:
print "0," + str(retValues[1])
return
## MailServer specific functions
@ -1607,9 +1648,6 @@ def issueSSLForMailServer(virtualHost,path):
## Postfix
srcPrivKey = pathToStoreSSL + "/privkey.pem"
srcFullChain = pathToStoreSSL + "/fullchain.pem"
shutil.copy(srcPrivKey, "/etc/postfix/key.pem")
shutil.copy(srcFullChain, "/etc/postfix/cert.pem")

3
websiteFunctions/templates/websiteFunctions/listWebsites.html
View File

@ -76,9 +76,6 @@
</div>
</div>
</div>
</div>