mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-03-04 23:29:22 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add 'Unraid.net' with flash backup support.

Browse Source 
Page exists on Settings/Identifcation for now.
This commit is contained in:
Tom Mortensen
2019-01-07 11:46:58 -08:00
parent ed92c3bbfb
commit 410cf6bc97
4 changed files with 544 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
plugins/dynamix/UnraidNet.page Normal file
View File

@@ -0,0 +1,272 @@
Menu="Identification"
Title="Unraid.net"
Icon="ident.png"
Tag="globe"
---
<?PHP
/* Copyright 2005-2018, Lime Technology
* Copyright 2012-2018, Bergware International.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*/
?>
<?
// more:
// - if someone deletes the dynamic.cfg or directly edits [remote] section therein, it may be possible
// that server will appear 'unregistered' in webgui but not on My Servers.
// - appears someone could register, enable remote access, then unregister, replace the ssl cert, and
// now can remotely access using url that matches their cert. This is probably a bug here, but we might
// want to rework this somewhat to explicitly enable this 'feature' (remote access using user-provided cert).
$keyfile = @file_get_contents($var['regFILE']);
if ($keyfile !== false)
$keyfile = @base64_encode($keyfile);
if (empty($remote)) {
$remote = [
"apikey" => "",
"wanaccess" => "no",
"wanport" => "443"
];
}
if (empty($remote['wanport'])) {
$remote['wanport'] = 443;
}
$hasCert = file_exists('/boot/config/ssl/certs/certificate_bundle.pem');
$isRegistered = !empty($remote['apikey']);
$boolWebUIAuth = $isRegistered || file_exists('/etc/nginx/htpasswd');
$isActivated = false;
$isUptodate = false;
if ($isRegistered) {
exec("/usr/bin/php -f $docroot/webGui/include/UpdateFlashBackup.php status", $output, $retval);
$isActivated = ($retval == 0);
if ($isActivated) $isUptodate = empty($output);
}
?>
<script>
function registerServer(button) {
var oldlabel = $.trim($(button).text());
var failure = function(data) {
var status = data.status;
var obj = data.responseJSON;
var msg = "Sorry, an error ("+status+") occurred registering this server. " +
"The error is: "+obj.error+".";
$(button).prop("disabled", false).html(oldlabel);
swal('Oops',msg,'error');
};
var success = function(data) {
if (data.apikey) {
$.post('/webGui/include/Dispatcher.php',{
"#cfg": "/boot/config/plugins/dynamix/dynamix.cfg",
"remote_apikey": data.apikey,
"remote_wanaccess": $('#wanaccess').val(),
"remote_wanport": $('#wanport').val()
});
$(button).prop("disabled", false).html(oldlabel);
<?if(!$isRegistered):?>
swal({title:"",text:"Your server has been registered",type:"success",allowEscapeKey:false},function(){button.form.submit();});
<?else:?>
button.form.submit();
<?endif?>
} else {
failure({"status": 403, "responseJSON": {"error": "Unable to register this Unraid Server"}});
}
};
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> "+oldlabel+"ing");
$.post("/webGui/include/UpdateDNS.php",{username:$('#ips_username').val(),password:$('#ips_password').val(),externalport:$('#wanport').val(),remoteaccess:$('#wanaccess').val()},success).fail(failure);
}
function unregisterServer(button) {
var oldlabel = $.trim($(button).text());
var failure = function(data) {
var status = data.status;
var obj = data.responseJSON;
var msg = "Sorry, an error ("+status+") occurred unregistering this server. " +
"The error is: "+obj.error+".";
$(button).prop("disabled", false).html(oldlabel);
swal('Oops',msg,'error');
};
var success = function(data) {
$.post('/webGui/include/Dispatcher.php',{
"#cfg": "/boot/config/plugins/dynamix/dynamix.cfg",
"remote_apikey": "",
"remote_wanaccess": $('#wanaccess').val(),
"remote_wanport": $('#wanport').val()
});
$(button).prop("disabled", false).html(oldlabel);
swal({title:"",text:"Your server has been unregistered",type:"success",allowEscapeKey:false},function(){button.form.submit();});
};
swal({title:"Remove Registration",text:"Are you sure you want to unregister your server?",type:'warning',confirmButtonText:'Unregister',showCancelButton:true},function(){
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> "+oldlabel+"ing");
$.post("https://keys.lime-technology.com/account/server/unregister",{keyfile:"<?=$keyfile?>"},success).fail(failure);
});
}
function dnsCheckServer(button) {
var oldlabel = $.trim($(button).text());
var failure = function(data) {
var status = data.status;
var obj = data.responseJSON;
var msg = "Sorry, an error ("+status+") occurred checking this server. " +
"The error is: "+obj.error+".";
$(button).prop("disabled", false).html(oldlabel);
swal('Oops',msg,'error');
};
var success = function(data) {
$(button).prop("disabled", false).html(oldlabel);
if (data.status) {
swal("","Your Unraid Server is reachable from the internet","success");
} else {
swal("Oops","This Unraid Server was unreachable from the outside","error");
}
};
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> "+oldlabel+"ing");
$.post("https://keys.lime-technology.com/account/server/checkdns",{externalport:$('#wanport').val(),keyfile:"<?=$keyfile?>"},success).fail(failure);
}
function changeRemoteAccess(dropdown) {
if ($(dropdown).val() == 'yes') {
$("#wanpanel").slideDown('fast');
} else {
$("#wanpanel").slideUp('fast');
}
}
function enableFlashBackup(button) {
var oldlabel = $.trim($(button).text());
var failure = function(data) {
var status = data.status;
var obj = data.responseJSON;
var msg = "Sorry, an error ("+status+") occurred enabling Flash backup. " +
"The error is: "+obj.error+".";
$(button).prop("disabled", false).html(oldlabel);
swal({title:"",text:"Oops",type:"error",allowEscapeKey:false},function(){button.form.submit();});
};
var success = function(data) {
$(button).prop("disabled", false).html(oldlabel);
button.form.submit();
};
if (oldlabel == 'Activate') {
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> Activating");
$.post("/webGui/include/UpdateFlashBackup.php",{command:"activate"},success).fail(failure);
}
if (oldlabel == 'Deactivate') {
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> Deactivating");
$.post("/webGui/include/UpdateFlashBackup.php",{command:"deactivate"},success).fail(failure);
}
if (oldlabel == 'Update') {
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> Updating");
$.post("/webGui/include/UpdateFlashBackup.php",{command:"update"},success).fail(failure);
}
if (oldlabel == 'Reinitialize') {
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> Reinitializing");
$.post("/webGui/include/UpdateFlashBackup.php",{command:"reinit"},success).fail(failure);
}
if (oldlabel == 'Deactivate') {
$(button).prop("disabled", true).html("<i class=\"fa fa-spinner fa-spin\" aria-hidden=\"true\"></i> Deactivating");
$.post("/webGui/include/UpdateFlashBackup.php",{command:"deactivate"},success).fail(failure);
}
if (oldlabel == 'Changes') {
openBox("/webGui/include/gitstatus.php", "Changes", 600,600, false);
}
}
</script>
<form markdown="1" name="UnraidNetSettings" method="POST" action="/update.htm" target="progressFrame">
<?if(!$isRegistered):?>
Unraid.net Status:
: <span class='orange p0'>Unregistered</span>
Unraid.net Username:
: <input type="text" id="ips_username" value="">
Unraid.net Password:
: <input type="password" id="ips_password" value="">
<?else:?>
Unraid.net Status:
: <span class='green p0'>Registered</span>
<?endif?>
<?if($hasCert):?>
Allow Remote Access:
: <select id="wanaccess" size="1" class="narrow" onchange="changeRemoteAccess(this)">
<?=mk_option($remote['wanaccess'], "no", "No")?>
<?=mk_option($remote['wanaccess'], "yes", "Yes")?>
</select>
<div markdown="1" id="wanpanel" style="display:<?=($remote['wanaccess']=='yes'?'block':'none')?>">
WAN Port:
: <?if(!$boolWebUIAuth):?><input type="hidden" id="wanport" value="0"><span><i class="fa fa-warning icon warning"></i> Disabled until your root user account is password-protected</span><?else:?><input type="number" id="wanport" class="trim" min="0" max="65535" value="<?=htmlspecialchars($remote['wanport'])?>"> <button type="button" onclick="dnsCheckServer(this)" style="margin-top: 0">Check</button><?endif?>
> WAN Port is the external TCP port number setup on your router to NAT/Port Forward traffic from the internet to this
> Unraid server SSL port for secure web traffic.
</div>
<?else:?>
<input type="hidden" id="wanaccess" value="no">
<input type="hidden" id="wanport" value="0">
<?endif?>
&nbsp;
: <button type="button" onclick="registerServer(this)"><?=$isRegistered?'Apply':'Register'?></button><?if($isRegistered):?><button type="button" onclick="unregisterServer(this)">Unregister</button><?endif?>
</form>
<?if($isRegistered):?>
<form markdown="1" name="FlashBackup" method="POST" action="/update.htm" target="progressFrame">
<?if(!$isActivated):?>
Flash backup:
: <span class='orange p0'>Not activated</span>
&nbsp;
: <button type="button" onclick="enableFlashBackup(this)">Activate</button>
> Click Activate to set up a local git repo for your local USB Flash boot device and connect to a dedicated remote on unraid.net tied tothis server.
<?else:?>
Flash backup:
: <span class='green p0'>Activated:</span> <?if(!$isUptodate):?><span class='orange p0'>Not up-to-date</span><?else:?><span class='green p0'>Up-to-date</span><?endif?>
<?if(!$isUptodate):?>
&nbsp;
: <button type="button" onclick="enableFlashBackup(this)">Update</button> <button type="button" onclick="enableFlashBackup(this)">Changes</button>
> The Not Up-to-date status indicates there are local files which are changed vs. the remote on unraid.net.
> Click Update to push changes to the remote.
> Click Changes to see what has changed.
<?else:?>
&nbsp;
: <button type="button" disabled>Update</button>
> The Up-to-date status indicates your local configuration matches that stored on the unraid.net remote.
<?endif?>
&nbsp;
: <button type="button" onclick="enableFlashBackup(this)">Deactivate</button> <button type="button" onclick="enableFlashBackup(this)">Reinitialize</button>
> Click Deactivate to pause communication with your remote on unraid.net.
> Click Reinitialize to erase all change history in both local and unraid.net remote.
<?endif?>
</form>
<?endif?>

73
plugins/dynamix/include/UpdateDNS.php
View File

@@ -28,15 +28,41 @@ function response_complete($httpcode, $result, $cli_success_msg='') {
exit((string)$result);
}
// remoteaccess, externalport, (if registering) username, password
extract(parse_ini_file('/boot/config/plugins/dynamix/dynamix.cfg',true));
if (empty($remote)) {
$remote = [
"apikey" => "",
"wanaccess" => "no",
"wanport" => "443"
];
}
if (empty($remote['wanport'])) {
$remote['wanport'] = 443;
}
if ($cli) {
$remoteaccess = $remote['wanaccess'];
$externalport = $remote['wanport'];
$username = '';
$password = '';
} else {
$remoteaccess = $_POST['remoteaccess'];
$externalport = $_POST['externalport'];
$username = $_POST['username'];
$password = $_POST['password'];
}
$isRegistered = !empty($remote['apikey']);
// protocol, hostname, internalport
list($protocol, $hostname, $internalport) = explode(":", rtrim(file_get_contents("/var/run/nginx.origin")));
$hostname = substr($hostname, 2);
if (!preg_match('/.*\.unraid\.net$/', $hostname)) {
if (!$isRegistered && empty($username) && !preg_match('/.*\.unraid\.net$/', $hostname)) {
response_complete(406, '{"error":"Nothing to do"}');
}
// keyfile
$var = parse_ini_file("/var/local/emhttp/var.ini");
$var = parse_ini_file('/var/local/emhttp/var.ini');
$keyfile = @file_get_contents($var['regFILE']);
if ($keyfile === false) {
response_complete(406, '{"error":"Registration key required"}');
@@ -49,10 +75,45 @@ $internalip = $eth0['IPADDR:0'];
$ch = curl_init('https://keys.lime-technology.com/account/server/register');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'internalip' => $internalip,
'keyfile' => $keyfile
]);
if (!$isRegistered && empty($username)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'internalip' => $internalip,
'keyfile' => $keyfile
]);
} else {
// servername, servercomment
$servername = $var['NAME'];
$servercomment = $var['COMMENT'];
if (empty($username)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'servername' => $servername,
'servercomment' => $servercomment,
'protocol' => $protocol,
'hostname' => $hostname,
'internalport' => $internalport,
'internalip' => $internalip,
'remoteaccess' => $remoteaccess,
'externalport' => $externalport,
'keyfile' => $keyfile
]);
} else {
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'servername' => $servername,
'servercomment' => $servercomment,
'protocol' => $protocol,
'hostname' => $hostname,
'internalport' => $internalport,
'internalip' => $internalip,
'remoteaccess' => $remoteaccess,
'externalport' => $externalport,
'username' => $username,
'password' => $password,
'keyfile' => $keyfile
]);
}
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

201
plugins/dynamix/include/UpdateFlashBackup.php Normal file
View File

@@ -0,0 +1,201 @@
<?PHP
/* Copyright 2005-2018, Lime Technology
* Copyright 2012-2018, Bergware International.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*/
?>
<?
$cli = php_sapi_name()=='cli';
function response_complete($httpcode, $result, $cli_success_msg='') {
global $cli;
if ($cli) {
$json = @json_decode($result,true);
if (!empty($json['error'])) {
echo 'Error: '.$json['error'].PHP_EOL;
exit(1);
}
if (!empty($cli_success_msg)) $cli_success_msg .= PHP_EOL;
exit($cli_success_msg);
}
header('Content-Type: application/json');
http_response_code($httpcode);
exit((string)$result);
}
// command
// init (default)
// activate
// status
// update
// reinit
// deactivate
if ($cli) {
if ($argc > 1) $command = $argv[1];
} else {
$command = $_POST['command'];
}
if (empty($command)) $command='init';
// keyfile
$var = parse_ini_file("/var/local/emhttp/var.ini");
$keyfile = @file_get_contents($var['regFILE']);
if ($keyfile === false) {
response_complete(406, '{"error":"Registration key required"}');
}
$keyfile = @base64_encode($keyfile);
// check if activated
if ($command != 'activate') {
exec('git -C /boot config --get remote.origin.url', $config_output, $return_var);
if (($return_var != 0) || (strpos($config_output,'backup.unraid.net') === false)) {
response_complete(406, '{"error":"Not activated"}');
}
}
// if deactivate command, just remove our origin
if ($command == 'deactivate') {
exec('git --git-dir /boot/.git remote remove origin &>/dev/null');
response_complete(200, '{}');
}
// build a list of sha256 hashes of the bzfiles
$bzfilehashes = [];
$allbzfiles = ['bzimage','bzfirmware','bzmodules','bzroot','bzroot-gui'];
foreach ($allbzfiles as $bzfile) {
$sha256 = trim(@file_get_contents("/boot/$bzfile.sha256"));
if (strlen($sha256) != 64) {
response_complete(406, '{"error":"Invalid or missing '.$bzfile.'.sha256 file"}');
}
$bzfilehashes[] = $sha256;
}
$ch = curl_init('https://keys.lime-technology.com/backup/flash/activate');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'keyfile' => $keyfile,
'version' => $var['version'],
'bzfiles' => implode(',', $bzfilehashes)
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
curl_close($ch);
if ($result === false) {
response_complete(500, '{"error":"'.$error.'"}');
}
$json = json_decode($result, true);
if (empty($json) || empty($json['ssh_privkey'])) {
response_complete(406, $result);
}
// save the public and private keys
if (!file_exists('/root/.ssh')) {
mkdir('/root/.ssh', 0700);
}
file_put_contents('/root/.ssh/unraidbackup_id_ed25519', $json['ssh_privkey']);
chmod('/root/.ssh/unraidbackup_id_ed25519', 0600);
file_put_contents('/root/.ssh/unraidbackup_id_ed25519.pub', $json['ssh_pubkey']);
chmod('/root/.ssh/unraidbackup_id_ed25519.pub', 0644);
// add configuration to use our keys
if (!file_exists('/root/.ssh/config') || strpos(file_get_contents('/root/.ssh/config'),'Host backup.unraid.net') === false) {
file_put_contents('/root/.ssh/config', 'Host backup.unraid.net
IdentityFile ~/.ssh/unraidbackup_id_ed25519
IdentitiesOnly yes
', FILE_APPEND);
chmod('/root/.ssh/config', 0644);
}
// add our server as a known host
if (!file_exists('/root/.ssh/known_hosts') || strpos(file_get_contents('/root/.ssh/known_hosts'),'backup.unraid.net,54.70.72.154') === false) {
file_put_contents('/root/.ssh/known_hosts', 'backup.unraid.net,54.70.72.154 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKrKXKQwPZTY25MoveIw7fZ3IoZvvffnItrx6q7nkNriDMr2WAsoxu0DrU2QrSLH5zFF1ibv4tChS1hOpiYObiI=', FILE_APPEND);
chmod('/root/.ssh/known_hosts', 0644);
}
// blow away existing repo if reinit command
if ($command == 'reinit') {
exec('rm -rf /boot/.git');
}
// ensure git repo is setup on the flash drive
if (!file_exists('/boot/.git/info/exclude')) {
exec('git init /boot &>/dev/null');
}
// setup git ignore for files we dont need in the flash backup
if (strpos(file_get_contents('/boot/.git/info/exclude'),'Unraid') === false) {
file_put_contents('/boot/.git/info/exclude', '# Unraid OS Flash Backup
# Blacklist everything
/*
# Whitelist selected root files
!*.sha256
!changes.txt
!license.txt
!EFI*/
EFI*/boot/*
!EFI*/boot/syslinux.cfg
!syslinux/
syslinux/*
!syslinux/syslinux.cfg
!syslinux/syslinux.cfg-
# Whitelist entire config directory except for selected files
!config/
config/drift
config/random-seed
config/plugins/unRAIDServer.plg
');
}
// ensure git user is configured
exec('git --git-dir /boot/.git config user.email \'gitbot@unraid.net\' &>/dev/null');
exec('git --git-dir /boot/.git config user.name \'gitbot\' &>/dev/null');
// ensure upstream git server is configured and in-sync
exec('git --git-dir /boot/.git remote add -f -t master -m master origin git@backup.unraid.net:~/flash.git &>/dev/null');
if ($command != 'reinit') {
exec('git --git-dir /boot/.git reset origin/master &>/dev/null');
exec('git --git-dir /boot/.git checkout -B master origin/master &>/dev/null');
}
// establish status
exec('git -C /boot status --porcelain', $status_output, $return_var);
if ($return_var != 0) {
response_complete(406, '{"error":"'.${status_output[0]}.'"}');
}
if ($command == 'status') {
$data = implode("\n", $status_output);
response_complete($httpcode, '{"data":"'.$data.'"}', $data);
}
if (($command == 'update') || ($command == 'reinit')) {
// push changes upstream
if (!empty($status_output)) {
exec('git -C /boot add -A &>/dev/null');
if ($command == 'reinit') {
exec('git -C /boot commit -m \'Initial commit\' &>/dev/null');
exec('git -C /boot push --force origin master &>/dev/null');
} else {
exec('git -C /boot commit -m \'Config change\' &>/dev/null');
exec('git -C /boot push &>/dev/null');
}
}
}
response_complete($httpcode, '{}');
?>

4
plugins/dynamix/include/gitstatus.php Normal file
View File

@@ -0,0 +1,4 @@
<?PHP
exec("git -C /boot status --porcelain", $output);
echo implode("<br>", $output);
?>