hernandito Posted September 26, 2021 Share Posted September 26, 2021 Hi guys, I have an internal local PHP web site (not available from open internet) running on Swag. There should not be any security risk in doing this. I want to be able to execute an unRAID user script from that web site. I cannot figure out how to do it. I read that it can be achieved by using phpseclib. But I don’t know how to install it in Swag. There is very little info on installing it. I’m trying to ssh from php into my unRAID to execute command. But have not been able to. I have created a very nifty script. I use Kodi and Couch….Normally when new movie is added, the Kodi scan lasts a loooooong time. Big library. I also use my TinyMediaManager CLI docker to do a full scrape of /mnt/cache/Media/Movies after downloading. I have a PHP script that parses the subdirectories in folder above. Then I run a php script that instructs Kodi to run a scan of each of the new folders located now in /mnt/user/Media/Movies/“New Movie Folder1”. The scan takes 4 seconds and they are in the llibrary. Couchpotato has stopped being able to update Kodi Leía. I would love to execute this on the fly from my web site. Please help. Thank you, h. Quote Link to comment
Ocgineer Posted October 28, 2021 Share Posted October 28, 2021 (edited) I am new to UnRaid and NGNIX, or just Linux in general but I wanted to start/stop docker containers via web-portal using ssh thus using phpseclib and managed to get it to work after some good ol' trial-and-error. I am just leaving this here incase someone else searches for this, as I stumbled across this post initially and it didn't had an answer yet. First Install Composer to SWAG; - Open the Console of the SWAG docker container. - Follow the Command-line Installation instructions from https://getcomposer.org/download/. While having the docker console open, install phpseclib (I used version 2) with the following command; php composer.phar require phpseclib/phpseclib:~2.0 And just to be sure I restarted the SWAG container after this. In my PHP script that runs in SWAG I could now successfully use SSH from phpseclib; <?php require('/vendor/autoload.php'); use phpseclib\Net\SSH2; $ssh = new SSH2('www.domain.tld or ipaddress'); if (!$ssh->login('username', 'password')) { exit('Login Failed'); } echo $ssh->exec('docker start dockername'); ?> You can create this as a helper php file to outside the www root folder and then require/include in your public facing script as it contains your SSH credentials, but then it is still risky I assume, but I am a total novice regarding security. Update; As pointed out by hernandito updating or changing the template will remove composer and the installed phpseclib. Creating a script in custom-cont-init.d can help with automatically installing composer and then phpseclib in those cases. See this post and the next post for mine and hernandito scripts as an example. Edited November 7, 2021 by Ocgineer 1 Quote Link to comment
hernandito Posted October 30, 2021 Author Share Posted October 30, 2021 (edited) On 10/28/2021 at 1:21 AM, Ocgineer said: I am new to UnRaid and NGNIX, or just Linux in general but I wanted to start/stop docker containers via web-portal using ssh thus using phpseclib and managed to get it to work after some good ol' trial-and-error. I am just leaving this here incase someone else searches for this, as I stumbled across this post initially and it didn't had an answer yet. First Install Composer to SWAG; - Open the Console of the SWAG docker container. - Follow the Command-line Installation instructions from https://getcomposer.org/download/. While having the docker console open, install phpseclib (I used version 2) with the following command; php composer.phar require phpseclib/phpseclib:~2.0 And just to be sure I restarted the SWAG container after this. In my PHP script that runs in SWAG I could now successfully use SSH from phpseclib; <?php require('/vendor/autoload.php'); use phpseclib\Net\SSH2; $ssh = new SSH2('www.domain.tld or ipaddress'); if (!$ssh->login('username', 'password')) { exit('Login Failed'); } echo $ssh->exec('docker start dockername'); ?> I believe -I did not verify this- if you would've installed version 3 you would need to state `use phpseclib3\New\SSH2`. You can create this as a helper php file to outside the www root folder and then require/include in your public facing script as it contains your SSH credentials, but then it is still risky I assume, but I am a total novice regarding security. Wow!! This looks promising. Thank you. Into which directory did you download/install Composer? can’t wait to try it. thank you. H. Edited October 30, 2021 by hernandito Quote Link to comment
Ocgineer Posted October 30, 2021 Share Posted October 30, 2021 (edited) I just followed the command line installation instructions on the composer website, that I linked, as it can change with version due to the hash check. It looks like it was installed directly in the root of the docker? "Successfully installed to: //composer.phar". I found a comment on some other forum using; php composer-setup.php --install-dir=/usr/local/bin --filename=composer But on the composer website, it used 'mv' instead after installation, I did neither of them as I only needed it to install phpseclib. When trying to get things to work I saw composer recommend to install 'libsodium-php' which I installed via 'molly/polyfill-libsodium', but no idea if this was necessary. As I stated in my first post I am pretty new to Linux and command line in general so I was just going around trying to get it to work. Also, I think updating SWAG actually removed composer and the vendor folder, not sure if this is normal for a docker container, so I had to re-install it today. After installation, however, my PHP script worked again without further actions to do. Edited October 30, 2021 by Ocgineer Quote Link to comment
hernandito Posted October 31, 2021 Author Share Posted October 31, 2021 (edited) 9 hours ago, Ocgineer said: Also, I think updating SWAG actually removed composer and the vendor folder, not sure if this is normal for a docker container, so I had to re-install it today. After installation, however, my PHP script worked again without further actions to do. Thank you. As a newbie you are doing great. it’s normal if you update a docker to loose anything you install. To overcome this, create a sub folder in /cache/appdata/swag and call it “custom-cont-init.d”. The in that folder, create a script file and call it “install-compose.sh”. Edit that file and enter all the command lines for installation. This way, any time the dockers gets updated, it will run this script, and reinstalls. thanks again. I will try it out in the morning. h. Edited October 31, 2021 by hernandito Quote Link to comment
Ocgineer Posted October 31, 2021 Share Posted October 31, 2021 (edited) 3 hours ago, hernandito said: it’s normal if you update a docker to loose anything you install. To overcome this, create a sub folder in /cache/appdata/swag and call it “custom-cont-init.d”. The in that folder, create a script file and call it “install-compose.sh”. Edit that file and enter all the command lines for installation. This way, any time the dockers gets updated, it will run this script, and reinstalls. Ok, that is some nice info, at least better than creating a custom package/mod what is described on the linuxserver info website. I was unable to get permission to drop/edit files in the custom-cont-init.d directory via SMB so I had to mess around with VI, god that is... something lol. #! /bin/sh # Check if Composer is installed, assuming phpseclib as well then. if [ -f /composer.phar ]; then echo "Composer is already installed." exit 0 fi # Get both latest Composer version and its hashfile. php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" wget "https://composer.github.io/installer.sha384sum" # Compare downloaded hash with the Composer Installer. if sha384sum -c installer.sha384sum then echo "Installing Composer and phpseclib" php composer-setup.php --install-dir=/ php /composer.phar require phpseclib/phpseclib:~2.0 else echo "Composer was not installed, SHA384 mismatch" fi # Cleanup files rm -f installer.sha384sum php -r "unlink('composer-setup.php');" At least at restart it detects that Composer is already is installed so at least that works. I also feel like I can just use wget as well for the Composer installer and rm instead of using those PHP commands 🤔 Edited October 31, 2021 by Ocgineer Quote Link to comment
hernandito Posted October 31, 2021 Author Share Posted October 31, 2021 VI is horrible.... nano is a little better... but maybe try installing Midnight Commander (mc) "apk add mc" and that has a text editor.... Also, from the Swag command line, you can also type "chmod -R 777 /config/" then you can edit the files in Windows using Notepad++... always take note that the line end should be set to UNIX: Quote Link to comment
Ocgineer Posted October 31, 2021 Share Posted October 31, 2021 (edited) I think it was because SWAG was running and it locked the folder perhaps as well. But thank you for the information as well, I got this sorted out now as well I'm using the following startup script now to install Composer and then phpseclib, which works for me at the moment. It will install Composer to the bin directory as 'composer' so it can be used as `composer require phpseclib/phpseclib:~2.0` directly. #!/bin/sh # Check if Composer is installed. #if [ -f composer.phar ]; then if [ -f /usr/local/bin/composer ]; then echo "Composer is already installed." exit 0 fi # Get both latest Composer version and its hashfile. wget "https://getcomposer.org/installer" -O "composer-setup.php" wget "https://composer.github.io/installer.sha384sum" # Compare downloaded hash with the Composer Installer. if sha384sum -c installer.sha384sum then echo "Installing Composer..." #php composer-setup.php php composer-setup.php --install-dir=/usr/local/bin --filename=composer echo "Installing PHPSecLib v2 via Composer..." #php composer.phar require phpseclib/phpseclib:~2.0 composer require phpseclib/phpseclib:~2.0 else echo "Composer was not installed, SHA384 mismatch." fi # Cleanup files rm -f installer.sha384sum rm -f composer-setup.php Log file of initial load; [custom-init] install-phpseclib.sh: executing... Connecting to getcomposer.org (54.36.53.46:443) saving to 'composer-setup.php' composer-setup.php 100% |********************************| 57721 0:00:00 ETA 'composer-setup.php' saved Connecting to composer.github.io (185.199.108.153:443) saving to 'installer.sha384sum' installer.sha384sum 100% |********************************| 117 0:00:00 ETA 'installer.sha384sum' saved composer-setup.php: OK Installing Composer... All settings correct for using Composer Downloading... Composer (version 2.1.11) successfully installed to: /usr/local/bin/composer Use it: php /usr/local/bin/composer Installing PHPSecLib v2 via Composer... ./composer.json has been created Running composer update phpseclib/phpseclib Loading composer repositories with package information Updating dependencies Lock file operations: 1 install, 0 updates, 0 removals - Locking phpseclib/phpseclib (2.0.34) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 1 install, 0 updates, 0 removals - Downloading phpseclib/phpseclib (2.0.34) - Installing phpseclib/phpseclib (2.0.34): Extracting archive 1 package suggestions were added by new dependencies, use `composer suggest` to see details. Generating autoload files 1 package you are using is looking for funding. Use the `composer fund` command to find out more! [custom-init] install-phpseclib.sh: exited 0 Edited November 7, 2021 by Ocgineer Quote Link to comment
hernandito Posted November 6, 2021 Author Share Posted November 6, 2021 On 10/31/2021 at 5:35 PM, Ocgineer said: I think it was because SWAG was running and it locked the folder perhaps as well. But thank you for the information as well, I got this sorted out now as well I realized I didn't need Composer installed after phpseclib was installed so I added a new PATH to the docker /vendor : /mnt/cache/appdata/swag/composer, so installed packages via Composer will be still accessible with /vendor in the php script and persists though update I hope. I'm still using a startup script to install Composer, which works perfectly now, but you don't need it specifically anymore after installing what you need via Composer. It will install to the bin directory as composer so you would need to open the command prompt of SWAG and just use `composer require phpseclib/phpseclib:~2.0`. #! /bin/sh # Check if Composer is installed. if [ -f /usr/local/bin/composer ]; then echo "Composer is already installed." exit 0 fi # Get both latest Composer version and its hashfile. wget "https://getcomposer.org/installer" -O "composer-setup.php" wget "https://composer.github.io/installer.sha384sum" # Compare downloaded hash with the Composer Installer. if sha384sum -c installer.sha384sum then echo "Installing Composer..." php composer-setup.php --install-dir=/usr/local/bin --filename=composer else echo "Composer was not installed, SHA384 mismatch." fi # Cleanup files rm -f installer.sha384sum rm -f composer-setup.php A big thank you for this! I managed to implement this and it works like a charm…. For me it’s a breakthrough that I have been wishing for a long time! the script above did not work for me… my script contain the install command line from Composer link in your first post. Then I added the command line in you first post. #!/bin/bash echo " " echo "===========================+++++++++++++++======" echo "Installing Hernando Custom Initialization Script" echo "====================+++++++++++++++=============" echo " " echo "-------------------" echo "Installing Composer" echo "-------------------" php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('sha384', 'composer-setup.php') === '906a84df04cea2aa72f40b5f787e49f22d4c2f19492ac310e8cba5b96ac8b64115ac402c8cd292b8a03482574915d1a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php php -r "unlink('composer-setup.php');" echo " " echo "--------------------" echo "Installing PHPSecLib" echo "--------------------" php composer.phar require phpseclib/phpseclib:~2.0 echo " " echo "-------------" echo "Installing MC" echo "-------------" apk add mc echo " " echo "------------------" echo "Installing OpenSSH" echo "------------------" apk add openssh echo " " echo "----------------" echo "Installing Putty" echo "----------------" apk add putty echo " " echo "===========================================" echo "DONE! - Finished Installing Hernando Script" echo "===========================================" echo " I install MC, OpenSSH, and Putty as well. thank you so very much. I really appreciate your help. h. 1 Quote Link to comment
Ocgineer Posted November 7, 2021 Share Posted November 7, 2021 (edited) Glad that I still posted it my solution as it was already over a month old You might want to remove the hash check and roll with the downloaded installer, as you hard-coded the hash -of the current installer- in the script. If Composer ever got updated it won't match the hard-coded hash anymore and delete the installer. This is why I download the hash via wget and then compare it. Interesting that the script I use now didn't work for you, but I only modified it mainly to check the hash as I am not sure how to 'exit' if the hash was incorrect via the php part, or well, I could've ignored the hash check anyway. 😛 Unless you forgot to use "composer require phpseclib/phpseclib:~2.0" as for me it installs into /bin as composer. I've updated my previous post adding the log file output, just for those that come after us to see the script in action. Edited November 7, 2021 by Ocgineer Quote Link to comment
hernandito Posted November 8, 2021 Author Share Posted November 8, 2021 Are you able to do the phpseclib with the live output in your browser in Swag? I have tried every solution without the output only being displayed at the end. thanks Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.