http-onion.php now works

This commit is contained in:
Miraty 2022-06-07 17:58:46 +02:00
parent fc8d5f0420
commit c997ac424d
7 changed files with 42 additions and 46 deletions

View File

@ -90,10 +90,10 @@ switch (SERVICE) {
$page['title'] = "Créer un dossier de site";
break;
case "http-onion":
$page['title'] = "Accès HTTP en Onion";
$page['title'] = "Accès HTTP par service Onion";
break;
case "https-domain":
$page['title'] = "Accès HTTPS par domaine";
$page['title'] = "Accès HTTP par DNS et TLS";
break;
case "le":
$page['title'] = "Installer un certificat Let's Encrypt";

View File

@ -29,11 +29,13 @@ nginx_config_path = "/etc/nginx/ht"
tor_config_path = "/etc/tor/instances/niver/torrc"
; Tor keys directory
tor_keys_path = "/var/lib/tor-instances/niver/keys"
tor_service = "tor@niver"
sudo_path = "/usr/bin/sudo"
systemctl_path = "/usr/bin/systemctl"
certbot_path = "/usr/bin/certbot"
chgrp_path = "/usr/bin/chgrp"
cat_path = "/usr/bin/cat"
sftpgo_group = sftpgo
@ -43,7 +45,7 @@ ipv4_address = "127.0.0.1"
sftp_pub = "/etc/sftpgo/ed25519.pub"
sftp_fp = "/etc/sftpgo/ed25519.fp"
sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"
sftp_domain = "sftp.niver.test"
sftp_domain = "ht.niver.test"
public_sftp_port = 2022
; Will be used in configuration files

View File

@ -33,44 +33,38 @@ switchToFormProcess();
if ($dirsStatuses[$_POST['dir']] !== false)
userError("Wrong value for <code>dir</code>.");
// Generate a .onion address
// Add Tor config
$torConf = file_get_contents(CONF['ht']['tor_config_path']);
$torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/
HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
";
file_put_contents(CONF['ht']['tor_config_path'], $torConf);
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload tor", $output);
addNiverLog("Tor reloaded by " . $_SESSION['username'], $output);
// Copy generated address to a location readable by PHP
exec(CONF['ht']['sudo_path'] . " " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
addNiverLog("Tor data exported by " . $_SESSION['username'], $output);
// Wait
sleep(1);
// Reload Tor
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output);
// Get the address generated by Tor
$onion = file_get_contents(CONF['ht']['ht_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/hostname");
$onion = str_replace(array("\r", "\n"), "", $onion);
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['cat_path'] . " " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/hostname", $output);
$onion = $output[0];
if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
serverError("No onion address found.");
// Store it in the database
addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
// Add it to Nginx
$nginxConf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/onion.template");
$nginxConf = str_replace("{{CONF['ht']['internal_onion_http_port']}}", CONF['ht']['internal_onion_http_port'], $nginxConf);
$nginxConf = str_replace("{{DOMAIN}}", $onion, $nginxConf);
$nginxConf = str_replace("{{CONF['ht']['ht_path']}}", CONF['ht']['ht_path'], $nginxConf);
$nginxConf = str_replace("{{USERNAME}}", $_SESSION['username'], $nginxConf);
$nginxConf = str_replace("{{DIR}}", $_POST['dir'], $nginxConf);
file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['dir'] . ".conf", $nginxConf);
// Add Nginx config
$nginxConf = 'server {
listen [::1]:' . CONF['ht']['internal_onion_http_port'] . ';
server_name ' . $onion . ';
root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
include inc/ht-onion.conf;
}
';
file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf);
// Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output);
addNiverLog("Nginx reloaded by " . $_SESSION['username'], $output);
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx");
// Tell the user their site address
success("L'adresse de votre service Onion HTTP est : <a href='http://" . $onion . "/'<code>http://" . $onion . "/</code></a>");

View File

@ -53,15 +53,15 @@
</dl>
<dl>
<dt><a class="ht" href="http-onion">Accès HTTP en Onion</a></dt>
<dt><a href="http-onion">Accès HTTP par service Onion</a></dt>
<dd>
Un site HTML, accessible par Tor, avec une adresse en .onion
</dd>
<dt><a class="ht" href="https-domain">Accès HTTPS par DNS</a></dt>
<dt><a href="https-domain">Accès HTTP par DNS et TLS</a></dt>
<dd>
Un site HTML, accessible directement, par un nom de domaine
</dd>
<dt><a class="ht" href="le">Let's Encrypt</a></dt>
<dt><a href="le">Let's Encrypt</a></dt>
<dd>
Installer un certificat Let's Encrypt sur un domaine
</dd>

View File

@ -1,58 +1,58 @@
<?php require "../../common/html.php"; ?>
<dl>
<dt><a class="ns" href="zone">Gérer ses zones</a></dt>
<dt><a href="zone">Gérer ses zones</a></dt>
<dd>
Pour qu'elle soit gérée par le serveur de noms de Niver
</dd>
<dt><a class="ns" href="dnssec">Obtenir les enregistrements <abbr title="Delegation Signer">DS</abbr></a></dt>
<dt><a href="dnssec">Obtenir les enregistrements <abbr title="Delegation Signer">DS</abbr></a></dt>
<dd>
À indiquer à la zone parente pour activer <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
</dd>
<dt><a class="ns" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
<dt><a href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
<dd>
Indiquer le serveur de noms d'une zone
</dd>
<dt><a class="ns" href="ip">Enregistrements A et AAAA</a></dt>
<dt><a href="ip">Enregistrements A et AAAA</a></dt>
<dd>
Indiquer l'adresse IP d'un domaine
</dd>
<dt><a class="ns" href="txt">Enregistrement TXT</a></dt>
<dt><a href="txt">Enregistrement TXT</a></dt>
<dd>
Associer du texte à un domaine
</dd>
<dt><a class="ns" href="srv">Enregistrement SRV</a></dt>
<dt><a href="srv">Enregistrement SRV</a></dt>
<dd>
Indiquer un serveur pour un domaine
</dd>
<dt><a class="ns" href="mx">Enregistrement <abbr title="Mail eXchanger">MX</abbr></a></dt>
<dt><a href="mx">Enregistrement <abbr title="Mail eXchanger">MX</abbr></a></dt>
<dd>
Indiquer le serveur mail pour un domaine
</dd>
<dt><a class="ns" href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
<dt><a href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
<dd>
Indiquer les seules autorités de certifications autorisée à signer les domaines
</dd>
<dt><a class="ns" href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></dt>
<dt><a href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></dt>
<dd>
Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l'empreinte d'un certificat <abbr title="Transport Layer Security">TLS</abbr>
</dd>
<dt><a class="ns" href="sshfp">Enregistrement <abbr title="Secure SHell FingerPrint">SSHFP</abbr></a></dt>
<dt><a href="sshfp">Enregistrement <abbr title="Secure SHell FingerPrint">SSHFP</abbr></a></dt>
<dd>
Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d'un domaine
</dd>
<!--
<dt><a class="ns" href="loc">Enregistrement LOC</a></dt>
<dt><a href="loc">Enregistrement LOC</a></dt>
<dd>
Indiquer des coordonnées géographiques
</dd>
<dt><a class="ns" href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></dt>
<dt><a href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></dt>
<dd>
Définir un domaine comme étant l'alias d'un autre
</dd>
<dt><a class="ns" href="dname">Enregistrement <abbr title="Delegation NAME">DNAME</abbr></a></dt>
<dt><a href="dname">Enregistrement <abbr title="Delegation NAME">DNAME</abbr></a></dt>
<dd>
Définir les sous-domaines d'un domaine comme étant les alias des sous-domaines d'un autre domaine
</dd>-->

View File

@ -1,19 +1,19 @@
<?php require "../../common/html.php"; ?>
<dl>
<dt><a class="reg" href="register">Enregistrer un nouveau domaine</a></dt>
<dt><a href="register">Enregistrer un nouveau domaine</a></dt>
<dd>
Prendre possession d'un sous-domaine de <code><?= CONF['reg']['registry'] ?></code>
</dd>
<dt><a class="reg" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
<dt><a href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
<dd>
Indiquer les serveurs de noms de son sous-domaine de <code><?= CONF['reg']['registry'] ?></code>
</dd>
<dt><a class="reg" href="ds">Enregistrement <abbr title="Delegation Signer">DS</abbr></a></dt>
<dt><a href="ds">Enregistrement <abbr title="Delegation Signer">DS</abbr></a></dt>
<dd>
Déléguer la confiance <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
</dd>
<dt><a class="reg" href="glue">Glue Record</a></dt>
<dt><a href="glue">Glue Record</a></dt>
<dd>
Indiquer les IP de ses serveurs de noms de son sous-domaine de <code><?= CONF['reg']['registry'] ?></code> dont les adresses se trouvent sur ce même sous-domaine
</dd>

View File

@ -1,7 +1,7 @@
<?php
require "common/init.php";
require "auth.php";
require "fn/auth.php";
$authData = json_decode(file_get_contents("php://input"), true);
$user = json_decode($authData['user'], true);