search

sentora / sentora-core

Sentora is a web hosting control panel written in PHP for *NIX
GNU General Public License v3.0
657 stars 446 forks source link

Install/Update modules by HTTPS URL #332

Closed Bizarrus closed 10 months ago

Bizarrus commented 5 years ago

Issue: When you try to add an module repository, you can't use it if the domain runs over HTTPS if the HTTP domain is not accessible or has an redirect to the secured HTTPS site.

Following line is concerned, as sample: bin/zppy#L295:

$packagects = @file_get_contents("http://" . $line . "/packages.txt");
zppy repo add sample.com // An https Domain or http domain with https redirect
zppy update

How to reproduce it: Use an domain with HTTPS (explicitely a Domain with a redirect from HTTP to HTTPS)

Suggested fix or solution if you have any: Adding an HTTP Context to file_get_contents and add follow_location to automatically redirect from HTTP to HTTPS: context.http.php

Possible fix:

$context = stream_context_create([
    'http' => [
        'follow_location' => true
    ]
]);

$packagects = @file_get_contents("http://" . $line . "/packages.txt", false, $context);
TGates71 commented 5 years ago

I will try and make time to test this out. Looks like a good solution from reading through it. Not a 'bug' since SSL was not mainstream when Sentora was built. Thanks for the input. I've wanted to update my repo to HTTPS because it uses logins and forms but was not sure which method would work in the core to allow this change. Have you tested it and does it install the modules properly? There may be more underlying issues related to module repositories, module update checks, etc.

Bizarrus commented 5 years ago

It's only an connecting problem for HTTPS. By default, file_get_contents won't redirect if a 301 Status or Location header is presented.

Mostly (if you're using HTTPS), you has an simple HTTP VHost with an redirect to the SSL page. And that is the problem :)

Bizarrus commented 5 years ago

I can implement these and make some Pull-Requests, but i've seen, that the development of Sentora is freezed and has no activity. Thats the point, why i've don't spend some time for that.

TGates71 commented 1 year ago

looking into this right now.

TGates71 commented 1 year ago

I just tried it with my repo as https and it worked just fine without editing anything in Sentora. Maybe the server you tested on did not have a proper redirect to https from http? zppy update and zppy repo add worked just fine also. It also worked fine with Repo Browser module.

TGates71 commented 1 year ago

I get one error related to it parsing an xml file Otherwise it works OK. Doing more checks. Error fixed, had to do with my repository.

TGates71 commented 1 year ago

Ok, needs more checks since this is related directly to get.xml data and not the actually zppy install

TGates71 commented 10 months ago

My repo has been SSL since this was first posted and I have no problems (Sentora v2.0.0/v2.0.1) without the edit and nobody has contacted me about not being able to connect or install any of my modules in the past 8-9 months.

TGates71 commented 10 months ago

UPDATE: From Stack Overflow: https://stackoverflow.com/questions/1975461/how-to-get-file-get-contents-to-work-with-https Basically you need to ensure that php_openssl extension must exist and is enabled and allow_url_fopen must be set to on.