Add nginx FastCGI and iptable check

src/iptables/main.php

@@ -6,7 +6,14 @@
 if ($_GET['secret'] !== $_SERVER['SECRET_TOKEN']) exit;
 if ($_GET['action'] === 'refresh') {
     exec($_SERVER['IPTABLES_REFRESH']);
-    echo "Updated";
+    echo "Updated for IPv4\n";
+} else if ($_GET['action'] === 'check') {
+    $iptables_file = file_get_contents($_SERVER['IPTABLES_PATH']);
+    if (!$iptables_file) {
+        die('ERROR: config not found');
+    }
+    $theword = "-A OUTPUT -m owner --uid-owner $_GET[user] -j REJECT\n";
+    die(str_contains($iptables_file, $theword) ? '1' : '0');
 } else if ($_GET['action'] === 'add_user') {
     $iptables_file = file_get_contents($_SERVER['IPTABLES_PATH']);
     if (!$iptables_file) {
@@ -22,7 +29,7 @@
         die('ERROR: unable to write config');
     }
     exec($_SERVER['IPTABLES_RELOAD']);
-    echo "Updated";
+    echo "Updated for IPv4\n";
 } else if ($_GET['action'] === 'del_user') {
     $iptables_file = file_get_contents($_SERVER['IPTABLES_PATH']);
     if (!$iptables_file) {
@@ -36,5 +43,5 @@
         die('ERROR: unable to write config');
     }
     exec($_SERVER['IPTABLES_RELOAD']);
-    echo "Updated";
+    echo "Updated for IPv4\n";
 }

src/iptables/mainv6.php

@@ -6,23 +6,23 @@
 if ($_GET['secret'] !== $_SERVER['SECRET_TOKEN']) exit;
 if ($_GET['action'] === 'refresh') {
     exec($_SERVER['IPTABLESV6_REFRESH']);
-    echo "Updated";
+    echo "Updated for IPv6\n";
 } else if ($_GET['action'] === 'add_user') {
     $iptables_file = file_get_contents($_SERVER['IPTABLESV6_PATH']);
     if (!$iptables_file) {
         die('ERROR: config not found');
     }
     $theword = "-A OUTPUT -m owner --uid-owner $_GET[user] -j REJECT\n";
     $replaced_file = str_replace($theword, "", $iptables_file);
-    $replaced_file = str_replace("# Limiter goes down here\n", "# Limiter goes down here\n".$theword, $replaced_file);
+    $replaced_file = str_replace("# Limiter goes down here\n", "# Limiter goes down here\n" . $theword, $replaced_file);
     if ($iptables_file === $replaced_file) {
         die('Updated, nothing changed');
     }
     if (file_put_contents($_SERVER['IPTABLESV6_PATH'], $replaced_file, LOCK_EX) === false) {
         die('ERROR: unable to write config');
     }
     exec($_SERVER['IPTABLESV6_RELOAD']);
-    echo "Updated";
+    echo "Updated for IPv6\n";
 } else if ($_GET['action'] === 'del_user') {
     $iptables_file = file_get_contents($_SERVER['IPTABLESV6_PATH']);
     if (!$iptables_file) {
@@ -36,5 +36,5 @@
         die('ERROR: unable to write config');
     }
     exec($_SERVER['IPTABLESV6_RELOAD']);
-    echo "Updated";
+    echo "Updated for IPv6\n";
 }

src/nginx/main.php

@@ -59,16 +59,18 @@
 $d['user'] = explode('/', $d['root'])[2];
 // extract location
 $matches = [];
-if (preg_match('/^\t\t\tfastcgi_pass (.+);/m', $serv, $matches) === false) {
+if (preg_match('/^\t\t(\/\/ |\t)fastcgi_pass (.+);/m', $serv, $matches) === false) {
     die("ERROR: No 'fastcgi_pass' was detected");
 }
-$d['fcgi'] = $matches[1];
+$d['fcgi'] = $matches[2];
 $c = mergeConfig($config);
-$c['locations'][] = [
-    'match' => '~ \.php(/|$)',
-    'try_files' => '$uri =404',
-    'fastcgi_pass' => $d['fcgi'],
-];
+if ($c['fastcgi'] == 'on') {
+    $c['locations'][] = [
+        'match' => '~ \.php(/|$)',
+        'try_files' => '$uri =404',
+        'fastcgi_pass' => $d['fcgi'],
+    ];
+}
 // all necessary data in, now cut
 ob_start();
 include "template.php";

src/nginx/template.php

@@ -61,6 +61,9 @@
 ?>
 		}
 <?php endforeach ?>
+<?php if ($c['fastcgi'] === 'off') : ?>
+		// fastcgi_pass <?= $d['fcgi'] ?>;
+<?php endif ?>
 <?php if ($c['ssl'] !== 'off') : ?>
 		listen <?= $d['ip'] ?>:443 ssl http2;
 		listen <?= $d['ip6'] ?>:443 ssl http2;

src/nginx/validator.php

@@ -16,6 +16,7 @@ function mergeConfig($config)
          *  forgot to set it, it will back to "ssl: on".
          */
         'ssl' => 'on', // [off|on (default)|enforce]
+        'fastcgi' => 'on', // [off|on (default)] whether to enable or disable php execution
         'ssl_certificate' => [
             // 'cert' => 'ssl.combined',
             // 'key' => 'ssl.key',