The default and recommended setup is using webui in 'docker' mode. Both webui and glftpd run in separate containers. The docker api is used to execute commands in 'glftpd' container.
This mode runs commands locally, on same host. While webui runs in a container, glftpd can either be installed in the same container or on host.
Just installing webui is also possible, but not recommended.
Does not use docker at all, both glftpd and webgui run on the same host. Glftpd should already be installed (e.g. in '/glftpd') and you need nginx and php-fpm to run webui from www dir.
Try running local-install.sh, it will prompt a few times for paths and settings. The script will check for requirements first. Some additional manual steps might still be required.
Or, to set this up completely manually
- you've setup glftpd, nginx, php-fpm(8+) and modules etc
- copy webui files to document root: assets, lib, templates and src dirs to e.g. /var/www/html
- copy config.php.dist to config.php (set mode to 'local')
- copy nginx conf templates from etc
- check 'bin_dir' under 'local' in config.php (default is '/usr/local/bin')
- verify paths and other config settings
- download/replace pyspy and pywho for your distro in 'bin_dir'
- make sure
spy --webis running on localhost:5000 (bin/spy.sh) - copy/compile other bins if needed (gotty, hashgen, passchk)
- copy etc/sudoers.d/glftpd-web and set 'runas' in config
it might help to have a look at the Dockerfile, adapt to your specific environment
- Network: webui needs to be able to connect to tcp ports 1337(glftpd), 3333(bot), 8080(gotty) and 5050(pyspy)
- User management: needs access to /glftpd dir, either in glftpd container or on same host
- Stop/start glftpd: needs access to docker socket or systemd/service + sudo in local webui-mode
- Terminal commands: these need to run in glftpd container or on same host in local webui-mode, local mode requires php 'exec'
- Filemanager: needs access to config files and /glftpd/site
These can be changed in config.php
docker
- api:
<url> - glftpd_ct_name
<name>(default: glftpd) - bin_dir:
<path>to binaries *
local
- runas:
<sudo cmd>for sudo (default: '/usr/bin/sudo -n -u root') - bin_dir:
<path>to binaries
* path to gltool.sh, gotty, pywho etc
show_more_opts
truealways show all optionsfalsecollapse with link "Show/hide more options"
show_alerts
trueshow notifications,falseno notifications
max_items: <number> of users and groups to show (without collapse)
modal
- commands:
trueshow (terminal) commands in dialog,falseoutputs to bottom of page
- sitewho:
trueshow pywho in dialog,falseoutputs to bottom of page
spy
- enabled:
trueshow online users,falsehide online users - refresh:
trueauto refresh,falseno refresh
services
- glftpd:
- host:
<hostname|ip>(default: localhost), port:<num>(default: 1337)
- host:
- sitebot:
- host:
<hostname|ip>(default: localhost), port:<num>(default: 3333)
- host:
(used for UP/DOWN status)
filemanager *
- (Browse) Name:
- type: 'dir', path: "/path/to/dir"
- (Edit/View) filename:
- type: 'file', mode:
<edit|view>, path: "/path/to/filename/"
- type: 'file', mode:
default file mode is 'edit'
if there are no dirs/files defined, filemanager tab is not shown
* if path is empty, defaults for mode is used (docker/local)
buttons
- Glftpd
- name:
<cmd>
- name:
- Docker
- name:
<cmd>
- name:
- Terminal
- name:
<cmd>
- name:
add separator(s) with 'sep'
(if there are no buttons defined, it's tab is not shown)
More info about different setup modes
Commands: docker_commands.php, uses docker api
Network: both glftpd and webui use same docker network ('shit')
Storage: Default basedir for glftpd mounts is './glftpd' which is the workdir on host, set GL_DATA to change
Notes:
- the 'glftpd' image from docker-glftpd is used by default
- to use a different image, change it in
docker-run.sh - to not start gl at all set
GLFTPD=0, for example if you already have your own glftpd container running
Enabled if WEBUI_LOCAL=1 is set on runtime
Commands: local_commands.php, uses php exec
Network: docker host network is used (--network=host) and 'localhost' to connect to glftpd, bot, spy and gotty (default)
Storage: to allow access to '/glftpd' dir (GL_DIR), it's bind mounted inside the webui container (for non docker you could change this to document root)
Notes:
- running webgui in docker but not glftpd, limits what webui can do
- it's possible start/stop glftpd with system and dbus broker, but probably not worth the effort (build the debian image if you want)
- when using manual setup without docker, make sure webui can run commands using sudo and/or systemd
Docker: set WEBUI_AUTH_MODE=<mode>
Without docker: run ./auth.sh <mode>
auth.sh makes any needed changes to nginx config and config.php and is be triggered by env var or run directly
- basic: http authentication with standard browser dialog to login (default)
- glftpd: login with html user/pass form, checked against glftpd's userdb using
passchkbin - both: combines glftpd and basic auth modes
- none: disable auth
- additionally, access is always limited to allowed ip ranges
Uses nginx and htpasswd to store user/password (in /etc/nginx/.htpasswd).
Docker: set WEBUI_AUTH_MODE and WEBUI_AUTH_USER and WEBUI_AUTH_PASS to change credentials.
Without docker, run ./auth.sh basic <user> <password>
Besides gl user/pass, also checks userfile for '+1' flag (SITEOP) and compares addip/host mask(s) to client's src ip (X-Forwarded-For header).
Combines 'basic' and 'glftpd' modes. For basic auth, php handles browser input window and compares username and password to 'http_auth' setting from config.php (instead of nginx/htpasswd). To force browser to relogin, try url http:/[email protected]:4444
Docker: set WEBUI_AUTH_MODE and WEBUI_AUTH_USER and WEBUI_AUTH_PASS to change http auth credentials. Can also be changed in docker-run.sh or docker-compose.yml.
Without docker: run ./auth.sh both <user> <password>
Disables auth (still checks ip)
Make sure your client's source ip is whitelisted. Default is 'allow' all private ip ranges (rfc1918). To change, edit etc/nginx/auth.d/allow.conf.template (docker) or allow.conf and restart container or reload nginx.