0.1.9.md 7.7 KB


hide_table_of_contents: true

0.1.9

Not yet released.

🚀 New features

🐛 Bug fixes

  • Fixed bugs with opencli admin disable and opencli admin enable commands.
  • Fixed bug with opencli report that failed to retrive MySQL version for mysql running inside docker container.
  • Fixed bug with incorect version in changelog link on OpenAdmin > General Settings > Update Preferences.

💅 Polish

FTP

New experimental OpenPanel FTP module is now available and allows you to create FTP sub-accounts.

Upon activation, a fresh Docker container featuring VSFTPD will be initiated, serving as a shared environment for all OpenPanel FTP sub-users. This ensures the segregation of FTP accounts from other processes and services. Even in the event of a compromise, the impact is contained within the confines of the OpenPanel user's home folder, preventing access to other services or files.

This functionality leverages the open-source OpenPanel FTP module and is currently in its preliminary developmental phase. As such, it is not enabled by default and there are no additional options available in the OpenPanel interface to facilitate the creation and management of FTP users. Currently, all configurations must be performed by the administrator via the terminal:

To install FTP on an OpenPanel server, execute the following command:

opencli ftp-setup

To create new FTP accounts:

opencli ftp-add <NEW_USERNAME> <NEW_PASSWORD> <FOLDER> <OPENPANEL_USERNAME>

After detailed testing, a dedicated FTP page will be introduced to the OpenPanel, enabling users to seamlessly create FTP sub-users.

Cloudflare only

Administrators can now disable direct server access and only allow access via Cloudflare proxy.

                                                          OpenPanel server
                                                   _____________________________
    __________________________________            |     |                       |
   |                                  |           |  F  |                       |
-->| Traffic comming from Cloudflare  |---------->|  I  |        Websites       |
   |__________________________________|           |  R  |                       |
    __________________________________            |  E  |           &           |
   |                                  |           |  W  |                       |
-->|    Direct access to server IP    |----------X|  A  |      User services    |
   |__________________________________|           |  L  |                       |
                                                  |  L  |                       |
                                                  |_____|_______________________| 

To enable this feature simply navigate to OpenAdmin > Firewall and click on the Cloudfare button.

screenshot of ipset cloudflare feature

Or from terminal:

  • Enable Cloudflare restrictions:

    opencli cloudflare --enable
    
  • Disable Cloudflare restrictions:

    opencli cloudflare --disable
    

This feature will regularly update Cloudflare ip addresses to make sure new CF IP ranges are included.

IPset Blacklists

OpenAdmin Firewall now allows Administrators to easily add blacklists to block IP addresses from known malicious sources.

This feature uses the ipset-blacklist service automating the process of fetching and blocking IPs. It's a simple yet effective way to enhance system security without manual hassle.

ipset-blacklist

Default blacklists:

Blacklist URL
AbuseIPDB (DISABLED) https://api.abuseipdb.com/api/v2/blacklist
OpenPanel (DISABLED) https://api.openpanel.co/blocklist.txt
Spamhaus DROP https://www.spamhaus.org/drop/drop.lasso
Spamhaus EDROP https://www.spamhaus.org/drop/edrop.lasso
DShield https://www.dshield.org/feeds/suspiciousdomains_Low.txt
FireHOL level1 https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
FireHOL level2 https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
FireHOL level3 https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
FireHOL level4 https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset
Binary Defense https://www.binarydefense.com/banlist.txt
blocklist.de https://lists.blocklist.de/lists/all.txt

Administrators can add additional blacklists.

New opencli commands are also available:

  • Download new IP addresses for all enabled blocklists:

    opencli blacklist --fetch
    
  • Update all ipsets rules and reload UFW service:

    opencli blacklist --update_ufw
    
  • Add a new blacklist:

    opencli blacklist --add-blacklist name=<name> url=<url>
    
  • Enable a blacklist:

    opencli blacklist --enable-blacklist=<name>
    
  • Disable a blacklist:

    opencli blacklist --disable-blacklist=<name>
    
  • Delete a blacklist:

    opencli blacklist --delete-blacklist=<name>
    

opencli faq

OpenCLI now has a new command opencli faq to display most frequently asked questions:

opencli faq command output

/etc/openpanel/

To enable easier updates in the future, we are gradually migrating all configuration files from /usr/local/panel/ & /usr/local/admin/ directories to the new /etc/openpanel/ directory.

This will separate configuration files in /etc/ from all the code in /usr/ and therefore no configuration files will need to be moved&restored when performing updates.

Current changes include:

  • Forbidden usernames file is now moved from: /usr/local/admin/scripts/helpers/forbidden_usernames.txt to /etc/openpanel/openadmin/config/forbidden_usernames.txt
  • FTP configuration files are stored under /etc/openpanel/ftp/users/