First WIP of rework to lighttpd

RMxxx_rgmii_toolkit.sh

@@ -302,6 +302,18 @@ configure_simple_firewall() {
 
 # Function to install/update Simple Admin
 install_simple_admin() {
+    # Check for existing Entware/opkg installation, install if not installed
+    if [ ! -f "/opt/bin/opkg" ]; then
+        echo -e "\e[1;32mInstalling Entware/OPKG\e[0m"
+        cd /tmp && wget -O installentware.sh "https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/$GITTREE/installentware.sh" && chmod +x installentware.sh && ./installentware.sh
+        if [ "$?" -ne 0 ]; then
+            echo -e "\e[1;31mEntware/OPKG installation failed. Please check your internet connection or the repository URL.\e[0m"
+            exit 1
+        fi
+        cd /
+    else
+        echo -e "\e[1;32mEntware/OPKG is already installed.\e[0m"
+    fi
     while true; do
 	echo -e "\e[1;32mWhat version of Simple Admin do you want to install? This will start a webserver on port 8080\e[0m"
         echo -e "\e[1;32m1) Stable current version, (Main Branch)\e[0m"
@@ -328,7 +340,6 @@ install_simple_admin() {
     		mkdir $SIMPLE_ADMIN_DIR/www/js
                 cd $SIMPLE_ADMIN_DIR/systemd
                 wget https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/main/simpleadmin/systemd/simpleadmin_generate_status.service
-		wget https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/main/simpleadmin/systemd/simpleadmin_httpd.service
   		sleep 1
   		cd $SIMPLE_ADMIN_DIR/scripts
   		wget https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/main/simpleadmin/scripts/build_modem_status
@@ -361,11 +372,9 @@ install_simple_admin() {
                 cp -rf $SIMPLE_ADMIN_DIR/systemd/* /lib/systemd/system
                 systemctl daemon-reload
 		sleep 1
-                ln -sf /lib/systemd/system/simpleadmin_httpd.service /lib/systemd/system/multi-user.target.wants/
                 ln -sf /lib/systemd/system/simpleadmin_generate_status.service /lib/systemd/system/multi-user.target.wants/
                 systemctl start simpleadmin_generate_status
 		sleep 1
-                systemctl start simpleadmin_httpd
                 remount_ro
                 echo -e "\e[1;32msimpleadmin has been installed and is now ready for use!\e[0m"
                 break
@@ -387,7 +396,6 @@ install_simple_admin() {
     		mkdir $SIMPLE_ADMIN_DIR/www/js
                 cd $SIMPLE_ADMIN_DIR/systemd
                 wget https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/development/simpleadmin/systemd/simpleadmin_generate_status.service
-		wget https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/development/simpleadmin/systemd/simpleadmin_httpd.service
   		sleep 1
   		cd $SIMPLE_ADMIN_DIR/scripts
   		wget https://raw.githubusercontent.com/$GITUSER/quectel-rgmii-toolkit/development/simpleadmin/scripts/build_modem_status
@@ -422,11 +430,9 @@ install_simple_admin() {
                 cp -rf $SIMPLE_ADMIN_DIR/systemd/* /lib/systemd/system
                 systemctl daemon-reload
 		sleep 1
-                ln -sf /lib/systemd/system/simpleadmin_httpd.service /lib/systemd/system/multi-user.target.wants/
                 ln -sf /lib/systemd/system/simpleadmin_generate_status.service /lib/systemd/system/multi-user.target.wants/
                 systemctl start simpleadmin_generate_status
 		sleep 1
-                systemctl start simpleadmin_httpd
                 remount_ro
                 echo -e "\e[1;32msimpleadmin has been installed and is now ready for use!\e[0m"
                 break
@@ -508,9 +514,7 @@ uninstall_simpleadmin_components() {
     read -p "Enter your choice (1 or 2): " choice_simpleadmin
     if [ "$choice_simpleadmin" -eq 1 ]; then
         echo "Uninstalling the rest of Simpleadmin..."
-        systemctl stop simpleadmin_httpd
         systemctl stop simpleadmin_generate_status
-        rm -f /lib/systemd/system/simpleadmin_httpd.service
         rm -f /lib/systemd/system/simpleadmin_generate_status.service
         systemctl daemon-reload
         rm -rf "$SIMPLE_ADMIN_DIR"

lighttpd/README.md

@@ -0,0 +1,7 @@
+lighttpd
+lighttpd-mod-auth
+lighttpd-mod-authn_file
+lighttpd-mod-cgi
+lighttpd-mod-openssl
+lighttpd-mod-proxy
+printf "USER:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd

lighttpd/gencert.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
+    -subj "/C=US/ST=MI/L=Romulus/O=RMIITools/CN=localhost" \
+    -keyout server.key -out server.crt

lighttpd/lighttpd.conf

@@ -0,0 +1,47 @@
+server.modules = (
+    "mod_redirect",
+    "mod_cgi",
+    "mod_proxy",
+    "mod_openssl",
+    "mod_authn_file",
+)
+
+server.username = "nobody"
+server.groupname = "nogroup"
+
+server.port = 80
+server.document-root = "/usrdata/simpleadmin/www"
+index-file.names = ( "index.html" )
+
+auth.backend = "htpasswd"
+auth.backend.htpasswd.userfile = "/usrdata/lighttpd/.htpasswd"
+
+$SERVER["socket"] == "0.0.0.0:443" {
+    ssl.engine = "enable"
+    ssl.privkey= "/usrdata/lighttpd/server.key"
+    ssl.pemfile= "/usrdata/lighttpd/server.crt"
+    ssl.acme-tls-1 = "/etc/lighttpd/dehydrated/tls-alpn-01"
+    ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # (lighttpd 1.4.56 default; recommended to accept only TLSv1.2 and TLSv1.3)
+    auth.require = ( "/" => (
+      "method" => "basic",
+      "realm" => "Authorized users only",
+      "require" => "valid-user"
+      )
+    )
+}
+
+# Redirect everything to https
+$HTTP["scheme"] == "http" {
+    url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
+}
+
+# Anything in /cgi-bin will be run as a script
+$HTTP["url"] =~ "/cgi-bin/" {
+    cgi.assign = ( "" => "" )
+}
+
+# Handle proxy to ttyd if it's running
+$HTTP["url"] =~ "(^/ttyd)" {
+  proxy.header = ("map-urlpath" => ( "/ttyd" => "/" ), "upgrade" => "enable" )
+  proxy.server  = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 8443 )))
+}

lighttpd/lighttpd.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Lighttpd Daemon
+After=network.target
+
+[Service]
+Type=simple
+PIDFile=/opt/var/run/lighttpd.pid
+ExecStartPre=/opt/sbin/lighttpd -tt -f /usrdata/lighttpd/lighttpd.conf
+ExecStart=/opt/sbin/lighttpd -D -f /usrdata/lighttpd/lighttpd.conf
+ExecReload=/bin/kill -USR1 $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

simplefirewall/simplefirewall.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Define the ports you want to block
-PORTS=("80" "8080" "8088" "443") # Default ports, will be modified by the install script
+PORTS=("80" "443") # Default ports, will be modified by the install script
 
 # First, allow specified ports on bridge0, eth0, and tailscale0
 for port in "${PORTS[@]}"; do

sshd/README.md

@@ -0,0 +1,10 @@
+# Generate Host Keys
+ssh-keygen -A
+
+# Must edit in /opt/etc/ssh/sshd_config
+PasswordAuthentication yes
+UsePAM yes
+PermitRootLogin yes
+
+# Need to add ssh user in /opt/etc/passwd
+sshd:x:106:65534:Linux User,,,:/opt/run/sshd:/bin/nologin

sshd/sshd.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=OpenBSD Secure Shell server
+Documentation=man:sshd(8) man:sshd_config(5)
+After=network.target
+
+[Service]
+ExecStartPre=/opt/usr/sbin/sshd -t
+ExecStart=/opt/usr/sbin/sshd -D
+ExecReload=/opt/usr/sbin/sshd -t
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartPreventExitStatus=255
+Type=notify
+RuntimeDirectory=sshd
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+Alias=sshd.service

ttyd/systemd/ttyd.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=simple
 ExecStartPre=/bin/sleep 5
-ExecStart=/usrdata/ttyd/ttyd -p 443 -t 'theme={"foreground":"white","background":"black"}' -t fontSize=25 --writable /usrdata/ttyd/scripts/ttyd.bash
+ExecStart=/usrdata/ttyd/ttyd -i 127.0.0.1 -p 8088 -t 'theme={"foreground":"white","background":"black"}' -t fontSize=25 --writable /usrdata/ttyd/scripts/ttyd.bash
 Restart=on-failure
 
 [Install]