Streaming terminals for PHP extensions, SSL certificates; UFW logging state fix

- php.php: install-extension and remove-extension now stream via SSE (real-time progress, proper error detection, sudo)
- ssl.php: issue action now streams certbot output via SSE
- admin.js: phpExtInstall/Remove use streaming terminal modal
- admin.js: adminIssueBulkSSL uses streaming modal with per-domain progress
- admin.js: adminRenewCert now confirms before renewing
- admin.js: adminIssueSingleSSL helper for per-domain streaming SSL
- admin.js: firewall page pre-selects current UFW logging level from API response
- admin.js: fwSetLogging reloads firewall page on success
- firewall.php: ufw_status() now parses and returns logging level

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-09 18:04:43 +00:00
parent 99cdc6f3dc
commit 1c2c11251c
4 changed files with 241 additions and 37 deletions
+7
View File
@@ -100,10 +100,17 @@ function ufw_status(): array {
// Default policy
preg_match('/Default:\s+(\w+) \(incoming\),\s+(\w+) \(outgoing\)/', $raw, $pol);
// Logging level
preg_match('/Logging:\s+(\S+)/i', $raw, $logm);
$logging = strtolower($logm[1] ?? 'off');
if ($logging === 'on (low)') $logging = 'low';
// Normalise: strip parentheses if present e.g. "on (low)" → "low"
if (preg_match('/\((\w+)\)/', $logging, $lm)) $logging = $lm[1];
return [
'active' => $active,
'default_incoming' => $pol[1] ?? 'deny',
'default_outgoing' => $pol[2] ?? 'allow',
'logging' => $logging,
'rules' => $rules,
'raw' => $raw,
];
+52 -10
View File
@@ -83,16 +83,40 @@ match ($action) {
$ver = $body['version'] ?? '';
$ext = preg_replace('/[^a-z0-9\-]/', '', strtolower($body['extension'] ?? ''));
if (!preg_match('/^[78]\.\d$/', $ver) || !$ext) Response::error("Invalid input");
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
header('X-Accel-Buffering: no');
while (ob_get_level()) ob_end_clean();
$sse = function(string $line) { echo 'data: ' . json_encode(['line' => $line]) . "\n\n"; flush(); };
$run = function(string $cmd) use ($sse): int {
$proc = proc_open($cmd, [1 => ['pipe','w'], 2 => ['pipe','w']], $pipes);
if (!$proc) { $sse(" [failed to start]\n"); return 1; }
while (!feof($pipes[1])) { $l = fgets($pipes[1]); if ($l !== false && $l !== '') $sse($l); }
while (!feof($pipes[2])) { $l = fgets($pipes[2]); if ($l !== false && $l !== '') $sse(" " . $l); }
fclose($pipes[1]); fclose($pipes[2]);
return proc_close($proc);
};
$pkg = "php{$ver}-{$ext}";
$out = shell_exec("apt-get install -y $pkg 2>&1");
if (str_contains($out ?: '', 'Unable to locate') || str_contains($out ?: '', 'E:')) {
// Try pecl fallback
$out2 = shell_exec("php{$ver} /usr/bin/pecl install {$ext} 2>&1");
$out .= "\n[pecl] " . $out2;
$sse("▶ Installing {$pkg}\n");
$rc = $run("sudo apt-get install -y $pkg 2>&1");
if ($rc !== 0) {
// Try PECL fallback
$sse("\n apt package not found — trying PECL…\n");
$rc2 = $run("sudo php{$ver} /usr/bin/pecl install {$ext} 2>&1");
if ($rc2 !== 0) {
$sse(" ✗ Could not install {$ext} via apt or PECL\n");
echo 'data: ' . json_encode(['done' => true, 'success' => false]) . "\n\n"; flush(); exit;
}
}
shell_exec("systemctl reload php{$ver}-fpm 2>/dev/null || true");
$sse("\n▶ Reloading PHP {$ver} FPM…\n");
$run("sudo systemctl reload php{$ver}-fpm 2>&1 || sudo systemctl restart php{$ver}-fpm 2>&1");
$sse(" ✓ php{$ver}-{$ext} installed\n");
audit('php.install-extension', "$ver/$ext");
Response::success(['output' => substr($out ?: '', -1000)], "Extension $ext installed for PHP $ver");
echo 'data: ' . json_encode(['done' => true, 'success' => true]) . "\n\n"; flush(); exit;
})(),
'remove-extension' => (function() use ($body) {
@@ -100,11 +124,29 @@ match ($action) {
$ver = $body['version'] ?? '';
$ext = preg_replace('/[^a-z0-9\-]/', '', strtolower($body['extension'] ?? ''));
if (!preg_match('/^[78]\.\d$/', $ver) || !$ext) Response::error("Invalid input");
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
header('X-Accel-Buffering: no');
while (ob_get_level()) ob_end_clean();
$sse = function(string $line) { echo 'data: ' . json_encode(['line' => $line]) . "\n\n"; flush(); };
$run = function(string $cmd) use ($sse): int {
$proc = proc_open($cmd, [1 => ['pipe','w'], 2 => ['pipe','w']], $pipes);
if (!$proc) { $sse(" [failed to start]\n"); return 1; }
while (!feof($pipes[1])) { $l = fgets($pipes[1]); if ($l !== false && $l !== '') $sse($l); }
while (!feof($pipes[2])) { $l = fgets($pipes[2]); if ($l !== false && $l !== '') $sse(" " . $l); }
fclose($pipes[1]); fclose($pipes[2]);
return proc_close($proc);
};
$pkg = "php{$ver}-{$ext}";
$out = shell_exec("apt-get remove -y $pkg 2>&1");
shell_exec("systemctl reload php{$ver}-fpm 2>/dev/null || true");
$sse("▶ Removing {$pkg}\n");
$run("sudo apt-get remove -y $pkg 2>&1");
$sse("\n▶ Reloading PHP {$ver} FPM…\n");
$run("sudo systemctl reload php{$ver}-fpm 2>&1 || sudo systemctl restart php{$ver}-fpm 2>&1");
$sse(" ✓ php{$ver}-{$ext} removed\n");
audit('php.remove-extension', "$ver/$ext");
Response::success(['output' => substr($out ?: '', -1000)], "Extension $ext removed from PHP $ver");
echo 'data: ' . json_encode(['done' => true, 'success' => true]) . "\n\n"; flush(); exit;
})(),
'fpm-action' => (function() use ($body) {
+45 -4
View File
@@ -21,14 +21,55 @@ match ($action) {
Response::success($rows);
})(),
'issue' => (function() use ($body, $accountId) {
'issue' => (function() use ($body, $accountId, $db) {
$domain = trim($body['domain'] ?? '');
$email = trim($body['email'] ?? '');
if (!$domain) Response::error("domain required");
if (!$accountId) Response::error("account_id required");
$result = SSLManager::issueLetsEncrypt($accountId, $domain, $email);
audit('ssl.issue', $domain);
Response::success($result, "SSL certificate issued for $domain");
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
header('X-Accel-Buffering: no');
while (ob_get_level()) ob_end_clean();
$sse = function(string $line) { echo 'data: ' . json_encode(['line' => $line]) . "\n\n"; flush(); };
$sse("▶ Requesting Let's Encrypt certificate for {$domain}\n");
$sse(" (This may take 3060 seconds)\n\n");
try {
$webRoot = $db->fetchOne("SELECT document_root FROM domains WHERE domain = ? AND account_id = ?", [$domain, $accountId]);
if (!$webRoot) { $sse(" ✗ Domain not found for this account\n"); echo 'data: '.json_encode(['done'=>true,'success'=>false])."\n\n"; flush(); exit; }
$docRoot = $webRoot['document_root'];
$mail = $email ?: "ssl@{$domain}";
$cmd = "certbot certonly --webroot -w " . escapeshellarg($docRoot)
. " -d " . escapeshellarg($domain) . " -d " . escapeshellarg("www.{$domain}")
. " --email " . escapeshellarg($mail)
. " --agree-tos --non-interactive 2>&1";
$proc = proc_open($cmd, [1 => ['pipe','w'], 2 => ['pipe','w']], $pipes);
if ($proc) {
while (!feof($pipes[1])) { $l = fgets($pipes[1]); if ($l !== false && $l !== '') $sse($l); }
fclose($pipes[1]); fclose($pipes[2]);
proc_close($proc);
}
$certPath = "/etc/letsencrypt/live/{$domain}/fullchain.pem";
if (!file_exists($certPath)) {
$sse("\n ✗ Certificate not created — check DNS is pointed to this server\n");
echo 'data: '.json_encode(['done'=>true,'success'=>false])."\n\n"; flush(); exit;
}
$sse("\n▶ Installing certificate on vhost…\n");
$result = SSLManager::issueLetsEncrypt($accountId, $domain, $email);
audit('ssl.issue', $domain);
$sse(" ✓ SSL certificate installed (expires {$result['expires']})\n");
echo 'data: '.json_encode(['done'=>true,'success'=>true,'cert_id'=>$result['cert_id']])."\n\n";
} catch (Exception $e) {
$sse(" ✗ Error: " . $e->getMessage() . "\n");
echo 'data: '.json_encode(['done'=>true,'success'=>false])."\n\n";
}
flush(); exit;
})(),
'generate-csr' => (function() use ($body, $accountId) {