From 384d3c247fe7a363053236fe5abc7ac07366cead Mon Sep 17 00:00:00 2001 From: George Shaw Date: Wed, 24 Jan 2018 14:17:19 -0600 Subject: [PATCH 1/2] updated readme to include installation guide --- README.md | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 86 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cded690..9a71df1 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A web-hosting control panel written in Go. -*__Note:__ This software currently only runs on Debian based Linux systems.* +*__Note:__ This software currently only runs on Linux systems.* ## Stack @@ -43,3 +43,88 @@ go build gpanel.go # Execute binary as root (root access is needed for functions within the system package) sudo ./gpanel ``` + +## Installation + +#### Requirements + +- Linux + - adduser command (already installed on most debian-based Linux systems) + - deluser command (already installed on most debian-based linux systems) + - ssh-keygen command (already installed on most debian-based linux systems) + - openssh-server installed (installation guide below) + - golang (installation guide below) +- OSX + - Currently there is no support for OSX, but it is planned for the future. +----------------------------------- + + +#### Installing Golang + +1. sudo apt-get purge golang* +2. Download latest version from https://www.golang.org/dl/ +3. sudo tar -C /usr/local -xzf go[VERSION].[OS]-[ARCH].tar.gz +4. For system-wide installation (reccommended) + a. vim /etc/profile + b. Add "export PATH=$PATH:/usr/local/go/bin" +5. For local installation + a. If ~/.profile doesn't exist then create it (touch ~/.profile) + b. Add "export PATH=$PATH:/usr/local/go/bin" to said file +6. Logout and login for changes to /etc/profile or ~/.profile to take effect +7. mkdir ~/go && mkdir ~/go/bin && mkdir ~/go/src && mkdir ~/go/pkg +8. GOROOT=~/go + + +#### Installing openssh-server + +1. sudo apt-get install openssh-server +2. sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default +3. sudo vim /etc/ssh/sshd_config +4. Uncomment (no # before line) and/or set the following lines in /etc/ssh/sshd_config + - PermitRootLogin no + - AuthorizedKeysFile %h/.ssh/authorized_keys + - PasswordAuthentication no + - PermitEmptyPasswords no + - RSAAuthentication yes + - PubkeyAuthentication yes +5. sudo systemctl restart ssh + + +#### Creating the Host Key-pair + +1. ssh-keygen -t rsa -N "PASSWORD" -f ~/.ssh/id_rsa [change PASSWORD] + + +#### .ssh Folder and Files Permissions Reference + +1. To check permissions + a. cd ~/.ssh + b. ls -l -a (look at ls -l -a dump below) +2. To change permissions + a. chmod [PERMISSIONS NUMBER] [FILE] +3. To change ownership + a. chown [USER]: [FILE] + +.ssh [700 && owned by correct user] +    id_rsa [600 && owned by correct user] +    id_rsa.pub [644 && owned by correct user] +    authorized_keys [644 && owned by correct user] +    known_hosts [644 && owned by the correct user] + +Correct output of ls -l -a of ~/.ssh +```shell +drwx------ 2 root root 4096 Jan 17 14:49 . +drwx------ 7 root root 4096 Jan 17 14:42 .. +-rw-r--r-- 1 root root 0 Jan 17 14:49 authorized_keys +-rw------- 1 root root 1766 Jan 17 14:43 id_rsa +-rw-r--r-- 1 root root 401 Jan 17 14:43 id_rsa.pub +-rw-r--r-- 1 root root 444 Oct 10 2016 known_hosts +``` + + +#### Installing and Running gPanel + +1. go get github.com/Ennovar/gPanel +2. cd ~/go/src/github.com/Ennovar/gPanel +3. go build gpanel.go +4. sudo ./gpanel \ No newline at end of file From b9e450ec5d797f6897ca7d5771a99da70aab84fc Mon Sep 17 00:00:00 2001 From: George Shaw Date: Wed, 24 Jan 2018 15:18:11 -0600 Subject: [PATCH 2/2] reworked reverse proxy domain router to utilize transport to throw 400 bad requests instead of having the server handle it. --- pkg/gpserver/servehttp.go | 5 ---- pkg/router/proxy.go | 48 +++++++++++++++++++++++++++++++++++++++ pkg/router/router.go | 22 ++---------------- 3 files changed, 50 insertions(+), 25 deletions(-) create mode 100644 pkg/router/proxy.go diff --git a/pkg/gpserver/servehttp.go b/pkg/gpserver/servehttp.go index a1a2530..f4ae502 100644 --- a/pkg/gpserver/servehttp.go +++ b/pkg/gpserver/servehttp.go @@ -19,11 +19,6 @@ func (con *Controller) ServeHTTP(res http.ResponseWriter, req *http.Request) { path = (con.Directory + con.DocumentRoot + path) } - if strings.HasSuffix(path, "throw400") { - http.Error(res, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - if strings.HasSuffix(path, "index.html") { if con.checkAuth(res, req) == true { http.Redirect(res, req, "gPanel.html", http.StatusFound) diff --git a/pkg/router/proxy.go b/pkg/router/proxy.go new file mode 100644 index 0000000..88b2ae3 --- /dev/null +++ b/pkg/router/proxy.go @@ -0,0 +1,48 @@ +package router + +import ( + "bytes" + "io" + "io/ioutil" + "net/http" + "strconv" + "strings" +) + +type customTrip struct{} + +func (customTrip) RoundTrip(req *http.Request) (*http.Response, error) { + if req.URL.Host == "fail" { + if req.Body != nil { + io.Copy(ioutil.Discard, req.Body) + defer req.Body.Close() + } + + return &http.Response{ + StatusCode: http.StatusBadRequest, + Status: http.StatusText(http.StatusBadRequest), + Body: ioutil.NopCloser(&bytes.Reader{}), + }, nil + } + + return http.DefaultTransport.RoundTrip(req) +} + +func proxyDirector(req *http.Request) { + host := req.Host + if strings.Count(host, ".") == 2 { + host = strings.SplitN(host, ".", 2)[1] //Remove sub-domain + } + + req.Header.Set("Host", req.Host) + req.URL.Scheme = "http" + + mutex.Lock() + if d, ok := domainToPort[host]; ok { + mutex.Unlock() + req.URL.Host = "127.0.0.1:" + strconv.Itoa(d) + } else { + mutex.Unlock() + req.URL.Host = "fail" + } +} diff --git a/pkg/router/router.go b/pkg/router/router.go index ee66754..084a5da 100644 --- a/pkg/router/router.go +++ b/pkg/router/router.go @@ -7,7 +7,6 @@ import ( "time" "log" - "strings" "sync" "github.com/Ennovar/gPanel/pkg/database" @@ -58,25 +57,8 @@ func New() *Router { server = http.Server{ Addr: "localhost:" + strconv.Itoa(r.Port), Handler: &httputil.ReverseProxy{ - Director: func(req *http.Request) { - host := req.Host - if strings.Count(host, ".") == 2 { - host = strings.SplitN(host, ".", 2)[1] //Remove sub-domain - } - - req.Header.Set("Host", req.Host) - req.URL.Scheme = "http" - - mutex.Lock() - if d, ok := domainToPort[host]; ok { - mutex.Unlock() - req.URL.Host = "127.0.0.1:" + strconv.Itoa(d) - } else { - mutex.Unlock() - req.URL.Host = "127.0.0.1:2082" - req.URL.Path = "/throw400" - } - }, + Director: proxyDirector, + Transport: customTrip{}, }, ReadTimeout: 5 * time.Second, WriteTimeout: 5 * time.Second,