mirror of
https://github.com/unraid/webgui.git
synced 2026-01-14 13:39:58 -06:00
301 lines
11 KiB
Plaintext
301 lines
11 KiB
Plaintext
Menu="OtherSettings"
|
|
Type="xmenu"
|
|
Title="Management Access"
|
|
Icon="icon-key"
|
|
Tag="expeditedssl"
|
|
---
|
|
<?PHP
|
|
/* Copyright 2005-2021, Lime Technology
|
|
* Copyright 2012-2021, Bergware International.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version 2,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*/
|
|
?>
|
|
<?
|
|
function find_tasks() {
|
|
global $site;
|
|
$tasks = [];
|
|
foreach ($site as $page) {
|
|
if (empty($page['Menu'])) continue;
|
|
$menu = strtok($page['Menu'], ' ');
|
|
switch ($menu[0]) {
|
|
case '$': $menu = get_ini_key($menu,strtok(' ')); break;
|
|
case '/': $menu = get_file_key($menu,strtok(' ')); break;
|
|
}
|
|
while ($menu !== false) {
|
|
if (substr($menu,0,5) == 'Tasks') {
|
|
if (empty($page['Cond'])) $tasks[] = $page['name'];
|
|
break;
|
|
}
|
|
$menu = strtok(' ');
|
|
}
|
|
}
|
|
sort($tasks);
|
|
return $tasks;
|
|
}
|
|
$tasks = find_tasks();
|
|
$internalip = $eth0['IPADDR:0'];
|
|
$keyfile = @file_get_contents($var['regFILE']);
|
|
if ($keyfile !== false) $keyfile = base64_encode($keyfile);
|
|
$certFile = "/boot/config/ssl/certs/certificate_bundle.pem";
|
|
$certPresent = file_exists("$certFile");
|
|
$certSubject="";
|
|
if ($certPresent) $certSubject = exec("/usr/bin/openssl x509 -noout -subject -nameopt multiline -in $certFile | /usr/bin/sed -n 's/ *commonName *= //p'");
|
|
$isLEcert = $certPresent && preg_match('/.*\.unraid\.net$/', $certSubject);
|
|
if ($isLEcert) {
|
|
exec("/usr/bin/openssl x509 -checkend 2592000 -noout -in $certFile",$arrout,$retval_expired);
|
|
$rebindtest_ip = exec("/usr/bin/host -4 rebindtest.unraid.net |sed -n 's/.*has address //p'");
|
|
$dnsRebindingProtection = ($rebindtest_ip != "192.168.42.42");
|
|
if (!$dnsRebindingProtection) {
|
|
$certtest_ip = exec("/usr/bin/host -4 $certSubject |sed -n 's/.*has address //p'");
|
|
$dnsValid = ($certtest_ip == $internalip);
|
|
}
|
|
// more: similar test for "www.$certSubject" dns valid goes here
|
|
}
|
|
$provisionlabel = $isLEcert ? _('Renew') : _('Provision');
|
|
$disabled_provision = $keyfile===false || ($isLEcert && $retval_expired===0) ? 'disabled' : '';
|
|
$disabled_updatedns = $keyfile!==false && $isLEcert ? '' : 'disabled';
|
|
$disabled_delete = $certPresent && $var['USE_SSL']!='auto' ? '' : 'disabled';
|
|
$disabled_auto = $isLEcert && !$dnsRebindingProtection && $dnsValid ? '' : 'disabled';
|
|
|
|
// Get ports in use
|
|
$portsInUse = [];
|
|
exec("lsof -Pni4|awk '/LISTEN/{print \$9}'", $output);
|
|
|
|
$bind = $var['BIND_MGT']=='yes';
|
|
$list = ['*', $internalip];
|
|
|
|
foreach ($output as $line) {
|
|
[$ip, $port] = my_explode(':', $line);
|
|
if (!in_array($port, $portsInUse) && (!$bind || in_array($ip, $list))) $portsInUse[] = $port;
|
|
}
|
|
?>
|
|
<script>
|
|
function updateDNS(button) {
|
|
$(button).prop("disabled", true).html("<i class='fa fa-circle-o-notch fa-spin fa-fw'></i>_(Update DNS)_");
|
|
var failure = function(data) {
|
|
var status = data.status;
|
|
var obj = data.responseJSON;
|
|
var msg = "_(Sorry, an error occurred updating unraid.net DNS records)_. _(The error is)_: "+obj.error+".";
|
|
$(button).prop("disabled", false).html("_(Update DNS)_");
|
|
swal({title:"_(Oops)_",text:msg,type:"error",html:true,confirmButtonText:"_(Ok)_"});
|
|
};
|
|
var success = function(data) {
|
|
$(button).prop("disabled", false).html("_(Update DNS)_");
|
|
swal({title:"",text:"_(Your local IP address)_ <?=$internalip?> _(has been updated for unraid.net)_.",type:"success",html:true,confirmButtonText:"_(Ok)_"});
|
|
};
|
|
$.post("/webGui/include/UpdateDNS.php",success).fail(failure);
|
|
}
|
|
function validatePorts(form) {
|
|
if (checkPorts(form,false)) form.submit();
|
|
}
|
|
function checkPorts(form,provision) {
|
|
var portsInUse = JSON.parse('<?=json_encode($portsInUse)?>');
|
|
if (provision) // SSL is already set to auto
|
|
var check = [{'key':'PORTSSL','port':'<?=$var['PORTSSL']?>','default':'443',name:'_(HTTPS port)_'}];
|
|
else
|
|
var check = [
|
|
{'key':'PORTTELNET','port':'<?=($var['USE_TELNET'] == 'no') ? "0" : $var['PORTTELNET']?>','default':'23',name:'_(TELNET port)_'},
|
|
{'key':'PORTSSH','port':'<?=($var['USE_SSH'] == 'no') ? "0" : $var['PORTSSH']?>','default':'22',name:'_(SSH port)_'},
|
|
{'key':'PORT','port':'<?=$var['PORT']?>','default':'80',name:'_(HTTP port)_'},
|
|
{'key':'PORTSSL','port':'<?=($var['USE_SSL'] == 'no') ? "0" : $var['PORTSSL']?>','default':'443',name:'_(HTTPS port)_'}
|
|
];
|
|
var list = [];
|
|
var dupeCheck = [];
|
|
var range = [];
|
|
for (var i=0; i < check.length; i++) {
|
|
var key = check[i]['key'];
|
|
var port = check[i]['port'];
|
|
var portdefault = check[i]['default'];
|
|
var name = check[i]['name'];
|
|
var item = $(form).find('input[name="'+key+'"]');
|
|
if (!item.val()) item.val(portdefault);
|
|
item.val(parseInt(item.val()));
|
|
if ($(item).is(':disabled')) continue;
|
|
if (provision)
|
|
var userPort = '<?=$var['PORTSSL']?>';
|
|
else {
|
|
var userPort = item.val();
|
|
if ( userPort < 1 || userPort > 65535 )
|
|
range.push(userPort+" ("+name+")");
|
|
}
|
|
|
|
dupeCheck.push(userPort);
|
|
if ( userPort !== port || provision) {
|
|
if ( portsInUse.includes(userPort) )
|
|
list.push(userPort+" ("+name+")");
|
|
}
|
|
}
|
|
var duplicates = dupeCheck.reduce(function(acc, el, i, arr) {
|
|
if (arr.indexOf(el) !== i && acc.indexOf(el) < 0) acc.push(el); return acc;
|
|
}, []);
|
|
|
|
if ( range.length > 0 ) {
|
|
swal({title:'_(Port out of range)_',text:sprintf('_(Port %s is out of range (minimum 1 maximum 65535))_',range.join(', ')),type:'error',showCancelButton:false,confirmButtonText:"_(OK)_"});
|
|
return false;
|
|
}
|
|
// if ( list.length > 0 ) {
|
|
// swal({title:'_(Port already in use)_',text:sprintf('_(Port %s is already in use by other services)_',list.join(', ')),type:'error',showCancelButton:false,confirmButtonText:"_(OK)_"});
|
|
// return false;
|
|
// }
|
|
if ( duplicates.length > 0 ) {
|
|
swal({title:'_(Duplicate port entered)_',text:sprintf('_(Port %s is duplicated)_',duplicates.join(', ')),type:'error',showCancelButton:false,confirmButtonText:"_(OK)_"});
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
function updateTELNET(form) {
|
|
form.PORTTELNET.disabled = form.USE_TELNET.value=="no";
|
|
}
|
|
function updateSSH(form) {
|
|
form.PORTSSH.disabled = form.USE_SSH.value=="no";
|
|
}
|
|
function updateSSL(form) {
|
|
form.PORTSSL.disabled = form.USE_SSL.value=="no";
|
|
}
|
|
$(function(){
|
|
var form = document.SSLSettings;
|
|
updateTELNET(form);
|
|
updateSSH(form);
|
|
updateSSL(form);
|
|
});
|
|
</script>
|
|
<form markdown="1" name="SSLSettings" method="POST" action="/update.htm" target="progressFrame">
|
|
<input type="hidden" name="changePorts" value="Apply">
|
|
<input type="hidden" name="server_name" value="<?=$_SERVER['SERVER_NAME']?>">
|
|
<input type="hidden" name="server_addr" value="<?=$_SERVER['SERVER_ADDR']?>">
|
|
_(User 'root')_:
|
|
: [_(Manage)_](/Users/UserEdit?name=root)
|
|
|
|
_(Start page)_:
|
|
: <select name="START_PAGE">
|
|
<?foreach ($tasks as $task) echo mk_option($var['START_PAGE']??'Main', $task, _($task));?>
|
|
</select>
|
|
|
|
:mgmt_start_page_help:
|
|
|
|
<!--
|
|
Restrict access:
|
|
: <select name="BIND_MGT" class="narrow">
|
|
<?=mk_option($var['BIND_MGT'], "no", _('No'))?>
|
|
<?=mk_option($var['BIND_MGT'], "yes", _('Yes'))?>
|
|
</select>
|
|
|
|
> By default GUI, SSH and TELNET access are available on all active interfaces of the system.
|
|
>
|
|
> *Restrict access* limits GUI, SSH and TELNET access to the management interface only (eth0).
|
|
-->
|
|
|
|
_(Use TELNET)_:
|
|
: <select name="USE_TELNET" onchange="updateTELNET(this.form)">
|
|
<?=mk_option($var['USE_TELNET'], "no", _('No'))?>
|
|
<?=mk_option($var['USE_TELNET'], "yes", _('Yes'))?>
|
|
</select>
|
|
|
|
:mgmt_use_telnet_help:
|
|
|
|
_(TELNET port)_:
|
|
: <input type="number" name="PORTTELNET" class="narrow" min="1" max="65535" value="<?=htmlspecialchars($var['PORTTELNET']??23)?>">
|
|
|
|
:mgmt_telnet_port_help:
|
|
|
|
_(Use SSH)_:
|
|
: <select name="USE_SSH" onchange="updateSSH(this.form)">
|
|
<?=mk_option($var['USE_SSH'], "no", _('No'))?>
|
|
<?=mk_option($var['USE_SSH'], "yes", _('Yes'))?>
|
|
</select>
|
|
|
|
:mgmt_use_ssh_help:
|
|
|
|
_(SSH port)_:
|
|
: <input type="number" name="PORTSSH" class="narrow" min="1" max="65535" value="<?=htmlspecialchars($var['PORTSSH']??22)?>">
|
|
|
|
:mgmt_ssh_port_help:
|
|
|
|
_(Use UPnP)_:
|
|
: <select name="USE_UPNP">
|
|
<?=mk_option($var['USE_UPNP'], "yes", _('Yes'))?>
|
|
<?=mk_option($var['USE_UPNP'], "no", _('No'))?>
|
|
</select>
|
|
|
|
:mgmt_use_upnp_help:
|
|
|
|
_(Use SSL/TLS)_:
|
|
: <select name="USE_SSL" onchange="updateSSL(this.form)">
|
|
<?=mk_option($var['USE_SSL'], "no", _('No'))?>
|
|
<?=mk_option($var['USE_SSL'], "yes", _('Yes'))?>
|
|
<?=mk_option($var['USE_SSL'], "auto", _('Auto'), $disabled_auto)?>
|
|
</select>
|
|
|
|
:mgmt_use_ssl_tls_help:
|
|
|
|
_(HTTP port)_:
|
|
: <input type="number" name="PORT" class="narrow" min="1" max="65535" value="<?=htmlspecialchars($var['PORT']??80)?>">
|
|
|
|
:mgmt_http_port_help:
|
|
|
|
_(HTTPS port)_:
|
|
: <input type="number" name="PORTSSL" class="narrow" min="1" max="65535" value="<?=htmlspecialchars($var['PORTSSL']??443)?>">
|
|
|
|
:mgmt_https_port_help:
|
|
|
|
_(Local TLD)_:
|
|
: <input type="text" name="LOCAL_TLD" class="narrow" value="<?=htmlspecialchars($var['LOCAL_TLD'])?>">
|
|
|
|
:mgmt_local_tld_help:
|
|
|
|
|
|
: <input type="button" value="_(Apply)_" onclick="validatePorts(this.form)" disabled><input type="button" value="_(Done)_" onclick="done()">
|
|
|
|
</form>
|
|
<div style="height:24px"></div>
|
|
<form markdown="1" name="Provision" method="POST" action="/update.htm" target="progressFrame">
|
|
<input type="hidden" name="server_name" value="<?=$_SERVER['SERVER_NAME']?>">
|
|
<input type="hidden" name="server_addr" value="<?=$_SERVER['SERVER_ADDR']?>">
|
|
<?if ($certPresent):?>
|
|
_(CA-signed certificate file)_:
|
|
: <?=$certFile?>
|
|
|
|
_(Certificate subject)_:
|
|
: <?=$certSubject?>
|
|
|
|
_(Certificate issuer)_:
|
|
: <?=shell_exec("/usr/bin/openssl x509 -text -noout -in $certFile | sed -n -e 's/^.*Issuer: //p'")?>
|
|
|
|
<?
|
|
$time = strtotime(exec("/usr/bin/openssl x509 -text -noout -in $certFile | sed -n -e 's/^.*Not After : //p'"));
|
|
$format = $display['date'].($display['date']!='%c' ? ', '.str_replace(['%M','%R'],['%M:%S','%R:%S'],$display['time']):'');
|
|
?>
|
|
_(Certificate expiration)_:
|
|
: <?=_(strftime($format, $time),0)?>
|
|
|
|
<?if ($dnsRebindingProtection):?>
|
|
|
|
: _(DNS Rebinding Protection is ENABLED)_
|
|
|
|
<?elseif ($dnsValid !== true):?>
|
|
|
|
: _(DNS Propagation is PENDING)_
|
|
|
|
<?else:?>
|
|
|
|
: [link](https://<?=$certSubject?>:<?=$var['PORTSSL']?>)
|
|
|
|
<?endif;?>
|
|
<?else:?>
|
|
_(CA-signed certificate file)_:
|
|
: _(Not present)_
|
|
|
|
<?endif;?>
|
|
|
|
: <button type="submit" name="changePorts" value="Provision" <?=$disabled_provision?> ><?=$provisionlabel?></button><button type="submit" name="changePorts" value="Delete" <?=$disabled_delete?> >_(Delete)_</button><button type="button" onclick="updateDNS(this)" <?=$disabled_updatedns?>>_(Update DNS)_</button>
|
|
|
|
:mgmt_certificate_expiration_help:
|
|
|
|
</form>
|