Not yet released.
opencli faq
command to show frequently asked questionsopencli admin disable
and opencli admin enable
commands.opencli report
that failed to retrive MySQL version for mysql running inside docker container.--enable_ftp
and --enable_mail
to enable experimental features.opencli -v
is now an alias for opencli --version
.New experimental OpenPanel FTP module is now available and allows you to create FTP sub-accounts.
Upon activation, a fresh Docker container featuring VSFTPD will be initiated, serving as a shared environment for all OpenPanel FTP sub-users. This ensures the segregation of FTP accounts from other processes and services. Even in the event of a compromise, the impact is contained within the confines of the OpenPanel user's home folder, preventing access to other services or files.
This functionality leverages the open-source OpenPanel FTP module and is currently in its preliminary developmental phase. As such, it is not enabled by default and there are no additional options available in the OpenPanel interface to facilitate the creation and management of FTP users. Currently, all configurations must be performed by the administrator via the terminal:
To install FTP on an OpenPanel server, execute the following command:
opencli ftp-setup
To create new FTP accounts:
opencli ftp-add <NEW_USERNAME> <NEW_PASSWORD> <FOLDER> <OPENPANEL_USERNAME>
After detailed testing, a dedicated FTP page will be introduced to the OpenPanel, enabling users to seamlessly create FTP sub-users.
Administrators can now disable direct server access and only allow access via Cloudflare proxy.
OpenPanel server
_____________________________
__________________________________ | | |
| | | F | |
-->| Traffic comming from Cloudflare |---------->| I | Websites |
|__________________________________| | R | |
__________________________________ | E | & |
| | | W | |
-->| Direct access to server IP |----------X| A | User services |
|__________________________________| | L | |
| L | |
|_____|_______________________|
To enable this feature simply navigate to OpenAdmin > Firewall and click on the Cloudfare button.
Or from terminal:
Enable Cloudflare restrictions:
opencli cloudflare --enable
Disable Cloudflare restrictions:
opencli cloudflare --disable
This feature will regularly update Cloudflare ip addresses to make sure new CF IP ranges are included.
OpenAdmin Firewall now allows Administrators to easily add blacklists to block IP addresses from known malicious sources.
This feature uses the ipset-blacklist service automating the process of fetching and blocking IPs. It's a simple yet effective way to enhance system security without manual hassle.
Default blacklists:
Blacklist | URL |
---|---|
AbuseIPDB (DISABLED) | https://api.abuseipdb.com/api/v2/blacklist |
OpenPanel (DISABLED) | https://api.openpanel.co/blocklist.txt |
Spamhaus DROP | https://www.spamhaus.org/drop/drop.lasso |
Spamhaus EDROP | https://www.spamhaus.org/drop/edrop.lasso |
DShield | https://www.dshield.org/feeds/suspiciousdomains_Low.txt |
FireHOL level1 | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset |
FireHOL level2 | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset |
FireHOL level3 | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset |
FireHOL level4 | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset |
Binary Defense | https://www.binarydefense.com/banlist.txt |
blocklist.de | https://lists.blocklist.de/lists/all.txt |
Administrators can add additional blacklists.
New opencli commands are also available:
Download new IP addresses for all enabled blocklists:
opencli blacklist --fetch
Update all ipsets rules and reload UFW service:
opencli blacklist --update_ufw
Add a new blacklist:
opencli blacklist --add-blacklist name=<name> url=<url>
Enable a blacklist:
opencli blacklist --enable-blacklist=<name>
Disable a blacklist:
opencli blacklist --disable-blacklist=<name>
Delete a blacklist:
opencli blacklist --delete-blacklist=<name>
OpenCLI now has a new command opencli faq
to display most frequently asked questions:
/etc/openpanel/
To enable easier updates in the future, we are gradually migrating all configuration files from /usr/local/panel/
& /usr/local/admin/
directories to the new /etc/openpanel/
directory.
This will separate configuration files in /etc/ from all the code in /usr/ and therefore no configuration files will need to be moved&restored when performing updates.
Current changes include:
/usr/local/admin/scripts/helpers/forbidden_usernames.txt
to /etc/openpanel/openadmin/config/forbidden_usernames.txt
/etc/openpanel/ftp/users/