casjaysdevdocker/tor
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/tor synced 2025-10-14 08:02:34 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

🗃️ Committing everything that changed 🗃️

Browse Source 
Dockerfile
README.md
rootfs/tmp/etc/nginx/nginx.conf
rootfs/tmp/etc/nginx/vhosts.d/admin.conf
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/etc/docker/init.d/99-php-fpm.sh
rootfs/usr/local/share/
This commit is contained in:
casjay
2025-09-20 04:02:09 -04:00
parent 0693f74ba2
commit 57554833fd
22 changed files with 2793 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rootfs/usr/local/bin/entrypoint.sh
View File

@@ -88,7 +88,7 @@ SERVER_PORTS="" # specifiy other ports
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Healthcheck variables
HEALTH_ENABLED="yes" # enable healthcheck [yes/no]
SERVICES_LIST="tini,tor-bridge,tor-relay,tor-server,unbound,privoxy,zz-nginx"
SERVICES_LIST="tini,tor-bridge,tor-relay,tor-server,unbound,privoxy,php-fpm,zz-nginx"
HEALTH_ENDPOINTS="" # url endpoints: [http://localhost/health,http://localhost/test]
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Update path var

702
rootfs/usr/local/etc/docker/init.d/99-php-fpm.sh Executable file
View File

@@ -0,0 +1,702 @@
#!/usr/bin/env bash
# shellcheck shell=bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202509200348-git
# @@Author : Jason Hempstead
# @@Contact : jason@casjaysdev.pro
# @@License : LICENSE.md
# @@ReadME : 99-php-fpm.sh --help
# @@Copyright : Copyright: (c) 2025 Jason Hempstead, Casjays Developments
# @@Created : Saturday, Sep 20, 2025 03:48 EDT
# @@File : 99-php-fpm.sh
# @@Description :
# @@Changelog : New script
# @@TODO : Better documentation
# @@Other :
# @@Resource :
# @@Terminal App : no
# @@sudo/root : no
# @@Template : other/start-service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# shellcheck disable=SC1001,SC1003,SC2001,SC2003,SC2016,SC2031,SC2120,SC2155,SC2199,SC2317,SC2329
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
set -e
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# run trap command on exit
trap 'retVal=$?; echo "❌ Fatal error occurred: Exit code $retVal at line $LINENO in command: $BASH_COMMAND"; kill -TERM 1' ERR
trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "yes" ] && [ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE";exit $retVal' SIGINT SIGTERM SIGPWR
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SCRIPT_FILE="$0"
SERVICE_NAME="php-fpm"
SCRIPT_NAME="$(basename -- "$SCRIPT_FILE" 2>/dev/null)"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Exit if service is disabled
[ -z "$PHP_FPM_APPNAME_ENABLED" ] || if [ "$PHP_FPM_APPNAME_ENABLED" != "yes" ]; then export SERVICE_DISABLED="$SERVICE_NAME" && exit 0; fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# setup debugging - https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
[ -f "/config/.debug" ] && [ -z "$DEBUGGER_OPTIONS" ] && export DEBUGGER_OPTIONS="$(<"/config/.debug")" || DEBUGGER_OPTIONS="${DEBUGGER_OPTIONS:-}"
{ [ "$DEBUGGER" = "on" ] || [ -f "/config/.debug" ]; } && echo "Enabling debugging" && set -xo pipefail -x$DEBUGGER_OPTIONS && export DEBUGGER="on" || set -o pipefail
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# import the functions file
if [ -f "/usr/local/etc/docker/functions/entrypoint.sh" ]; then
. "/usr/local/etc/docker/functions/entrypoint.sh"
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# import variables
for set_env in "/root/env.sh" "/usr/local/etc/docker/env"/*.sh "/config/env"/*.sh; do
[ -f "$set_env" ] && . "$set_env"
done
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# exit if __start_init_scripts function hasn't been Initialized
if [ ! -f "/run/__start_init_scripts.pid" ]; then
echo "__start_init_scripts function hasn't been Initialized" >&2
SERVICE_IS_RUNNING="no"
exit 1
fi
# Clean up any stale PID file for this service on startup
if [ -n "$SERVICE_NAME" ] && [ -f "/run/init.d/$SERVICE_NAME.pid" ]; then
old_pid=$(cat "/run/init.d/$SERVICE_NAME.pid" 2>/dev/null)
if [ -n "$old_pid" ] && ! kill -0 "$old_pid" 2>/dev/null; then
echo "🧹 Removing stale PID file for $SERVICE_NAME"
rm -f "/run/init.d/$SERVICE_NAME.pid"
fi
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Custom functions
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Script to execute
START_SCRIPT="/usr/local/etc/docker/exec/$SERVICE_NAME"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Reset environment before executing service
RESET_ENV="no"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set webroot
WWW_ROOT_DIR="/usr/local/share/httpd/default"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Default predefined variables
DATA_DIR="/data/php-fpm" # set data directory
CONF_DIR="/config/php-fpm" # set config directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# set the containers etc directory
ETC_DIR="/etc/php-fpm"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# set the var dir
VAR_DIR=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TMP_DIR="/tmp/php-fpm" # set the temp dir
RUN_DIR="/run/php-fpm" # set scripts pid dir
LOG_DIR="/data/logs/php-fpm" # set log directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set the working dir
WORK_DIR=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# port which service is listening on
SERVICE_PORT=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# User to use to launch service - IE: postgres
RUNAS_USER="root" # normally root
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# User and group in which the service switches to - IE: nginx,apache,mysql,postgres
#SERVICE_USER="php-fpm" # execute command as another user
#SERVICE_GROUP="php-fpm" # Set the service group
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set password length
RANDOM_PASS_USER=""
RANDOM_PASS_ROOT=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set user and group ID
SERVICE_UID="0" # set the user id
SERVICE_GID="0" # set the group id
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# execute command variables - keep single quotes variables will be expanded later
EXEC_CMD_BIN='php-fpm84' # command to execute
EXEC_CMD_ARGS='--nodaemonize --fpm-config /etc/php84/php-fpm.conf' # command arguments
EXEC_PRE_SCRIPT='' # execute script before
SERVICE_USES_PID='' # Set to no if the service is not running otherwise leave blank
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Is this service a web server
IS_WEB_SERVER="no"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Is this service a database server
IS_DATABASE_SERVICE="no"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Does this service use a database server
USES_DATABASE_SERVICE="no"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set defualt type - [custom,sqlite,redis,postgres,mariadb,mysql,couchdb,mongodb,supabase]
DATABASE_SERVICE_TYPE="sqlite"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Show message before execute
PRE_EXEC_MESSAGE=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set the wait time to execute __post_execute function - minutes
POST_EXECUTE_WAIT_TIME="1"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Update path var
PATH="$PATH:."
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Lets get containers ip address
IP4_ADDRESS="$(__get_ip4)"
IP6_ADDRESS="$(__get_ip6)"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Where to save passwords to
ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user
USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# root/admin user info password/random]
root_user_name="${PHP_FPM_ROOT_USER_NAME:-}" # root user name
root_user_pass="${PHP_FPM_ROOT_PASS_WORD:-}" # root user password
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Normal user info [password/random]
user_name="${PHP_FPM_USER_NAME:-}" # normal user name
user_pass="${PHP_FPM_USER_PASS_WORD:-}" # normal user password
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Load variables from config
[ -f "/config/env/php-fpm.script.sh" ] && . "/config/env/php-fpm.script.sh" # Generated by my dockermgr script
[ -f "/config/env/php-fpm.sh" ] && . "/config/env/php-fpm.sh" # Overwrite the variabes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional predefined variables
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional variables
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Specifiy custom directories to be created
ADD_APPLICATION_FILES=""
ADD_APPLICATION_DIRS=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPLICATION_FILES="$LOG_DIR/$SERVICE_NAME.log"
APPLICATION_DIRS="$ETC_DIR $CONF_DIR $LOG_DIR $TMP_DIR $RUN_DIR $VAR_DIR"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional config dirs - will be Copied to /etc/$name
ADDITIONAL_CONFIG_DIRS=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# define variables that need to be loaded into the service - escape quotes - var=\"value\",other=\"test\"
CMD_ENV=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Overwrite based on file/directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Per Application Variables or imports
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Custom commands to run before copying to /config
__run_precopy() {
# Define environment
local hostname=${HOSTNAME}
[ -d "/run/healthcheck" ] || mkdir -p "/run/healthcheck"
# Define actions/commands
# allow custom functions
if builtin type -t __run_precopy_local | grep -q 'function'; then __run_precopy_local; fi
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Custom prerun functions - IE setup WWW_ROOT_DIR
__execute_prerun() {
# Define environment
local hostname=${HOSTNAME}
# Define actions/commands
# allow custom functions
if builtin type -t __execute_prerun_local | grep -q 'function'; then __execute_prerun_local; fi
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Run any pre-execution checks
__run_pre_execute_checks() {
# Set variables
local exitStatus=0
local pre_execute_checks_MessageST="Running preexecute check for $SERVICE_NAME" # message to show at start
local pre_execute_checks_MessageEnd="Finished preexecute check for $SERVICE_NAME" # message to show at completion
__banner "$pre_execute_checks_MessageST"
# Put command to execute in parentheses
{
true
}
exitStatus=$?
__banner "$pre_execute_checks_MessageEnd: Status $exitStatus"
# show exit message
if [ $exitStatus -ne 0 ]; then
echo "The pre-execution check has failed" >&2
[ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE"
exit 1
fi
# allow custom functions
if builtin type -t __run_pre_execute_checks_local | grep -q 'function'; then __run_pre_execute_checks_local; fi
# exit function
return $exitStatus
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# use this function to update config files - IE: change port
__update_conf_files() {
local exitCode=0 # default exit code
local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}" # set hostname
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# delete files
#__rm ""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# custom commands
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# replace variables
# __replace "" "" "$CONF_DIR/php-fpm.conf"
# replace variables recursively
# __find_replace "" "" "$CONF_DIR"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# define actions
# allow custom functions
if builtin type -t __update_conf_files_local | grep -q 'function'; then __update_conf_files_local; fi
# exit function
return $exitCode
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# function to run before executing
__pre_execute() {
local exitCode=0 # default exit code
local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}" # set hostname
# execute if directories is empty
# __is_dir_empty "$CONF_DIR" && true
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# define actions to run after copying to /config
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# unset unneeded variables
unset sysname
# Lets wait a few seconds before continuing
sleep 5
# allow custom functions
if builtin type -t __pre_execute_local | grep -q 'function'; then __pre_execute_local; fi
# exit function
return $exitCode
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# function to run after executing
__post_execute() {
local pid="" # init pid var
local retVal=0 # set default exit code
local ctime=${POST_EXECUTE_WAIT_TIME:-1} # how long to wait before executing
local waitTime=$((ctime * 60)) # convert minutes to seconds
local postMessageST="Running post commands for $SERVICE_NAME" # message to show at start
local postMessageEnd="Finished post commands for $SERVICE_NAME" # message to show at completion
# wait
sleep $waitTime
# execute commands after waiting
(
# show message
__banner "$postMessageST"
# commands to execute
sleep 5
# show exit message
__banner "$postMessageEnd: Status $retVal"
) 2>"/dev/stderr" | tee -p -a "/data/logs/init.txt" &
pid=$!
ps ax | awk '{print $1}' | grep -v grep | grep -q "$execPid$" && retVal=0 || retVal=10
# allow custom functions
if builtin type -t __post_execute_local | grep -q 'function'; then __post_execute_local; fi
# exit function
return $retVal
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# use this function to update config files - IE: change port
__pre_message() {
local exitCode=0
[ -n "$PRE_EXEC_MESSAGE" ] && eval echo "$PRE_EXEC_MESSAGE"
# execute commands
# allow custom functions
if builtin type -t __pre_message_local | grep -q 'function'; then __pre_message_local; fi
# exit function
return $exitCode
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# use this function to setup ssl support
__update_ssl_conf() {
local exitCode=0
local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}" # set hostname
# execute commands
# allow custom functions
if builtin type -t __update_ssl_conf_local | grep -q 'function'; then __update_ssl_conf_local; fi
# set exitCode
return $exitCode
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__create_service_env() {
local exitCode=0
if [ ! -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ]; then
cat <<EOF | tee -p "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" &>/dev/null
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# root/admin user info [password/random]
#ENV_ROOT_USER_NAME="${ENV_ROOT_USER_NAME:-$PHP_FPM_ROOT_USER_NAME}" # root user name
#ENV_ROOT_USER_PASS="${ENV_ROOT_USER_NAME:-$PHP_FPM_ROOT_PASS_WORD}" # root user password
#root_user_name="${ENV_ROOT_USER_NAME:-$root_user_name}" #
#root_user_pass="${ENV_ROOT_USER_PASS:-$root_user_pass}" #
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#Normal user info [password/random]
#ENV_USER_NAME="${ENV_USER_NAME:-$PHP_FPM_USER_NAME}" #
#ENV_USER_PASS="${ENV_USER_PASS:-$PHP_FPM_USER_PASS_WORD}" #
#user_name="${ENV_USER_NAME:-$user_name}" # normal user name
#user_pass="${ENV_USER_PASS:-$user_pass}" # normal user password
EOF
fi
if [ ! -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.local.sh" ]; then
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__run_precopy_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__execute_prerun_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__run_pre_execute_checks_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__update_conf_files_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__pre_execute_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__post_execute_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__pre_message_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__update_ssl_conf_local() { true; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
fi
__file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" || exitCode=$((exitCode + 1))
__file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.local.sh" || exitCode=$((exitCode + 1))
return $exitCode
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# script to start server
__run_start_script() {
local runExitCode=0
local workdir="$(eval echo "${WORK_DIR:-}")" # expand variables
local cmd="$(eval echo "${EXEC_CMD_BIN:-}")" # expand variables
local args="$(eval echo "${EXEC_CMD_ARGS:-}")" # expand variables
local name="$(eval echo "${EXEC_CMD_NAME:-}")" # expand variables
local pre="$(eval echo "${EXEC_PRE_SCRIPT:-}")" # expand variables
local extra_env="$(eval echo "${CMD_ENV//,/ }")" # expand variables
local lc_type="$(eval echo "${LANG:-${LC_ALL:-$LC_CTYPE}}")" # expand variables
local home="$(eval echo "${workdir//\/root/\/tmp\/docker}")" # expand variables
local path="$(eval echo "$PATH")" # expand variables
local message="$(eval echo "")" # expand variables
local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}" # set hostname
[ -f "$CONF_DIR/$SERVICE_NAME.exec_cmd.sh" ] && . "$CONF_DIR/$SERVICE_NAME.exec_cmd.sh"
#
if [ -z "$cmd" ]; then
__post_execute 2>"/dev/stderr" | tee -p -a "/data/logs/init.txt"
retVal=$?
echo "Initializing $SCRIPT_NAME has completed"
exit $retVal
else
# ensure the command exists
if [ ! -x "$cmd" ]; then
echo "$name is not a valid executable"
return 2
fi
# check and exit if already running
if __proc_check "$name" || __proc_check "$cmd"; then
echo "$name is already running" >&2
return 0
else
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# show message if env exists
if [ -n "$cmd" ]; then
[ -n "$SERVICE_USER" ] && echo "Setting up $cmd to run as $SERVICE_USER" || SERVICE_USER="root"
[ -n "$SERVICE_PORT" ] && echo "$name will be running on port $SERVICE_PORT" || SERVICE_PORT=""
fi
if [ -n "$pre" ] && [ -n "$(command -v "$pre" 2>/dev/null)" ]; then
export cmd_exec="$pre $cmd $args"
message="Starting service: $name $args through $pre"
else
export cmd_exec="$cmd $args"
message="Starting service: $name $args"
fi
[ -n "$su_exec" ] && echo "using $su_exec" | tee -a -p "/data/logs/init.txt"
echo "$message" | tee -a -p "/data/logs/init.txt"
su_cmd touch "$SERVICE_PID_FILE"
if [ "$RESET_ENV" = "yes" ]; then
env_command="$(echo "env -i HOME=\"$home\" LC_CTYPE=\"$lc_type\" PATH=\"$path\" HOSTNAME=\"$sysname\" USER=\"${SERVICE_USER:-$RUNAS_USER}\" $extra_env")"
execute_command="$(__trim "$su_exec $env_command $cmd_exec")"
if [ ! -f "$START_SCRIPT" ]; then
cat <<EOF >"$START_SCRIPT"
#!/usr/bin/env bash
trap 'exitCode=\$?;[ \$exitCode -ne 0 ] && [ -f "\$SERVICE_PID_FILE" ] && rm -Rf "\$SERVICE_PID_FILE";exit \$exitCode' EXIT
#
set -Eeo pipefail
# Setting up $cmd to run as ${SERVICE_USER:-root} with env
retVal=10
cmd="$cmd"
SERVICE_NAME="$SERVICE_NAME"
SERVICE_PID_FILE="$SERVICE_PID_FILE"
$execute_command 2>"/dev/stderr" >>"$LOG_DIR/$SERVICE_NAME.log" &
execPid=\$!
sleep 2
checkPID="\$(ps ax | awk '{print \$1}' | grep -v grep | grep "\$execPid$" || false)"
[ -n "\$execPid" ] && [ -n "\$checkPID" ] && echo "\$execPid" >"\$SERVICE_PID_FILE" && retVal=0 || retVal=10
[ "\$retVal" = 0 ] && echo "\$cmd has been started" && printf '%s\n' "\$SERVICE_NAME: \$execPid" >"/run/healthcheck/\$SERVICE_NAME" || echo "Failed to start $execute_command" >&2
exit \$retVal
EOF
fi
else
if [ ! -f "$START_SCRIPT" ]; then
execute_command="$(__trim "$su_exec $cmd_exec")"
cat <<EOF >"$START_SCRIPT"
#!/usr/bin/env bash
trap 'exitCode=\$?;[ \$exitCode -ne 0 ] && [ -f "\$SERVICE_PID_FILE" ] && rm -Rf "\$SERVICE_PID_FILE";exit \$exitCode' EXIT
#
set -Eeo pipefail
# Setting up $cmd to run as ${SERVICE_USER:-root}
retVal=10
cmd="$cmd"
SERVICE_NAME="$SERVICE_NAME"
SERVICE_PID_FILE="$SERVICE_PID_FILE"
$execute_command 2>>"/dev/stderr" >>"$LOG_DIR/$SERVICE_NAME.log" &
execPid=\$!
sleep 2
checkPID="\$(ps ax | awk '{print \$1}' | grep -v grep | grep "\$execPid$" || false)"
[ -n "\$execPid" ] && [ -n "\$checkPID" ] && echo "\$execPid" >"\$SERVICE_PID_FILE" && retVal=0 || retVal=10
[ "\$retVal" = 0 ] && echo "\$cmd has been started" || echo "Failed to start $execute_command" >&2 >&2
exit \$retVal
EOF
fi
fi
fi
[ -x "$START_SCRIPT" ] || chmod 755 -Rf "$START_SCRIPT"
[ "$CONTAINER_INIT" = "yes" ] || eval sh -c "$START_SCRIPT"
runExitCode=$?
fi
return $runExitCode
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# username and password actions
__run_secure_function() {
local filesperms
if [ -n "$user_name" ] || [ -n "$user_pass" ]; then
for filesperms in "${USER_FILE_PREFIX}"/*; do
if [ -e "$filesperms" ]; then
chmod -Rf 600 "$filesperms"
chown -Rf $SERVICE_USER:$SERVICE_USER "$filesperms" 2>/dev/null
fi
done 2>/dev/null | tee -p -a "/data/logs/init.txt"
fi
if [ -n "$root_user_name" ] || [ -n "$root_user_pass" ]; then
for filesperms in "${ROOT_FILE_PREFIX}"/*; do
if [ -e "$filesperms" ]; then
chmod -Rf 600 "$filesperms"
chown -Rf $SERVICE_USER:$SERVICE_USER "$filesperms" 2>/dev/null
fi
done 2>/dev/null | tee -p -a "/data/logs/init.txt"
fi
unset filesperms
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Allow ENV_ variable - Import env file
__file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh"
__file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.local.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.local.sh"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SERVICE_EXIT_CODE=0 # default exit code
# application specific
EXEC_CMD_NAME="$(basename -- "$EXEC_CMD_BIN")" # set the binary name
SERVICE_PID_FILE="/run/init.d/$EXEC_CMD_NAME.pid" # set the pid file location
SERVICE_PID_NUMBER="$(__pgrep)" # check if running
EXEC_CMD_BIN="$(type -P "$EXEC_CMD_BIN" || echo "$EXEC_CMD_BIN")" # set full path
EXEC_PRE_SCRIPT="$(type -P "$EXEC_PRE_SCRIPT" || echo "$EXEC_PRE_SCRIPT")" # set full path
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Only run check
__check_service "$1" && SERVICE_IS_RUNNING=yes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# ensure needed directories exists
[ -d "$LOG_DIR" ] || mkdir -p "$LOG_DIR"
[ -d "$RUN_DIR" ] || mkdir -p "$RUN_DIR"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# create auth directories
[ -n "$USER_FILE_PREFIX" ] && { [ -d "$USER_FILE_PREFIX" ] || mkdir -p "$USER_FILE_PREFIX"; }
[ -n "$ROOT_FILE_PREFIX" ] && { [ -d "$ROOT_FILE_PREFIX" ] || mkdir -p "$ROOT_FILE_PREFIX"; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[ -n "$RUNAS_USER" ] || RUNAS_USER="root"
[ -n "$SERVICE_USER" ] || SERVICE_USER="$RUNAS_USER"
[ -n "$SERVICE_GROUP" ] || SERVICE_GROUP="${SERVICE_USER:-$RUNAS_USER}"
[ "$IS_WEB_SERVER" = "yes" ] && RESET_ENV="yes" && __is_htdocs_mounted
[ "$IS_WEB_SERVER" = "yes" ] && [ -z "$SERVICE_PORT" ] && SERVICE_PORT="80"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Database env
if [ "$IS_DATABASE_SERVICE" = "yes" ] || [ "$USES_DATABASE_SERVICE" = "yes" ]; then
RESET_ENV="no"
DATABASE_CREATE="${ENV_DATABASE_CREATE:-$DATABASE_CREATE}"
DATABASE_USER_NORMAL="${ENV_DATABASE_USER:-${DATABASE_USER_NORMAL:-$user_name}}"
DATABASE_PASS_NORMAL="${ENV_DATABASE_PASSWORD:-${DATABASE_PASS_NORMAL:-$user_pass}}"
DATABASE_USER_ROOT="${ENV_DATABASE_ROOT_USER:-${DATABASE_USER_ROOT:-$root_user_name}}"
DATABASE_PASS_ROOT="${ENV_DATABASE_ROOT_PASSWORD:-${DATABASE_PASS_ROOT:-$root_user_pass}}"
if [ -n "$DATABASE_PASS_NORMAL" ] && [ ! -f "${USER_FILE_PREFIX}/db_pass_user" ]; then
echo "$DATABASE_PASS_NORMAL" >"${USER_FILE_PREFIX}/db_pass_user"
fi
if [ -n "$DATABASE_PASS_ROOT" ] && [ ! -f "${ROOT_FILE_PREFIX}/db_pass_root" ]; then
echo "$DATABASE_PASS_ROOT" >"${ROOT_FILE_PREFIX}/db_pass_root"
fi
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# [DATABASE_DIR_[SQLITE,REDIS,POSTGRES,MARIADB,COUCHDB,MONGODB,SUPABASE]]
if [ "$DATABASE_SERVICE_TYPE" = "custom" ]; then
DATABASE_DIR="${DATABASE_DIR_CUSTOM:-/data/db/custom}"
DATABASE_BASE_DIR="${DATABASE_DIR_CUSTOM:-/data/db/custom}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_CUSTOM:-/usr/local/share/httpd/admin/databases}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_CUSTOM:-/admin/dbadmin}"
elif [ "$SERVICE_NAME" = "redis" ] || [ "$DATABASE_SERVICE_TYPE" = "redis" ]; then
DATABASE_DIR="${DATABASE_DIR_REDIS:-/data/db/redis}"
DATABASE_BASE_DIR="${DATABASE_DIR_REDIS:-/data/db/redis}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_REDIS:-/usr/local/share/httpd/admin/redis}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_REDIS:-/admin/redis}"
elif [ "$SERVICE_NAME" = "postgres" ] || [ "$DATABASE_SERVICE_TYPE" = "postgres" ]; then
DATABASE_DIR="${DATABASE_DIR_POSTGRES:-/data/db/postgres}"
DATABASE_BASE_DIR="${DATABASE_DIR_POSTGRES:-/data/db/postgres}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_POSTGRES:-/usr/local/share/httpd/admin/postgres}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_POSTGRES:-/admin/postgres}"
elif [ "$SERVICE_NAME" = "mariadb" ] || [ "$DATABASE_SERVICE_TYPE" = "mariadb" ]; then
DATABASE_DIR="${DATABASE_DIR_MARIADB:-/data/db/mariadb}"
DATABASE_BASE_DIR="${DATABASE_DIR_MARIADB:-/data/db/mariadb}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_MARIADB:-/usr/local/share/httpd/admin/mysql}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_MARIADB:-/admin/mysql}"
elif [ "$SERVICE_NAME" = "mysql" ] || [ "$DATABASE_SERVICE_TYPE" = "mysql" ]; then
DATABASE_DIR="${DATABASE_DIR_MYSQL:-/data/db/mysql}"
DATABASE_BASE_DIR="${DATABASE_DIR_MYSQL:-/data/db/mysql}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_MYSQL:-/usr/local/share/httpd/admin/mysql}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_MYSQL:-/admin/mysql}"
elif [ "$SERVICE_NAME" = "couchdb" ] || [ "$DATABASE_SERVICE_TYPE" = "couchdb" ]; then
DATABASE_DIR="${DATABASE_DIR_COUCHDB:-/data/db/couchdb}"
DATABASE_BASE_DIR="${DATABASE_DIR_COUCHDB:-/data/db/couchdb}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_COUCHDB:-/usr/local/share/httpd/admin/couchdb}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_COUCHDB:-/admin/couchdb}"
elif [ "$SERVICE_NAME" = "mongodb" ] || [ "$DATABASE_SERVICE_TYPE" = "mongodb" ]; then
DATABASE_DIR="${DATABASE_DIR_MONGODB:-/data/db/mongodb}"
DATABASE_BASE_DIR="${DATABASE_DIR_MONGODB:-/data/db/mongodb}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_MONGODB:-/usr/local/share/httpd/admin/mongodb}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_MONGODB:-/admin/mongodb}"
elif [ "$SERVICE_NAME" = "supabase" ] || [ "$DATABASE_SERVICE_TYPE" = "supabase" ]; then
DATABASE_DIR="${DATABASE_DIR_SUPABASE:-/data/db/supabase}"
DATABASE_BASE_DIR="${DATABASE_DIR_SUPABASE:-/data/db/supabase}"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_SUPABASE:-/usr/local/share/httpd/admin/supabase}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_SUPBASE:-/admin/supabase}"
elif [ "$SERVICE_NAME" = "sqlite" ] || [ "$DATABASE_SERVICE_TYPE" = "sqlite" ]; then
DATABASE_DIR="${DATABASE_DIR_SQLITE:-/data/db/sqlite}/$SERVER_NAME"
DATABASE_BASE_DIR="${DATABASE_DIR_SQLITE:-/data/db/sqlite}/$SERVER_NAME"
DATABASE_ADMIN_WWW_ROOT="${DATABASE_ADMIN_WWW_ROOT_SQLITE:-/usr/local/share/httpd/admin/sqlite}"
[ -d "$DATABASE_ADMIN_WWW_ROOT" ] && SERVER_ADMIN_URL="${SERVER_ADMIN_URL_SQLITE:-/admin/sqlite}"
[ -d "$DATABASE_DIR" ] || mkdir -p "$DATABASE_DIR"
chmod 777 "$DATABASE_DIR"
fi
[ -n "$DATABASE_ADMIN_WWW_ROOT" ] && { [ ! -d "$DATABASE_ADMIN_WWW_ROOT" ] || mkdir -p "${DATABASE_ADMIN_WWW_ROOT}"; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Allow variables via imports - Overwrite existing
[ -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ] && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# set password to random if variable is random
[ "$user_pass" = "random" ] && user_pass="$(__random_password ${RANDOM_PASS_USER:-16})"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[ "$root_user_pass" = "random" ] && root_user_pass="$(__random_password ${RANDOM_PASS_ROOT:-16})"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Allow setting initial users and passwords via environment and save to file
[ -n "$user_name" ] && echo "$user_name" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_name"
[ -n "$user_pass" ] && echo "$user_pass" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass"
[ -n "$root_user_name" ] && echo "$root_user_name" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name"
[ -n "$root_user_pass" ] && echo "$root_user_pass" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# create needed dirs
[ -d "$LOG_DIR" ] || mkdir -p "$LOG_DIR"
[ -d "$RUN_DIR" ] || mkdir -p "$RUN_DIR"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Allow per init script usernames and passwords
__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_name" && user_name="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_name")"
__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && user_pass="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass")"
__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" && root_user_name="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name")"
__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && root_user_pass="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass")"
__file_exists_with_content "${USER_FILE_PREFIX}/db_pass_user" && DATABASE_PASS_NORMAL="$(<"${USER_FILE_PREFIX}/db_pass_user")"
__file_exists_with_content "${ROOT_FILE_PREFIX}/db_pass_root" && DATABASE_PASS_ROOT="$(<"${ROOT_FILE_PREFIX}/db_pass_root")"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# set hostname for script
sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__create_service_env
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Setup /config directories
__init_config_etc
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# pre-run function
__execute_prerun
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# create user if needed
__create_service_user "$SERVICE_USER" "$SERVICE_GROUP" "${WORK_DIR:-/home/$SERVICE_USER}" "${SERVICE_UID:-}" "${SERVICE_GID:-}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Modify user if needed
__set_user_group_id $SERVICE_USER ${SERVICE_UID:-} ${SERVICE_GID:-}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Create base directories
__setup_directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# set switch user command
__switch_to_user
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Initialize the home/working dir
__init_working_dir
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# show init message
__pre_message
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
__initialize_db_users
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Initialize ssl
__update_ssl_conf
__update_ssl_certs
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set permissions in ${USER_FILE_PREFIX} and ${ROOT_FILE_PREFIX}
__run_secure_function
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__run_precopy
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Copy /config to /etc
for config_2_etc in $CONF_DIR $ADDITIONAL_CONFIG_DIRS; do
__initialize_system_etc "$config_2_etc" 2>/dev/stderr | tee -p -a "/data/logs/init.txt"
done
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Replace variables
__initialize_replace_variables "$ETC_DIR" "$CONF_DIR" "$ADDITIONAL_CONFIG_DIRS" "$WWW_ROOT_DIR"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
__initialize_database
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Updating config files
__update_conf_files
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# run the pre execute commands
__pre_execute
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set permissions
__fix_permissions "$SERVICE_USER" "$SERVICE_GROUP"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
__run_pre_execute_checks 2>/dev/stderr | tee -a -p "/data/logs/entrypoint.log" "/data/logs/init.txt" || return 20
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__run_start_script 2>>/dev/stderr | tee -p -a "/data/logs/entrypoint.log"
errorCode=$?
if [ -n "$EXEC_CMD_BIN" ]; then
if [ "$errorCode" -eq 0 ]; then
SERVICE_EXIT_CODE=0
SERVICE_IS_RUNNING="yes"
else
SERVICE_EXIT_CODE=$errorCode
SERVICE_IS_RUNNING="${SERVICE_IS_RUNNING:-no}"
[ -s "$SERVICE_PID_FILE" ] || rm -Rf "$SERVICE_PID_FILE"
fi
SERVICE_EXIT_CODE=0
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# start the post execute function in background
__post_execute 2>"/dev/stderr" | tee -p -a "/data/logs/init.txt" &
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
exit $SERVICE_EXIT_CODE

21
rootfs/usr/local/share/webpanel/.htaccess Normal file
View File

@@ -0,0 +1,21 @@
# Security settings
<Files "*.conf">
Require all denied
</Files>
<Files "*.log">
Require all denied
</Files>
<Files "auth.php">
Require all denied
</Files>
<Files "functions.php">
Require all denied
</Files>
# PHP settings
php_value session.cookie_httponly 1
php_value session.cookie_secure 0
php_value session.use_strict_mode 1

125
rootfs/usr/local/share/webpanel/api.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
require_once 'auth.php';
require_once 'functions.php';
require_once 'jwt.php';
header('Content-Type: application/json');
// Check for token authentication first
$authenticated = false;
$auth_headers = getallheaders();
$auth_header = $auth_headers['Authorization'] ?? '';
if ($auth_header && strpos($auth_header, 'Bearer ') === 0) {
$token = substr($auth_header, 7);
$payload = validateApiToken($token);
if ($payload) {
$authenticated = true;
$_SESSION['api_user'] = $payload['username'];
}
} elseif (isAuthenticated()) {
$authenticated = true;
}
if (!$authenticated) {
http_response_code(401);
echo json_encode(['error' => 'Authentication required. Use Bearer token or login session.']);
exit;
}
$action = $_GET['action'] ?? '';
switch ($action) {
case 'login':
// Token-based login endpoint
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (authenticate($username, $password)) {
$token = generateApiToken($username);
echo json_encode([
'success' => true,
'token' => $token,
'expires_in' => 86400 // 24 hours
]);
} else {
http_response_code(401);
echo json_encode(['error' => 'Invalid credentials']);
}
break;
case 'status':
$services = [
'tor-bridge' => 'Tor Bridge',
'tor-relay' => 'Tor Relay',
'tor-server' => 'Tor Server',
'unbound' => 'DNS Resolver',
'privoxy' => 'HTTP Proxy',
'nginx' => 'Web Server'
];
$status = [];
foreach ($services as $service => $name) {
$status[$service] = [
'name' => $name,
'running' => getServiceStatus($service),
'pid' => getServicePid($service)
];
}
echo json_encode($status);
break;
case 'stats':
echo json_encode(getSystemStats());
break;
case 'hidden-services':
echo json_encode(getHiddenServices());
break;
case 'service-control':
$service = $_POST['service'] ?? '';
$command = $_POST['command'] ?? '';
$valid_services = ['tor-bridge', 'tor-relay', 'tor-server', 'unbound', 'privoxy', 'nginx'];
$valid_commands = ['start', 'stop', 'restart'];
if (!in_array($service, $valid_services)) {
http_response_code(400);
echo json_encode(['error' => 'Invalid service']);
break;
}
if (!in_array($command, $valid_commands)) {
http_response_code(400);
echo json_encode(['error' => 'Invalid command']);
break;
}
$success = false;
switch ($command) {
case 'start':
$success = startService($service);
break;
case 'stop':
$success = stopService($service);
break;
case 'restart':
$success = restartService($service);
break;
}
echo json_encode([
'success' => $success,
'message' => $success ?
"Successfully {$command}ed $service" :
"Failed to $command $service"
]);
break;
default:
http_response_code(400);
echo json_encode(['error' => 'Invalid action']);
}
?>

235
rootfs/usr/local/share/webpanel/api/index.php Normal file
View File

@@ -0,0 +1,235 @@
<?php
require_once '../auth.php';
require_once '../functions.php';
require_once '../jwt.php';
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
exit(0);
}
// Authentication check
$authenticated = false;
$auth_headers = getallheaders();
$auth_header = $auth_headers['Authorization'] ?? '';
if ($auth_header && strpos($auth_header, 'Bearer ') === 0) {
$token = substr($auth_header, 7);
$payload = validateApiToken($token);
if ($payload) {
$authenticated = true;
$_SESSION['api_user'] = $payload['username'];
}
} elseif (isAuthenticated()) {
$authenticated = true;
}
// Router
$method = $_SERVER['REQUEST_METHOD'];
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$path = str_replace('/admin/api', '', $path);
$path = trim($path, '/');
// Public endpoints (no auth required)
if ($method === 'POST' && $path === 'auth/login') {
$input = json_decode(file_get_contents('php://input'), true);
$username = $input['username'] ?? '';
$password = $input['password'] ?? '';
if (authenticate($username, $password)) {
$token = generateApiToken($username);
echo json_encode([
'success' => true,
'token' => $token,
'expires_in' => 86400
]);
} else {
http_response_code(401);
echo json_encode(['error' => 'Invalid credentials']);
}
exit;
}
// Require authentication for all other endpoints
if (!$authenticated) {
http_response_code(401);
echo json_encode(['error' => 'Authentication required']);
exit;
}
// Protected endpoints
switch ($method) {
case 'GET':
handleGetRequest($path);
break;
case 'POST':
handlePostRequest($path);
break;
case 'PUT':
handlePutRequest($path);
break;
case 'DELETE':
handleDeleteRequest($path);
break;
default:
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
}
function handleGetRequest($path) {
switch ($path) {
case 'services':
case 'services/status':
$services = [
'tor-bridge' => 'Tor Bridge',
'tor-relay' => 'Tor Relay',
'tor-server' => 'Tor Server',
'unbound' => 'DNS Resolver',
'privoxy' => 'HTTP Proxy',
'nginx' => 'Web Server'
];
$status = [];
foreach ($services as $service => $name) {
$status[] = [
'id' => $service,
'name' => $name,
'running' => getServiceStatus($service),
'pid' => getServicePid($service)
];
}
echo json_encode(['data' => $status]);
break;
case 'system/stats':
echo json_encode(['data' => getSystemStats()]);
break;
case 'hidden-services':
echo json_encode(['data' => getHiddenServices()]);
break;
default:
if (preg_match('/^services\/([^\/]+)$/', $path, $matches)) {
$service = $matches[1];
$valid_services = ['tor-bridge', 'tor-relay', 'tor-server', 'unbound', 'privoxy', 'nginx'];
if (in_array($service, $valid_services)) {
echo json_encode([
'data' => [
'id' => $service,
'running' => getServiceStatus($service),
'pid' => getServicePid($service)
]
]);
} else {
http_response_code(404);
echo json_encode(['error' => 'Service not found']);
}
} else {
http_response_code(404);
echo json_encode(['error' => 'Endpoint not found']);
}
}
}
function handlePostRequest($path) {
$input = json_decode(file_get_contents('php://input'), true);
switch ($path) {
case 'hidden-services':
$name = $input['name'] ?? '';
$port_mapping = $input['port_mapping'] ?? '';
if (empty($name) || empty($port_mapping)) {
http_response_code(400);
echo json_encode(['error' => 'Name and port_mapping required']);
return;
}
if (!validateServiceName($name) || !validatePortMapping($port_mapping)) {
http_response_code(400);
echo json_encode(['error' => 'Invalid name or port mapping format']);
return;
}
if (createHiddenService($name, $port_mapping)) {
echo json_encode(['success' => true, 'message' => 'Hidden service created']);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to create hidden service']);
}
break;
default:
if (preg_match('/^services\/([^\/]+)\/([^\/]+)$/', $path, $matches)) {
$service = $matches[1];
$action = $matches[2];
$valid_services = ['tor-bridge', 'tor-relay', 'tor-server', 'unbound', 'privoxy', 'nginx'];
$valid_actions = ['start', 'stop', 'restart'];
if (!in_array($service, $valid_services)) {
http_response_code(404);
echo json_encode(['error' => 'Service not found']);
return;
}
if (!in_array($action, $valid_actions)) {
http_response_code(400);
echo json_encode(['error' => 'Invalid action']);
return;
}
$success = false;
switch ($action) {
case 'start':
$success = startService($service);
break;
case 'stop':
$success = stopService($service);
break;
case 'restart':
$success = restartService($service);
break;
}
echo json_encode([
'success' => $success,
'message' => $success ?
"Successfully {$action}ed $service" :
"Failed to $action $service"
]);
} else {
http_response_code(404);
echo json_encode(['error' => 'Endpoint not found']);
}
}
}
function handlePutRequest($path) {
http_response_code(501);
echo json_encode(['error' => 'PUT method not implemented yet']);
}
function handleDeleteRequest($path) {
if (preg_match('/^hidden-services\/([^\/]+)$/', $path, $matches)) {
$name = $matches[1];
if (deleteHiddenService($name)) {
echo json_encode(['success' => true, 'message' => 'Hidden service deleted']);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to delete hidden service']);
}
} else {
http_response_code(404);
echo json_encode(['error' => 'Endpoint not found']);
}
}
?>

32
rootfs/usr/local/share/webpanel/auth.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
session_start();
$admin_user = $_ENV['TOR_ADMIN_USER'] ?? 'admin';
$admin_pass = $_ENV['TOR_ADMIN_PASS'] ?? 'torpass123';
function isAuthenticated() {
return isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true;
}
function authenticate($username, $password) {
global $admin_user, $admin_pass;
return $username === $admin_user && $password === $admin_pass;
}
function requireAuth() {
if (!isAuthenticated()) {
header('Location: login.php');
exit;
}
}
function logout() {
session_destroy();
header('Location: login.php');
exit;
}
if (isset($_GET['logout'])) {
logout();
}
?>

31
rootfs/usr/local/share/webpanel/components/footer.php Normal file
View File

@@ -0,0 +1,31 @@
</div>
</div>
<footer class="footer">
<div class="footer-content">
<p>&copy; 2025 Tor Admin Panel |
<a href="https://www.torproject.org/" target="_blank">Tor Project</a> |
<span id="last-update"></span>
</p>
</div>
</footer>
<script>
// Update last refresh time
document.getElementById('last-update').textContent = 'Last updated: ' + new Date().toLocaleTimeString();
// Mobile menu toggle
function toggleMobileMenu() {
const nav = document.querySelector('.nav');
nav.classList.toggle('mobile-open');
}
// Auto-refresh functionality
<?php if (isset($auto_refresh)): ?>
setTimeout(function() {
window.location.reload();
}, <?php echo $auto_refresh * 1000; ?>);
<?php endif; ?>
</script>
</body>
</html>

21
rootfs/usr/local/share/webpanel/components/header.php Normal file
View File

@@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php echo $page_title ?? 'Tor Admin Panel'; ?></title>
<link rel="stylesheet" href="style.css">
<?php if (isset($auto_refresh)): ?>
<meta http-equiv="refresh" content="<?php echo $auto_refresh; ?>">
<?php endif; ?>
</head>
<body>
<div class="main-wrapper">
<div class="container">
<div class="header">
<h1>🧅 <?php echo $page_title ?? 'Tor Admin Panel'; ?></h1>
<div class="header-actions">
<span>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></span>
<a href="?logout=1" class="logout-btn">Logout</a>
</div>
</div>

17
rootfs/usr/local/share/webpanel/components/nav.php Normal file
View File

@@ -0,0 +1,17 @@
<nav class="nav">
<a href="index.php" <?php echo ($current_page === 'dashboard') ? 'class="active"' : ''; ?>>
📊 Dashboard
</a>
<a href="config.php" <?php echo ($current_page === 'config') ? 'class="active"' : ''; ?>>
⚙️ Configuration
</a>
<a href="hidden.php" <?php echo ($current_page === 'hidden') ? 'class="active"' : ''; ?>>
🧅 Hidden Services
</a>
<a href="logs.php" <?php echo ($current_page === 'logs') ? 'class="active"' : ''; ?>>
📝 Logs
</a>
<a href="tokens.php" <?php echo ($current_page === 'tokens') ? 'class="active"' : ''; ?>>
🔑 API Tokens
</a>
</nav>

116
rootfs/usr/local/share/webpanel/config.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
require_once 'auth.php';
require_once 'functions.php';
requireAuth();
$message = '';
$messageType = '';
$config_files = [
'tor-server' => '/config/tor/server/server.conf',
'tor-bridge' => '/config/tor/bridge/bridge.conf',
'tor-relay' => '/config/tor/relay/relay.conf',
'unbound' => '/config/unbound/unbound.conf',
'privoxy' => '/config/privoxy/config',
'nginx' => '/config/nginx/nginx.conf'
];
$current_config = $_GET['config'] ?? 'tor-server';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$config_name = $_POST['config'] ?? '';
$content = $_POST['content'] ?? '';
if (isset($config_files[$config_name])) {
$config_file = $config_files[$config_name];
$config_dir = dirname($config_file);
if (!is_dir($config_dir)) {
mkdir($config_dir, 0755, true);
}
if (saveConfigContent($config_file, $content)) {
$message = "Configuration saved successfully for $config_name";
$messageType = 'success';
// Restart the service after config change
if (in_array($config_name, ['tor-server', 'tor-bridge', 'tor-relay'])) {
restartService($config_name);
$message .= " and service restarted";
}
} else {
$message = "Failed to save configuration for $config_name";
$messageType = 'error';
}
}
}
$config_content = getConfigContent($config_files[$current_config]);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Configuration - Tor Admin Panel</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<div class="header">
<h1>🧅 Tor Admin Panel - Configuration</h1>
<div>
<span>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></span>
<a href="?logout=1" style="color: white; margin-left: 20px;">Logout</a>
</div>
</div>
<div class="nav">
<a href="index.php">Dashboard</a>
<a href="config.php" class="active">Configuration</a>
<a href="hidden.php">Hidden Services</a>
<a href="logs.php">Logs</a>
<a href="tokens.php">API Tokens</a>
</div>
<?php if ($message): ?>
<div class="<?php echo $messageType; ?>">
<?php echo htmlspecialchars($message); ?>
</div>
<?php endif; ?>
<div class="tabs">
<?php foreach ($config_files as $key => $file): ?>
<div class="tab <?php echo $key === $current_config ? 'active' : ''; ?>"
onclick="location.href='config.php?config=<?php echo $key; ?>'">
<?php echo ucfirst(str_replace('-', ' ', $key)); ?>
</div>
<?php endforeach; ?>
</div>
<div class="config-section">
<h3>Editing: <?php echo ucfirst(str_replace('-', ' ', $current_config)); ?> Configuration</h3>
<p><strong>File:</strong> <?php echo $config_files[$current_config]; ?></p>
<form method="POST">
<input type="hidden" name="config" value="<?php echo $current_config; ?>">
<div class="form-group">
<label for="content">Configuration Content:</label>
<textarea name="content" id="content" rows="20"
style="font-family: 'Courier New', monospace; font-size: 14px;"
required><?php echo htmlspecialchars($config_content); ?></textarea>
</div>
<button type="submit">Save Configuration</button>
</form>
</div>
<div class="info">
<strong>Important Notes:</strong><br>
• Changes to Tor configurations will automatically restart the affected service<br>
• Backup your configurations before making changes<br>
• Invalid configurations may prevent services from starting<br>
• Check logs if services fail to start after configuration changes
</div>
</div>
</body>
</html>

139
rootfs/usr/local/share/webpanel/functions.php Normal file
View File

@@ -0,0 +1,139 @@
<?php
function getServiceStatus($service) {
$output = shell_exec("pgrep -f '$service' 2>/dev/null");
return !empty(trim($output));
}
function getServicePid($service) {
$output = shell_exec("pgrep -f '$service' 2>/dev/null");
return trim($output) ?: 'N/A';
}
function startService($service) {
$init_script = "/usr/local/etc/docker/init.d/*$service*.sh";
$files = glob($init_script);
if (!empty($files)) {
$script = $files[0];
shell_exec("bash '$script' > /dev/null 2>&1 &");
return true;
}
return false;
}
function stopService($service) {
$pid = getServicePid($service);
if ($pid !== 'N/A') {
shell_exec("kill $pid 2>/dev/null");
return true;
}
return false;
}
function restartService($service) {
stopService($service);
sleep(2);
return startService($service);
}
function getLogTail($logfile, $lines = 50) {
if (file_exists($logfile)) {
return shell_exec("tail -n $lines '$logfile' 2>/dev/null");
}
return "Log file not found: $logfile";
}
function getConfigContent($configfile) {
if (file_exists($configfile)) {
return file_get_contents($configfile);
}
return '';
}
function saveConfigContent($configfile, $content) {
return file_put_contents($configfile, $content) !== false;
}
function getHiddenServices() {
$services = [];
$services_dir = '/data/tor/server/services';
if (is_dir($services_dir)) {
$dirs = glob($services_dir . '/*', GLOB_ONLYDIR);
foreach ($dirs as $dir) {
$name = basename($dir);
$hostname_file = $dir . '/hostname';
$hostname = file_exists($hostname_file) ? trim(file_get_contents($hostname_file)) : 'Not generated yet';
$services[] = [
'name' => $name,
'hostname' => $hostname,
'path' => $dir
];
}
}
return $services;
}
function createHiddenService($name, $port_mapping) {
$services_dir = '/data/tor/server/services';
$service_dir = $services_dir . '/' . $name;
if (!is_dir($service_dir)) {
mkdir($service_dir, 0700, true);
}
$config_content = "HiddenServiceDir $service_dir\n";
$config_content .= "HiddenServicePort $port_mapping\n";
$config_file = "/config/tor/server/hidden.d/$name.conf";
return file_put_contents($config_file, $config_content) !== false;
}
function deleteHiddenService($name) {
$services_dir = '/data/tor/server/services';
$service_dir = $services_dir . '/' . $name;
$config_file = "/config/tor/server/hidden.d/$name.conf";
$success = true;
if (is_dir($service_dir)) {
$success &= shell_exec("rm -rf '$service_dir'") !== false;
}
if (file_exists($config_file)) {
$success &= unlink($config_file);
}
return $success;
}
function getSystemStats() {
$stats = [];
$uptime = trim(shell_exec('uptime -p 2>/dev/null || echo "N/A"'));
$stats['uptime'] = $uptime;
$memory = shell_exec('free -m | grep "Mem:" | awk \'{print $3"/"$2" MB"}\'');
$stats['memory'] = trim($memory) ?: 'N/A';
$disk = shell_exec('df -h / | tail -1 | awk \'{print $3"/"$2" ("$5")"}\'');
$stats['disk'] = trim($disk) ?: 'N/A';
$load = trim(shell_exec('uptime | awk -F"load average:" \'{print $2}\' | awk \'{print $1}\' | tr -d ","'));
$stats['load'] = $load ?: 'N/A';
return $stats;
}
function sanitizeInput($input) {
return htmlspecialchars(trim($input), ENT_QUOTES, 'UTF-8');
}
function validatePortMapping($mapping) {
return preg_match('/^\d+\s+\d+\.\d+\.\d+\.\d+:\d+$/', $mapping);
}
function validateServiceName($name) {
return preg_match('/^[a-zA-Z0-9_-]+$/', $name);
}
?>

153
rootfs/usr/local/share/webpanel/hidden.php Normal file
View File

@@ -0,0 +1,153 @@
<?php
require_once 'auth.php';
require_once 'functions.php';
requireAuth();
$message = '';
$messageType = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'create') {
$name = sanitizeInput($_POST['name'] ?? '');
$port_mapping = sanitizeInput($_POST['port_mapping'] ?? '');
if (empty($name) || empty($port_mapping)) {
$message = 'Name and port mapping are required';
$messageType = 'error';
} elseif (!validateServiceName($name)) {
$message = 'Invalid service name. Use only letters, numbers, underscores, and hyphens';
$messageType = 'error';
} elseif (!validatePortMapping($port_mapping)) {
$message = 'Invalid port mapping format. Use: external_port internal_ip:internal_port';
$messageType = 'error';
} else {
if (createHiddenService($name, $port_mapping)) {
$message = "Hidden service '$name' created successfully. Restart tor-server to activate.";
$messageType = 'success';
} else {
$message = "Failed to create hidden service '$name'";
$messageType = 'error';
}
}
} elseif ($action === 'delete') {
$name = sanitizeInput($_POST['name'] ?? '');
if (deleteHiddenService($name)) {
$message = "Hidden service '$name' deleted successfully. Restart tor-server to apply.";
$messageType = 'success';
} else {
$message = "Failed to delete hidden service '$name'";
$messageType = 'error';
}
} elseif ($action === 'restart-tor') {
if (restartService('tor-server')) {
$message = "Tor server restarted successfully";
$messageType = 'success';
} else {
$message = "Failed to restart Tor server";
$messageType = 'error';
}
}
}
$hidden_services = getHiddenServices();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Hidden Services - Tor Admin Panel</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<div class="header">
<h1>🧅 Tor Admin Panel - Hidden Services</h1>
<div>
<span>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></span>
<a href="?logout=1" style="color: white; margin-left: 20px;">Logout</a>
</div>
</div>
<div class="nav">
<a href="index.php">Dashboard</a>
<a href="config.php">Configuration</a>
<a href="hidden.php" class="active">Hidden Services</a>
<a href="logs.php">Logs</a>
<a href="tokens.php">API Tokens</a>
</div>
<?php if ($message): ?>
<div class="<?php echo $messageType; ?>">
<?php echo htmlspecialchars($message); ?>
</div>
<?php endif; ?>
<div class="config-section">
<h2>Create New Hidden Service</h2>
<form method="POST">
<input type="hidden" name="action" value="create">
<div class="form-group">
<label for="name">Service Name:</label>
<input type="text" id="name" name="name" required
placeholder="e.g., myapp, blog, api" pattern="[a-zA-Z0-9_-]+">
</div>
<div class="form-group">
<label for="port_mapping">Port Mapping:</label>
<input type="text" id="port_mapping" name="port_mapping" required
placeholder="80 127.0.0.1:8080" pattern="\d+\s+\d+\.\d+\.\d+\.\d+:\d+">
<small>Format: external_port internal_ip:internal_port</small>
</div>
<button type="submit">Create Hidden Service</button>
</form>
</div>
<h2>Existing Hidden Services</h2>
<?php if (empty($hidden_services)): ?>
<div class="info">
No hidden services configured yet. Create one above to get started.
</div>
<?php else: ?>
<?php foreach ($hidden_services as $service): ?>
<div class="hidden-service">
<h3><?php echo htmlspecialchars($service['name']); ?></h3>
<div class="onion-address">
<strong>Onion Address:</strong><br>
<?php echo htmlspecialchars($service['hostname']); ?>
</div>
<p><strong>Data Directory:</strong> <?php echo htmlspecialchars($service['path']); ?></p>
<form method="POST" style="margin-top: 10px;"
onsubmit="return confirm('Are you sure you want to delete this hidden service?');">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="name" value="<?php echo htmlspecialchars($service['name']); ?>">
<button type="submit" class="btn-small"
style="background: #d63031;">Delete Service</button>
</form>
</div>
<?php endforeach; ?>
<div style="margin-top: 20px;">
<form method="POST">
<input type="hidden" name="action" value="restart-tor">
<button type="submit" class="btn-small">Restart Tor Server</button>
</form>
<small>Restart Tor server to activate new services or apply deletions</small>
</div>
<?php endif; ?>
<div class="info">
<strong>Hidden Service Management:</strong><br>
• Hidden services allow you to host websites accessible only via Tor<br>
• Each service gets a unique .onion address<br>
• Port mapping routes external .onion traffic to internal services<br>
• Services are stored in /data/tor/server/services/<br>
• Restart Tor server after creating/deleting services
</div>
</div>
</body>
</html>

151
rootfs/usr/local/share/webpanel/index.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
require_once 'auth.php';
require_once 'functions.php';
requireAuth();
$services = [
'tor-bridge' => 'Tor Bridge',
'tor-relay' => 'Tor Relay',
'tor-server' => 'Tor Server',
'unbound' => 'DNS Resolver',
'privoxy' => 'HTTP Proxy',
'nginx' => 'Web Server'
];
$message = '';
$messageType = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$service = $_POST['service'] ?? '';
if (in_array($service, array_keys($services))) {
switch ($action) {
case 'start':
if (startService($service)) {
$message = "Started $services[$service]";
$messageType = 'success';
} else {
$message = "Failed to start $services[$service]";
$messageType = 'error';
}
break;
case 'stop':
if (stopService($service)) {
$message = "Stopped $services[$service]";
$messageType = 'success';
} else {
$message = "Failed to stop $services[$service]";
$messageType = 'error';
}
break;
case 'restart':
if (restartService($service)) {
$message = "Restarted $services[$service]";
$messageType = 'success';
} else {
$message = "Failed to restart $services[$service]";
$messageType = 'error';
}
break;
}
}
}
$stats = getSystemStats();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Tor Admin Panel</title>
<link rel="stylesheet" href="style.css">
<meta http-equiv="refresh" content="30">
</head>
<body>
<div class="container">
<div class="header">
<h1>🧅 Tor Admin Panel</h1>
<div>
<span>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></span>
<a href="?logout=1" style="color: white; margin-left: 20px;">Logout</a>
</div>
</div>
<div class="nav">
<a href="index.php" class="active">Dashboard</a>
<a href="config.php">Configuration</a>
<a href="hidden.php">Hidden Services</a>
<a href="logs.php">Logs</a>
<a href="tokens.php">API Tokens</a>
</div>
<?php if ($message): ?>
<div class="<?php echo $messageType; ?>">
<?php echo htmlspecialchars($message); ?>
</div>
<?php endif; ?>
<div class="stats-grid">
<div class="stat-card">
<div class="stat-value"><?php echo $stats['uptime']; ?></div>
<div>System Uptime</div>
</div>
<div class="stat-card">
<div class="stat-value"><?php echo $stats['memory']; ?></div>
<div>Memory Usage</div>
</div>
<div class="stat-card">
<div class="stat-value"><?php echo $stats['disk']; ?></div>
<div>Disk Usage</div>
</div>
<div class="stat-card">
<div class="stat-value"><?php echo $stats['load']; ?></div>
<div>Load Average</div>
</div>
</div>
<h2>Service Management</h2>
<div class="service-grid">
<?php foreach ($services as $service => $name): ?>
<?php $isRunning = getServiceStatus($service); ?>
<div class="service-card">
<h3><?php echo $name; ?></h3>
<div class="service-status <?php echo $isRunning ? 'status-running' : 'status-stopped'; ?>">
<?php echo $isRunning ? 'RUNNING' : 'STOPPED'; ?>
</div>
<p>PID: <?php echo getServicePid($service); ?></p>
<form method="POST" style="margin-top: 15px;">
<input type="hidden" name="service" value="<?php echo $service; ?>">
<button type="submit" name="action" value="start" class="btn-small"
<?php echo $isRunning ? 'disabled' : ''; ?>>Start</button>
<button type="submit" name="action" value="stop" class="btn-small"
<?php echo !$isRunning ? 'disabled' : ''; ?>>Stop</button>
<button type="submit" name="action" value="restart" class="btn-small">Restart</button>
</form>
</div>
<?php endforeach; ?>
</div>
<div class="info">
<strong>Quick Info:</strong><br>
• SOCKS Proxy: localhost:9050<br>
• HTTP Proxy: localhost:8118<br>
• DNS Resolver: localhost:9053<br>
• Control Port: localhost:9051<br>
• Web Interface: localhost:80
</div>
</div>
<script>
// Auto-refresh page every 30 seconds
setTimeout(function() {
window.location.reload();
}, 30000);
</script>
</body>
</html>

94
rootfs/usr/local/share/webpanel/jwt.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
class SimpleJWT {
private static $secret_key;
public static function init() {
$secret_file = '/config/secure/jwt_secret';
if (isset($_ENV['TOR_JWT_SECRET'])) {
self::$secret_key = $_ENV['TOR_JWT_SECRET'];
} elseif (file_exists($secret_file)) {
self::$secret_key = trim(file_get_contents($secret_file));
} else {
// Generate random secret and save it
self::$secret_key = bin2hex(random_bytes(32));
if (!is_dir(dirname($secret_file))) {
mkdir(dirname($secret_file), 0700, true);
}
file_put_contents($secret_file, self::$secret_key);
chmod($secret_file, 0600);
}
}
public static function getSecret() {
self::init();
return self::$secret_key;
}
public static function encode($payload) {
self::init();
$header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']);
$payload = json_encode(array_merge($payload, [
'iat' => time(),
'exp' => time() + (24 * 60 * 60) // 24 hours
]));
$base64Header = self::base64UrlEncode($header);
$base64Payload = self::base64UrlEncode($payload);
$signature = hash_hmac('sha256', $base64Header . '.' . $base64Payload, self::$secret_key, true);
$base64Signature = self::base64UrlEncode($signature);
return $base64Header . '.' . $base64Payload . '.' . $base64Signature;
}
public static function decode($jwt) {
self::init();
$parts = explode('.', $jwt);
if (count($parts) !== 3) {
return false;
}
list($base64Header, $base64Payload, $base64Signature) = $parts;
$signature = self::base64UrlDecode($base64Signature);
$expectedSignature = hash_hmac('sha256', $base64Header . '.' . $base64Payload, self::$secret_key, true);
if (!hash_equals($signature, $expectedSignature)) {
return false;
}
$payload = json_decode(self::base64UrlDecode($base64Payload), true);
if (isset($payload['exp']) && $payload['exp'] < time()) {
return false; // Token expired
}
return $payload;
}
private static function base64UrlEncode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
private static function base64UrlDecode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
}
function generateApiToken($username) {
return SimpleJWT::encode([
'username' => $username,
'role' => 'admin'
]);
}
function validateApiToken($token) {
$payload = SimpleJWT::decode($token);
return $payload !== false ? $payload : null;
}
?>

52
rootfs/usr/local/share/webpanel/login.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
require_once 'auth.php';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (authenticate($username, $password)) {
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $username;
header('Location: index.php');
exit;
} else {
$error = 'Invalid username or password';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Tor Admin Panel - Login</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="login-container">
<div class="login-form">
<h1>🧅 Tor Admin Panel</h1>
<form method="POST">
<?php if ($error): ?>
<div class="error"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<div class="form-group">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit">Login</button>
</form>
<div class="auth-info">
<p><small>Set credentials via TOR_ADMIN_USER and TOR_ADMIN_PASS environment variables</small></p>
</div>
</div>
</div>
</body>
</html>

106
rootfs/usr/local/share/webpanel/logs.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
require_once 'auth.php';
require_once 'functions.php';
requireAuth();
$log_files = [
'tor-server' => '/data/logs/tor/server.log',
'tor-bridge' => '/data/logs/tor/bridge.log',
'tor-relay' => '/data/logs/tor/relay.log',
'unbound' => '/data/logs/unbound/unbound.log',
'privoxy' => '/data/logs/privoxy/privoxy.log',
'nginx-access' => '/data/logs/nginx/access.log',
'nginx-error' => '/data/logs/nginx/error.log',
'entrypoint' => '/data/logs/entrypoint.log'
];
$current_log = $_GET['log'] ?? 'tor-server';
$lines = (int)($_GET['lines'] ?? 100);
$log_content = '';
if (isset($log_files[$current_log])) {
$log_content = getLogTail($log_files[$current_log], $lines);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Logs - Tor Admin Panel</title>
<link rel="stylesheet" href="style.css">
<meta http-equiv="refresh" content="10">
</head>
<body>
<div class="container">
<div class="header">
<h1>🧅 Tor Admin Panel - Logs</h1>
<div>
<span>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></span>
<a href="?logout=1" style="color: white; margin-left: 20px;">Logout</a>
</div>
</div>
<div class="nav">
<a href="index.php">Dashboard</a>
<a href="config.php">Configuration</a>
<a href="hidden.php">Hidden Services</a>
<a href="logs.php" class="active">Logs</a>
<a href="tokens.php">API Tokens</a>
</div>
<div class="tabs">
<?php foreach ($log_files as $key => $file): ?>
<div class="tab <?php echo $key === $current_log ? 'active' : ''; ?>"
onclick="location.href='logs.php?log=<?php echo $key; ?>&lines=<?php echo $lines; ?>'">
<?php echo ucfirst(str_replace('-', ' ', $key)); ?>
</div>
<?php endforeach; ?>
</div>
<div class="config-section">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 15px;">
<h3>Viewing: <?php echo ucfirst(str_replace('-', ' ', $current_log)); ?> Log</h3>
<div>
<label for="lines" style="margin-right: 10px;">Lines:</label>
<select id="lines" onchange="location.href='logs.php?log=<?php echo $current_log; ?>&lines=' + this.value">
<option value="50" <?php echo $lines === 50 ? 'selected' : ''; ?>>50</option>
<option value="100" <?php echo $lines === 100 ? 'selected' : ''; ?>>100</option>
<option value="200" <?php echo $lines === 200 ? 'selected' : ''; ?>>200</option>
<option value="500" <?php echo $lines === 500 ? 'selected' : ''; ?>>500</option>
</select>
</div>
</div>
<p><strong>File:</strong> <?php echo $log_files[$current_log]; ?></p>
<div class="log-container">
<?php echo htmlspecialchars($log_content ?: 'Log file is empty or not found'); ?>
</div>
<div style="margin-top: 15px;">
<button onclick="location.reload()" class="btn-small">Refresh</button>
<button onclick="location.href='logs.php?log=<?php echo $current_log; ?>&lines=<?php echo $lines; ?>'"
class="btn-small">Auto-refresh (10s)</button>
</div>
</div>
<div class="info">
<strong>Log Monitoring:</strong><br>
• Logs auto-refresh every 10 seconds<br>
• Tor logs show connection and circuit information<br>
• Nginx logs show web access and errors<br>
• Entrypoint log shows container initialization<br>
• Check logs if services fail to start
</div>
</div>
<script>
// Auto-scroll to bottom of log
const logContainer = document.querySelector('.log-container');
if (logContainer) {
logContainer.scrollTop = logContainer.scrollHeight;
}
</script>
</body>
</html>

446
rootfs/usr/local/share/webpanel/style.css Normal file
View File

@@ -0,0 +1,446 @@
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: #0d1117;
min-height: 100vh;
color: #f0f6fc;
line-height: 1.6;
display: flex;
flex-direction: column;
}
.main-wrapper {
flex: 1;
display: flex;
flex-direction: column;
}
.login-container {
display: flex;
justify-content: center;
align-items: center;
min-height: 100vh;
padding: 20px;
}
.login-form {
background: #161b22;
padding: 2rem;
border-radius: 12px;
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3);
width: 100%;
max-width: 400px;
border: 1px solid #30363d;
}
.container {
max-width: 1200px;
margin: 0 auto;
padding: 1rem;
background: #0d1117;
flex: 1;
}
.header {
background: #161b22;
color: #f0f6fc;
padding: 1.5rem;
border-radius: 12px;
margin-bottom: 1.5rem;
display: flex;
justify-content: space-between;
align-items: center;
border: 1px solid #30363d;
flex-wrap: wrap;
gap: 1rem;
}
.nav {
background: #161b22;
padding: 1rem;
border-radius: 12px;
margin-bottom: 1.5rem;
border: 1px solid #30363d;
overflow-x: auto;
white-space: nowrap;
}
.nav a {
color: #7c3aed;
text-decoration: none;
margin-right: 1rem;
padding: 0.75rem 1rem;
border-radius: 8px;
transition: all 0.2s;
display: inline-block;
font-weight: 500;
}
.nav a:hover, .nav a.active {
background: #7c3aed;
color: white;
}
h1 {
color: #f0f6fc;
margin-bottom: 1.5rem;
text-align: center;
font-size: clamp(1.5rem, 4vw, 2rem);
}
.form-group {
margin-bottom: 1.5rem;
}
label {
display: block;
margin-bottom: 0.5rem;
font-weight: 600;
color: #f0f6fc;
font-size: 0.9rem;
}
input, select, textarea {
width: 100%;
padding: 0.875rem;
border: 1px solid #30363d;
border-radius: 8px;
font-size: 1rem;
transition: all 0.2s;
background: #0d1117;
color: #f0f6fc;
}
input:focus, select:focus, textarea:focus {
outline: none;
border-color: #7c3aed;
box-shadow: 0 0 0 3px rgba(124, 58, 237, 0.1);
}
button {
background: #7c3aed;
color: white;
padding: 0.875rem 1.5rem;
border: none;
border-radius: 8px;
font-size: 1rem;
cursor: pointer;
transition: all 0.2s;
width: 100%;
font-weight: 600;
}
button:hover {
background: #8b5cf6;
transform: translateY(-1px);
}
.btn-small {
padding: 0.5rem 0.875rem;
font-size: 0.875rem;
width: auto;
margin: 0.25rem;
min-width: 4rem;
}
.error {
background: #1a1a1a;
color: #f85149;
padding: 1rem;
border-radius: 8px;
margin-bottom: 1.5rem;
border-left: 4px solid #f85149;
border: 1px solid #30363d;
}
.success {
background: #1a1a1a;
color: #56d364;
padding: 1rem;
border-radius: 8px;
margin-bottom: 1.5rem;
border-left: 4px solid #56d364;
border: 1px solid #30363d;
}
.info {
background: #161b22;
color: #79c0ff;
padding: 1rem;
border-radius: 8px;
margin-bottom: 1.5rem;
border-left: 4px solid #79c0ff;
border: 1px solid #30363d;
}
.service-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 1rem;
margin-bottom: 1.5rem;
}
.service-card {
background: #161b22;
border: 1px solid #30363d;
border-radius: 12px;
padding: 1.5rem;
transition: all 0.2s;
}
.service-card:hover {
border-color: #7c3aed;
transform: translateY(-2px);
}
.service-status {
display: inline-block;
padding: 4px 12px;
border-radius: 20px;
font-size: 12px;
font-weight: bold;
text-transform: uppercase;
}
.status-running {
background: #e6ffe6;
color: #00b894;
}
.status-stopped {
background: #ffe6e6;
color: #d63031;
}
.config-section {
background: #161b22;
padding: 1.5rem;
border-radius: 12px;
margin-bottom: 1.5rem;
border: 1px solid #30363d;
}
.log-container {
background: #0d1117;
color: #56d364;
padding: 1.5rem;
border-radius: 12px;
font-family: 'SF Mono', 'Monaco', 'Inconsolata', 'Roboto Mono', 'Courier New', monospace;
font-size: 0.875rem;
max-height: 400px;
overflow-y: auto;
white-space: pre-wrap;
border: 1px solid #30363d;
}
.hidden-service {
background: #161b22;
border: 1px solid #30363d;
border-radius: 12px;
padding: 1.5rem;
margin-bottom: 1rem;
}
.onion-address {
font-family: 'SF Mono', 'Monaco', 'Inconsolata', 'Roboto Mono', 'Courier New', monospace;
background: #0d1117;
color: #79c0ff;
padding: 1rem;
border-radius: 8px;
word-break: break-all;
margin: 1rem 0;
border: 1px solid #30363d;
font-size: 0.875rem;
}
.auth-info {
text-align: center;
margin-top: 20px;
color: #666;
}
.stats-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
gap: 1rem;
margin-bottom: 1.5rem;
}
.stat-card {
background: #161b22;
padding: 1.5rem;
border-radius: 12px;
text-align: center;
border: 1px solid #30363d;
transition: all 0.2s;
}
.stat-card:hover {
border-color: #7c3aed;
transform: translateY(-2px);
}
.stat-value {
font-size: 1.5rem;
font-weight: bold;
color: #7c3aed;
margin-bottom: 0.5rem;
}
.tabs {
display: flex;
margin-bottom: 20px;
border-bottom: 2px solid #e0e0e0;
}
.tab {
padding: 12px 24px;
cursor: pointer;
border-bottom: 2px solid transparent;
transition: all 0.3s;
}
.tab.active {
border-bottom-color: #667eea;
color: #667eea;
}
.tab-content {
display: none;
}
.tab-content.active {
display: block;
}
.footer {
background: #161b22;
border-top: 1px solid #30363d;
padding: 1.5rem;
text-align: center;
margin-top: auto;
border-radius: 12px 12px 0 0;
}
.footer-content {
max-width: 1200px;
margin: 0 auto;
}
.footer a {
color: #7c3aed;
text-decoration: none;
}
.footer a:hover {
text-decoration: underline;
}
.logout-btn {
background: #f85149;
color: white;
padding: 0.5rem 1rem;
border-radius: 6px;
text-decoration: none;
font-size: 0.875rem;
margin-left: 1rem;
transition: all 0.2s;
}
.logout-btn:hover {
background: #da3633;
}
.header-actions {
display: flex;
align-items: center;
flex-wrap: wrap;
gap: 0.5rem;
}
/* Mobile First Design */
@media (max-width: 768px) {
.container {
padding: 0.5rem;
}
.header {
padding: 1rem;
text-align: center;
}
.header-actions {
justify-content: center;
width: 100%;
margin-top: 0.5rem;
}
.nav {
padding: 0.5rem;
text-align: center;
}
.nav a {
display: inline-block;
margin: 0.25rem;
padding: 0.5rem 0.75rem;
font-size: 0.875rem;
}
.service-grid {
grid-template-columns: 1fr;
gap: 0.75rem;
}
.stats-grid {
grid-template-columns: repeat(2, 1fr);
gap: 0.75rem;
}
.service-card, .stat-card, .config-section {
padding: 1rem;
}
.btn-small {
padding: 0.5rem;
font-size: 0.8rem;
min-width: 3.5rem;
}
.onion-address {
font-size: 0.8rem;
word-break: break-all;
}
h1 {
font-size: 1.5rem;
}
h2 {
font-size: 1.25rem;
}
h3 {
font-size: 1.1rem;
}
}
@media (max-width: 480px) {
.stats-grid {
grid-template-columns: 1fr;
}
.header {
padding: 0.75rem;
}
.nav a {
font-size: 0.8rem;
padding: 0.5rem;
}
}

147
rootfs/usr/local/share/webpanel/tokens.php Normal file
View File

@@ -0,0 +1,147 @@
<?php
require_once 'auth.php';
require_once 'functions.php';
require_once 'jwt.php';
requireAuth();
$message = '';
$messageType = '';
$new_token = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'generate') {
$description = sanitizeInput($_POST['description'] ?? '');
$username = $_SESSION['username'];
$new_token = generateApiToken($username);
$message = "New API token generated successfully";
$messageType = 'success';
// Store token info (in a real app, you'd store this in a database)
$token_file = "/config/secure/tokens.log";
$token_info = date('Y-m-d H:i:s') . " - Token generated for $username - $description\n";
file_put_contents($token_file, $token_info, FILE_APPEND | LOCK_EX);
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>API Tokens - Tor Admin Panel</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<div class="header">
<h1>🧅 Tor Admin Panel - API Tokens</h1>
<div>
<span>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></span>
<a href="?logout=1" style="color: white; margin-left: 20px;">Logout</a>
</div>
</div>
<div class="nav">
<a href="index.php">Dashboard</a>
<a href="config.php">Configuration</a>
<a href="hidden.php">Hidden Services</a>
<a href="logs.php">Logs</a>
<a href="tokens.php" class="active">API Tokens</a>
</div>
<?php if ($message): ?>
<div class="<?php echo $messageType; ?>">
<?php echo htmlspecialchars($message); ?>
</div>
<?php endif; ?>
<?php if ($new_token): ?>
<div class="config-section">
<h3>🔑 Your New API Token</h3>
<div class="onion-address" style="background: #f0f8ff; border: 2px solid #0984e3;">
<?php echo htmlspecialchars($new_token); ?>
</div>
<div class="error" style="background: #fff3cd; color: #856404; border-left-color: #ffc107;">
<strong>Important:</strong> Save this token now! It will not be shown again.
</div>
</div>
<?php endif; ?>
<div class="config-section">
<h2>🔐 JWT Secret Key</h2>
<p>Current JWT secret (auto-generated if TOR_JWT_SECRET not set):</p>
<div class="onion-address" style="background: #fff3cd; border: 1px solid #ffc107;">
<small><?php echo htmlspecialchars(SimpleJWT::getSecret()); ?></small>
</div>
<p><small>Set TOR_JWT_SECRET environment variable to use a custom secret</small></p>
</div>
<div class="config-section">
<h2>Generate New API Token</h2>
<form method="POST">
<input type="hidden" name="action" value="generate">
<div class="form-group">
<label for="description">Token Description:</label>
<input type="text" id="description" name="description" required
placeholder="e.g., Production monitoring, Mobile app, External script">
</div>
<button type="submit">Generate Token</button>
</form>
</div>
<div class="config-section">
<h2>📚 API Documentation</h2>
<h3>Authentication</h3>
<div style="background: #f8f9fa; padding: 15px; border-radius: 8px; margin-bottom: 20px;">
<h4>1. Get a token:</h4>
<code style="display: block; margin: 10px 0; padding: 10px; background: #1a1a1a; color: #00ff00; border-radius: 5px;">
curl -X POST http://your-server/admin/api.php?action=login \<br>
-d "username=admin&password=yourpass"
</code>
<h4>2. Use the token:</h4>
<code style="display: block; margin: 10px 0; padding: 10px; background: #1a1a1a; color: #00ff00; border-radius: 5px;">
curl -H "Authorization: Bearer YOUR_TOKEN" \<br>
http://your-server/admin/api.php?action=status
</code>
</div>
<h3>Available Endpoints</h3>
<div style="background: #f8f9fa; padding: 15px; border-radius: 8px;">
<h4>📊 GET /admin/api.php?action=status</h4>
<p>Get status of all services</p>
<h4>📈 GET /admin/api.php?action=stats</h4>
<p>Get system statistics</p>
<h4>🧅 GET /admin/api.php?action=hidden-services</h4>
<p>Get list of hidden services</p>
<h4>⚙️ POST /admin/api.php?action=service-control</h4>
<p>Control services (start/stop/restart)</p>
<code style="display: block; margin: 10px 0; padding: 10px; background: #1a1a1a; color: #00ff00; border-radius: 5px;">
POST data: service=tor-server&command=restart
</code>
<h4>🔑 POST /admin/api.php?action=login</h4>
<p>Get authentication token</p>
<code style="display: block; margin: 10px 0; padding: 10px; background: #1a1a1a; color: #00ff00; border-radius: 5px;">
POST data: username=admin&password=yourpass
</code>
</div>
</div>
<div class="info">
<strong>Security Notes:</strong><br>
• Tokens expire after 24 hours<br>
• Set custom JWT secret via TOR_JWT_SECRET environment variable<br>
• Store tokens securely - they provide full admin access<br>
• API supports both Bearer tokens and web session authentication
</div>
</div>
</body>
</html>