Execute UnRAID Script from Inside Swag

[hernandito]

Hi guys,

 

I have an internal local PHP web site (not available from open internet) running on Swag. There should not be any security risk in doing this. I want to be able to execute an unRAID user script from that web site. I cannot figure out how to do it.  I read that it can be achieved by using phpseclib. But I don’t know how to install it in Swag. There is very little info on installing it. I’m trying to ssh from php into my unRAID to execute command. But have not been able to.

 

I have created a very nifty script. I use Kodi and Couch….Normally when new movie is added, the Kodi scan lasts a loooooong time. Big library. I also use my TinyMediaManager CLI docker to do a full scrape of /mnt/cache/Media/Movies after downloading. I have a PHP script that parses the subdirectories in folder above. Then I run a php script that instructs Kodi to run a scan of each of the new folders located now in /mnt/user/Media/Movies/“New Movie Folder1”. The scan takes 4 seconds and they are in the llibrary.

 

Couchpotato has stopped being able to update Kodi Leía.

 

I would love to execute this on the fly from my web site. Please help.

 

Thank you,

 

h.

 

 

 

 

 

[Ocgineer]

I am new to UnRaid and NGNIX, or just Linux in general but I wanted to start/stop docker containers via web-portal using ssh thus using phpseclib and managed to get it to work after some good ol' trial-and-error.

I am just leaving this here incase someone else searches for this, as I stumbled across this post initially and it didn't had an answer yet.

First Install Composer to SWAG;
- Open the Console of the SWAG docker container.
- Follow the Command-line Installation instructions from https://getcomposer.org/download/.

While having the docker console open, install phpseclib (I used version 2) with the following command;

php composer.phar require phpseclib/phpseclib:~2.0

 

And just to be sure I restarted the SWAG container after this.

 

In my PHP script that runs in SWAG I could now successfully use SSH from phpseclib;

<?php
require('/vendor/autoload.php');
use phpseclib\Net\SSH2;

$ssh = new SSH2('www.domain.tld or ipaddress');
if (!$ssh->login('username', 'password')) {
  exit('Login Failed');
}

echo $ssh->exec('docker start dockername');
?>

 

You can create this as a helper php file to outside the www root folder and then require/include in your public facing script as it contains your SSH credentials, but then it is still risky I assume, but I am a total novice regarding security.

 

Update;

As pointed out by hernandito updating or changing the template will remove composer and the installed phpseclib. Creating a script in custom-cont-init.d can help with automatically installing composer and then phpseclib in those cases. See this post and the next post for mine and hernandito scripts as an example.

 

 

Edited November 7, 2021 by Ocgineer

[hernandito]

On 10/28/2021 at 1:21 AM, Ocgineer said:

I am new to UnRaid and NGNIX, or just Linux in general but I wanted to start/stop docker containers via web-portal using ssh thus using phpseclib and managed to get it to work after some good ol' trial-and-error.

I am just leaving this here incase someone else searches for this, as I stumbled across this post initially and it didn't had an answer yet.

First Install Composer to SWAG;
- Open the Console of the SWAG docker container.
- Follow the Command-line Installation instructions from https://getcomposer.org/download/.

While having the docker console open, install phpseclib (I used version 2) with the following command;

php composer.phar require phpseclib/phpseclib:~2.0

 

And just to be sure I restarted the SWAG container after this.

 

In my PHP script that runs in SWAG I could now successfully use SSH from phpseclib;

<?php
require('/vendor/autoload.php');
use phpseclib\Net\SSH2;

$ssh = new SSH2('www.domain.tld or ipaddress');
if (!$ssh->login('username', 'password')) {
  exit('Login Failed');
}

echo $ssh->exec('docker start dockername');
?>

 

I believe -I did not verify this- if you would've installed version 3 you would need to state `use phpseclib3\New\SSH2`.

 

You can create this as a helper php file to outside the www root folder and then require/include in your public facing script as it contains your SSH credentials, but then it is still risky I assume, but I am a total novice regarding security.

Wow!!

 

This looks promising. Thank you. 
 

Into which directory did you download/install Composer?

 

can’t wait to try it.

 

thank you.

 

H.

Edited October 30, 2021 by hernandito

[Ocgineer]

I just followed the command line installation instructions on the composer website, that I linked, as it can change with version due to the hash check.

 

It looks like it was installed directly in the root of the docker? "Successfully installed to: //composer.phar".

 

I found a comment on some other forum using;

php composer-setup.php --install-dir=/usr/local/bin --filename=composer

But on the composer website, it used 'mv' instead after installation, I did neither of them as I only needed it to install phpseclib.

 

 

When trying to get things to work I saw composer recommend to install 'libsodium-php' which I installed via 'molly/polyfill-libsodium', but no idea if this was necessary. As I stated in my first post I am pretty new to Linux and command line in general so I was just going around trying to get it to work.

 

Also, I think updating SWAG actually removed composer and the vendor folder, not sure if this is normal for a docker container, so I had to re-install it today. After installation, however, my PHP script worked again without further actions to do.

Edited October 30, 2021 by Ocgineer

[hernandito]

9 hours ago, Ocgineer said:

 

 

Also, I think updating SWAG actually removed composer and the vendor folder, not sure if this is normal for a docker container, so I had to re-install it today. After installation, however, my PHP script worked again without further actions to do.

Thank you. As a newbie you are doing great.  
 

it’s normal if you update a docker to loose anything you install. To overcome this, create a sub folder in /cache/appdata/swag and call it “custom-cont-init.d”. The in that folder, create a script file and call it “install-compose.sh”. Edit that file and enter all the command lines for installation. This way, any time the dockers gets updated, it will run this script, and reinstalls.

 

thanks again. I will try it out in the morning.

 

h.

 

Edited October 31, 2021 by hernandito

[Ocgineer]

3 hours ago, hernandito said:

it’s normal if you update a docker to loose anything you install. To overcome this, create a sub folder in /cache/appdata/swag and call it “custom-cont-init.d”. The in that folder, create a script file and call it “install-compose.sh”. Edit that file and enter all the command lines for installation. This way, any time the dockers gets updated, it will run this script, and reinstalls.

 

Ok, that is some nice info, at least better than creating a custom package/mod what is described on the linuxserver info website.

 

I was unable to get permission to drop/edit files in the custom-cont-init.d directory via SMB so I had to mess around with VI, god that is... something lol.

 

#! /bin/sh

# Check if Composer is installed, assuming phpseclib as well then.
if [ -f /composer.phar ]; then
  echo "Composer is already installed."
  exit 0
fi

# Get both latest Composer version and its hashfile.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
wget "https://composer.github.io/installer.sha384sum"

# Compare downloaded hash with the Composer Installer.
if sha384sum -c installer.sha384sum
then
  echo "Installing Composer and phpseclib"
  php composer-setup.php --install-dir=/
  php /composer.phar require phpseclib/phpseclib:~2.0
else
  echo "Composer was not installed, SHA384 mismatch"
fi

# Cleanup files
rm -f installer.sha384sum
php -r "unlink('composer-setup.php');"

 

At least at restart it detects that Composer is already is installed so at least that works. I also feel like I can just use wget as well for the Composer installer and rm instead of using those PHP commands 🤔

Edited October 31, 2021 by Ocgineer

[hernandito]

VI is horrible.... nano is a little better... but maybe try installing Midnight Commander (mc) "apk add mc" and that has a text editor....

 

Also, from the Swag command line, you can also type "chmod -R 777 /config/" then you can edit the files in Windows using Notepad++... always take note that the line end should be set to UNIX:

   

[Ocgineer]

I think it was because SWAG was running and it locked the folder perhaps as well. But thank you for the information as well, I got this sorted out now as well

 

I'm using the following startup script now to install Composer and then phpseclib, which works for me at the moment. It will install Composer to the bin directory as 'composer' so it can be used as `composer require phpseclib/phpseclib:~2.0` directly.

 

#!/bin/sh

# Check if Composer is installed.
#if [ -f composer.phar ]; then
if [ -f /usr/local/bin/composer ]; then
  echo "Composer is already installed."
  exit 0
fi

# Get both latest Composer version and its hashfile.
wget "https://getcomposer.org/installer" -O "composer-setup.php"
wget "https://composer.github.io/installer.sha384sum"

# Compare downloaded hash with the Composer Installer.
if sha384sum -c installer.sha384sum   
then
  echo "Installing Composer..."
  #php composer-setup.php
  php composer-setup.php --install-dir=/usr/local/bin --filename=composer
  echo "Installing PHPSecLib v2 via Composer..."
  #php composer.phar require phpseclib/phpseclib:~2.0
  composer require phpseclib/phpseclib:~2.0
else
  echo "Composer was not installed, SHA384 mismatch."
fi

# Cleanup files
rm -f installer.sha384sum
rm -f composer-setup.php

 

Log file of initial load;

 

[custom-init] install-phpseclib.sh: executing...
Connecting to getcomposer.org (54.36.53.46:443)
saving to 'composer-setup.php'
composer-setup.php 100% |********************************| 57721 0:00:00 ETA
'composer-setup.php' saved
Connecting to composer.github.io (185.199.108.153:443)
saving to 'installer.sha384sum'
installer.sha384sum 100% |********************************| 117 0:00:00 ETA
'installer.sha384sum' saved
composer-setup.php: OK
Installing Composer...
All settings correct for using Composer
Downloading...

Composer (version 2.1.11) successfully installed to: /usr/local/bin/composer

Use it: php /usr/local/bin/composer

Installing PHPSecLib v2 via Composer...
./composer.json has been created
Running composer update phpseclib/phpseclib
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
- Locking phpseclib/phpseclib (2.0.34)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
- Downloading phpseclib/phpseclib (2.0.34)
- Installing phpseclib/phpseclib (2.0.34): Extracting archive
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
1 package you are using is looking for funding.
Use the `composer fund` command to find out more!
[custom-init] install-phpseclib.sh: exited 0

 

Edited November 7, 2021 by Ocgineer

[hernandito]

On 10/31/2021 at 5:35 PM, Ocgineer said:

I think it was because SWAG was running and it locked the folder perhaps as well. But thank you for the information as well, I got this sorted out now as well

 

I realized I didn't need Composer installed after phpseclib was installed so I added a new PATH to the docker /vendor : /mnt/cache/appdata/swag/composer, so installed packages via Composer will be still accessible with /vendor in the php script and persists though update I hope.

 

I'm still using a startup script to install Composer, which works perfectly now, but you don't need it specifically anymore after installing what you need via Composer. It will install to the bin directory as composer so you would need to open the command prompt of SWAG and just use `composer require phpseclib/phpseclib:~2.0`.

 

#! /bin/sh

# Check if Composer is installed.
if [ -f /usr/local/bin/composer ]; then
  echo "Composer is already installed."
  exit 0
fi

# Get both latest Composer version and its hashfile.
wget "https://getcomposer.org/installer" -O "composer-setup.php"
wget "https://composer.github.io/installer.sha384sum"

# Compare downloaded hash with the Composer Installer.
if sha384sum -c installer.sha384sum   
then
  echo "Installing Composer..."
  php composer-setup.php --install-dir=/usr/local/bin --filename=composer
else
  echo "Composer was not installed, SHA384 mismatch."
fi

# Cleanup files
rm -f installer.sha384sum
rm -f composer-setup.php

 

 

A big thank you for this! I managed to implement this and it works like a charm…. For me it’s a breakthrough that I have been wishing for a long time!

 

the script above did not work for me… my script contain the install command  line from Composer link in your first post. Then I added the command line in you first post.

#!/bin/bash
echo " "
echo "===========================+++++++++++++++======"
echo "Installing Hernando Custom Initialization Script"
echo "====================+++++++++++++++============="
echo " "
echo "-------------------"
echo "Installing Composer"
echo "-------------------"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

php -r "if (hash_file('sha384', 'composer-setup.php') === '906a84df04cea2aa72f40b5f787e49f22d4c2f19492ac310e8cba5b96ac8b64115ac402c8cd292b8a03482574915d1a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

php composer-setup.php

php -r "unlink('composer-setup.php');"
echo " "
echo "--------------------"
echo "Installing PHPSecLib"
echo "--------------------"
	php composer.phar require phpseclib/phpseclib:~2.0
echo " "

echo "-------------"
echo "Installing MC"
echo "-------------"
	apk add mc
echo " "
echo "------------------"
echo "Installing OpenSSH"
echo "------------------"
	apk add openssh
echo " "
echo "----------------"
echo "Installing Putty"
echo "----------------"
	apk add putty
echo " "

echo "==========================================="
echo "DONE! - Finished Installing Hernando Script"
echo "==========================================="
echo "

I install MC, OpenSSH, and Putty as well.

 

thank you so very much. I really appreciate your help.

 

h.

 

[Ocgineer]

Glad that I still posted it my solution as it was already over a month old

 

You might want to remove the hash check and roll with the downloaded installer, as you hard-coded the hash -of the current installer- in the script. If Composer ever got updated it won't match the hard-coded hash anymore and delete the installer. This is why I download the hash via wget and then compare it.

 

Interesting that the script I use now didn't work for you, but I only modified it mainly to check the hash as I am not sure how to 'exit' if the hash was incorrect via the php part, or well, I could've ignored the hash check anyway. 😛 Unless you forgot to use "composer require phpseclib/phpseclib:~2.0" as for me it installs into /bin as composer. I've updated my previous post adding the log file output, just for those that come after us to see the script in action.

Edited November 7, 2021 by Ocgineer

[hernandito]

Are you able to do the phpseclib with the live output in your browser in Swag? I have tried every solution without the output only being displayed at the end.

 

thanks