mirror
/
cyberpanel
mirror of https://github.com/usmannasir/cyberpanel.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Imrpovement to SSL Module.

This commit is contained in:
usmannasir 2018-05-06 14:18:41 +05:00
parent 1071ae6ec5
commit e71c8e53c6
4 changed files with 128 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
install/install.py
View File

@ -2505,7 +2505,6 @@ class preFlightsChecks:
if count == 3:
logging.InstallLog.writeToFile(
"Failed to install tldextract! [installTLDExtract]")
preFlightsChecks.stdOut("Installation failed, consult: /var/log/installLogs.txt")
else:
logging.InstallLog.writeToFile("tldextract successfully installed! [pip]")
preFlightsChecks.stdOut("tldextract successfully installed! [pip]")
@ -2604,6 +2603,29 @@ milter_default_action = accept
return 1
def installdnsPython(self):
try:
count = 0
while (1):
command = "pip install dnspython"
res = subprocess.call(shlex.split(command))
if res == 1:
count = count + 1
preFlightsChecks.stdOut(
"Trying to install dnspython, trying again, try number: " + str(count))
if count == 3:
logging.InstallLog.writeToFile(
"Failed to install dnspython! [installdnsPython]")
else:
logging.InstallLog.writeToFile("dnspython successfully installed! [pip]")
preFlightsChecks.stdOut("dnspython successfully installed! [pip]")
break
except OSError, msg:
logging.InstallLog.writeToFile(str(msg) + " [installdnsPython]")
return 0
def main():
@ -2678,6 +2700,7 @@ def main():
checks.download_install_CyberPanel(installCyberPanel.InstallCyberPanel.mysqlPassword)
checks.setup_cron()
checks.installTLDExtract()
#checks.installdnsPython()
## Install and Configure OpenDKIM.

290
plogical/sslUtilities.py
View File

@ -1,12 +1,9 @@
import CyberCPLogFileWriter as logging
import shutil
import pexpect
import os
import sys
import shlex
import subprocess
import socket
import requests
class sslUtilities:
@ -111,7 +108,6 @@ class sslUtilities:
return 0
@staticmethod
def checkSSLListener():
try:
@ -125,232 +121,124 @@ class sslUtilities:
return str(msg)
return 0
@staticmethod
def getDNSRecords(virtualHostName):
try:
withoutWWW = socket.gethostbyname(virtualHostName)
withWWW = socket.gethostbyname('www.' + virtualHostName)
return [1, withWWW, withoutWWW]
except BaseException, msg:
return [0, "347 " + str(msg) + " [issueSSLForDomain]"]
@staticmethod
def obtainSSLForADomain(virtualHostName,adminEmail,sslpath):
try:
#if virtualHostName.count(".")==1:
# command = "sudo certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
#else:
# command = "sudo certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
try:
ipFile = "/etc/cyberpanel/machineIP"
f = open(ipFile)
ipData = f.read()
serverIPAddress = ipData.split('\n', 1)[0]
## Obtaining Server IP
domainIP = socket.gethostbyname("www."+virtualHostName)
if serverIPAddress == domainIP:
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
ipFile = "/etc/cyberpanel/machineIP"
f = open(ipFile)
ipData = f.read()
serverIPAddress = ipData.split('\n', 1)[0]
## Obtaining Domain IPs
ipRecords = sslUtilities.getDNSRecords(virtualHostName)
if ipRecords[0] == 1:
if serverIPAddress == ipRecords[1] and serverIPAddress == ipRecords[2]:
command = "certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
logging.CyberCPLogFileWriter.writeToFile(
"SSL successfully issued for domain : " + virtualHostName + " and www." + virtualHostName)
else:
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
logging.CyberCPLogFileWriter.writeToFile(
"SSL is issued without 'www' due to DNS error! for domain : " + virtualHostName)
except:
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
logging.CyberCPLogFileWriter.writeToFile("SSL is issued without 'www' due to DNS error! for domain : " + virtualHostName)
expectation = []
expectation.append("not exist or is not a directory") #0
expectation.append("Congratulations!") #1
expectation.append("no action taken.") #2
expectation.append("you should also verify") #3
expectation.append("that you are serving files from the webroot path") #4
expectation.append("Enter email address") #5
expectation.append("There were too many requests") # 6
expectation.append("--expand flag") #7
try:
obtainSSL = pexpect.spawn(command)
index = obtainSSL.expect(expectation)
obtainSSL.logfile = sys.stdout
if index==0:
obtainSSL.kill(0)
return "Directory Error 1"
elif index==1:
logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK")
elif index==2:
logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK")
elif index==3:
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
try:
os.mkdir(pathToStoreSSL)
except BaseException, msg:
if serverIPAddress == ipRecords[2]:
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [Can not create directory to store SSL [obtainSSLForADomain]]")
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
command = 'sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain
cmd = shlex.split(command)
res = subprocess.call(cmd)
return 1
elif index == 4:
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
try:
os.mkdir(pathToStoreSSL)
except BaseException, msg:
"SSL is issued without 'www' due to DNS error for domain : " + virtualHostName)
else:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [Can not create directory to stroe SSL [obtainSSLForADomain]]")
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
command = 'openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain
cmd = shlex.split(command)
res = subprocess.call(cmd)
return 1
elif index ==5 :
obtainSSL.sendline(adminEmail)
expectation = "(A)gree/(C)ancel:"
obtainSSL.expect(expectation)
obtainSSL.sendline("A")
expectation = "(Y)es/(N)o:"
obtainSSL.expect(expectation)
obtainSSL.sendline("Y")
expectation = "(Y)es/(N)o:"
obtainSSL.expect(expectation)
obtainSSL.sendline("Y")
expectation = []
expectation.append("not exist or is not a directory") # 0
expectation.append("Congratulations!") # 1
expectation.append("no action taken.") # 2
index = obtainSSL.expect(expectation)
if index==0:
obtainSSL.kill(0)
return "Directory Error 2"
elif index==1:
logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK")
elif index==2:
logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK")
elif index==6:
return "Too many SSL requests for this domain, please try to get SSL at later time."
elif index==7:
command = "certbot certonly -n --agree-tos --email " + adminEmail + " --expand --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
subprocess.call(shlex.split(command))
logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK by expanding!")
"DNS Records for " + virtualHostName + " does not point to this server, issuing self signed certificate.")
return 0
else:
logging.CyberCPLogFileWriter.writeToFile(
"Failed to obtain DNS records for " + virtualHostName + ", issuing self signed certificate.")
return 0
except pexpect.EOF,msg:
logging.CyberCPLogFileWriter.writeToFile("#######################################")
logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.before))
logging.CyberCPLogFileWriter.writeToFile("#######################################")
logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.after))
logging.CyberCPLogFileWriter.writeToFile("#######################################")
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
try:
os.mkdir(pathToStoreSSL)
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [Can not create directory to stroe SSL [obtainSSLForADomain]]")
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
command = 'sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain
cmd = shlex.split(command)
res = subprocess.call(cmd)
## SSL Paths
return 1
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
except pexpect.TIMEOUT, msg:
logging.CyberCPLogFileWriter.writeToFile("#######################################")
logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.before))
logging.CyberCPLogFileWriter.writeToFile("#######################################")
logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.after))
logging.CyberCPLogFileWriter.writeToFile("#######################################")
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName
try:
os.mkdir(pathToStoreSSL)
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [Can not create directory to stroe SSL [obtainSSLForADomain]]")
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
command = 'sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain
cmd = shlex.split(command)
res = subprocess.call(cmd)
return 1
###### Copy SSL To config location ######
pathToStoreSSL = sslUtilities.Server_root+"/conf/vhosts/" +"SSL-"+virtualHostName
try:
if not os.path.exists(pathToStoreSSL):
os.mkdir(pathToStoreSSL)
except BaseException,msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Directory for SSL already exists.. Continuing [obtainSSLForADomain]]")
srcPrivKey = "/etc/letsencrypt/live/" + virtualHostName + "/privkey.pem"
srcFullChain = "/etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem"
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
shutil.copy(srcPrivKey, pathToStoreSSLPrivKey)
shutil.copy(srcFullChain, pathToStoreSSLFullChain)
srcPrivKey = "/etc/letsencrypt/live/" + virtualHostName + "/privkey.pem"
srcFullChain = "/etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem"
##
output = subprocess.check_output(shlex.split(command))
if output.find('Congratulations!') > -1 or output.find('no action taken.') > -1:
###### Copy SSL To config location ######
shutil.copy(srcPrivKey, pathToStoreSSLPrivKey)
shutil.copy(srcFullChain, pathToStoreSSLFullChain)
return 1
elif output.find('Failed authorization procedure') > -1:
logging.CyberCPLogFileWriter.writeToFile('Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.")
return 0
elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1:
logging.CyberCPLogFileWriter.writeToFile(
'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.")
return 0
return 1
except BaseException,msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [obtainSSLForADomain]]")
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Failed to obtain SSL. [obtainSSLForADomain]]")
return 0
def issueSSLForDomain(domain,adminEmail,sslpath):
try:
ssl_responce = sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath)
if ssl_responce == 1:
if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath) == 1:
if sslUtilities.installSSLForDomain(domain) == 1:
return [1, "None"]
else:
return [0, "352 Failed to install SSL for domain. [issueSSLForDomain]"]
return [0, "210 Failed to install SSL for domain. [issueSSLForDomain]"]
else:
return [0,"347 Failed to obtain SSL [issueSSLForDomain]"]
pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + domain
if not os.path.exists(pathToStoreSSL):
os.mkdir(pathToStoreSSL)
pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem"
pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem"
command = 'openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain
cmd = shlex.split(command)
subprocess.call(cmd)
if sslUtilities.installSSLForDomain(domain) == 1:
logging.CyberCPLogFileWriter.writeToFile("Self signed SSL issued for " + domain + ".")
return [1, "None"]
else:
return [0, "220 Failed to install SSL for domain. [issueSSLForDomain]"]
except BaseException,msg:
return [0, "347 "+ str(msg)+ " [issueSSLForDomain]"]

5
plogical/upgrade.py
View File

@ -73,6 +73,11 @@ class Upgrade:
command = "pip install tldextract"
subprocess.call(shlex.split(command))
## Install dnspython
#command = "pip install dnspython"
#subprocess.call(shlex.split(command))
## Change File manager permissions
command = "chmod -R 777 /usr/local/lsws/Example/html/FileManager"

46
plogical/virtualHostUtilities.py
View File

@ -1048,50 +1048,24 @@ def issueSSL(virtualHost,path,adminEmail):
if os.path.exists(pathToStoreSSLFullChain):
os.remove(pathToStoreSSLFullChain)
if not (os.path.exists(srcPrivKey) and os.path.exists(srcFullChain)):
retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
if retValues[0] == 0:
print "0," + str(retValues[1])
return
installUtilities.installUtilities.reStartLiteSpeed()
vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts"
command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath
cmd = shlex.split(command)
subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
print "1,None"
if retValues[0] == 0:
print "0," + str(retValues[1])
return
else:
###### Copy SSL To config location ######
try:
os.mkdir(pathToStoreSSL)
except BaseException, msg:
logging.CyberCPLogFileWriter.writeToFile(
str(msg) + " [Directory for SSL already exists.. Continuing [issueSSL]]")
installUtilities.installUtilities.reStartLiteSpeed()
srcPrivKey = "/etc/letsencrypt/live/" + virtualHost + "/privkey.pem"
srcFullChain = "/etc/letsencrypt/live/" + virtualHost + "/fullchain.pem"
vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts"
command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath
cmd = shlex.split(command)
subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
shutil.copy(srcPrivKey, pathToStoreSSLPrivKey)
shutil.copy(srcFullChain, pathToStoreSSLFullChain)
print "1,None"
return
sslUtilities.sslUtilities.installSSLForDomain(virtualHost)
installUtilities.installUtilities.reStartLiteSpeed()
vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts"
command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath
cmd = shlex.split(command)
subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
print "1,None"
return
except BaseException,msg: