sssnake/setec_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e839ee8260d389f46dadf53d643e955d9bf2c00
setec_cdm/setec-web/templates/docs.html
DigiJ 9e839ee826 Initial commit — SETEC LABS Manager (Setec_CDM) 
Flask-based VPS management panel with SSH remote command execution.
Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard,
security hardening tools, DNS management, firewall configs, monitoring,
backup, and .sec patch update system.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:39:02 -07:00

610 lines
33 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% block title %}Documentation{% endblock %}
{% block content %}
<h1>[^] Documentation</h1>
<div class="toolbar">
<button class="btn" onclick="showDoc('manual')">User Manual</button>
<button class="btn" onclick="showDoc('hostlinks')">Host API / SSH Links</button>
<button class="btn" onclick="showDoc('troubleshoot')">Troubleshooting Guide</button>
</div>
<!-- ═══════════════════════════════════════════════════════════════ -->
<!-- USER MANUAL -->
<!-- ═══════════════════════════════════════════════════════════════ -->
<div id="doc-manual" class="card">
<div class="card-title">User Manual</div>
<div style="font-size:12px;line-height:1.7;color:#ccc">
<h2>1. Introduction</h2>
<p>SETEC LABS Manager is a web-based VPS management panel that connects to your Linux server over SSH.
It provides a terminal-style interface for managing security tools, firewalls, DNS, nginx, Docker,
email, and more &mdash; all from your browser.</p>
<p style="color:#888;font-size:11px">Requirements: A Linux VPS (Debian/Ubuntu recommended), SSH key access, Python 3.10+</p>
<h2>2. Installation</h2>
<div style="background:#000;padding:10px;border:1px solid #333;margin:8px 0">
<span style="color:#888"># Clone the repository</span><br>
<span style="color:#00ff41">git clone https://repo.seteclabs.io/setec/setec-mgr.git</span><br>
<span style="color:#00ff41">cd setec-mgr</span><br><br>
<span style="color:#888"># Install dependencies</span><br>
<span style="color:#00ff41">pip install -r requirements.txt</span><br><br>
<span style="color:#888"># Start the manager</span><br>
<span style="color:#00ff41">python app.py</span><br><br>
<span style="color:#888"># Open in browser</span><br>
<span style="color:#00ff41">http://localhost:5000</span>
</div>
<h2>3. Initial Setup (Setup Wizard)</h2>
<p>On first launch, click <strong style="color:#00ff41">Setup Wizard</strong> in the sidebar. The wizard walks you through:</p>
<ol style="margin-left:15px;line-height:2">
<li><strong style="color:#88ff88">Terms of Service</strong> &mdash; Read and accept the disclaimer.</li>
<li><strong style="color:#88ff88">SSH Keys</strong> &mdash; Select existing keys or generate new ones with host-specific guidance.</li>
<li><strong style="color:#88ff88">VPS Connection</strong> &mdash; Enter your server IP, SSH username, port (2222 recommended), and key path.</li>
<li><strong style="color:#88ff88">DNS API</strong> &mdash; Select your hosting provider, enter your domain and API key.</li>
<li><strong style="color:#88ff88">Paths</strong> &mdash; Set web root and Docker Compose file location.</li>
<li><strong style="color:#88ff88">Connection Test</strong> &mdash; Verify SSH and API connectivity.</li>
</ol>
<p style="color:#888;font-size:11px">You can re-run the wizard at any time. All settings are also editable from the Settings page.</p>
<h2>4. Dashboard</h2>
<p>The Dashboard shows a real-time overview of your server:</p>
<ul style="margin-left:15px;line-height:2">
<li><strong>System Info</strong> &mdash; Hostname, OS, kernel, uptime</li>
<li><strong>Resource Usage</strong> &mdash; CPU, RAM, disk, swap</li>
<li><strong>Network</strong> &mdash; Active connections, listening ports</li>
<li><strong>Services</strong> &mdash; Status of key services (nginx, sshd, etc.)</li>
</ul>
<h2>5. Docker Management</h2>
<p>Manage containers, images, volumes, and networks. Start/stop/restart containers, view logs,
pull images, and manage your Docker Compose stack.</p>
<div style="background:#000;padding:8px;border:1px solid #333;margin:8px 0;font-size:11px;color:#888">
Note: SETEC runs services natively with systemd by default. Docker management is provided for
users who have containerized workloads.
</div>
<h2>6. DNS Management</h2>
<p>View, add, and delete DNS records through your hosting provider's API. Supports:</p>
<ul style="margin-left:15px;line-height:2">
<li>A, AAAA, CNAME, MX, TXT, NS records</li>
<li>10 hosting providers (see Host API / SSH Links tab)</li>
<li>Fallback to <code style="color:#00ff41">dig</code> when API is unavailable</li>
</ul>
<h2>7. Nginx Management</h2>
<p>Create and manage nginx virtual hosts, enable/disable sites, view access and error logs,
test configuration, and manage SSL certificates with Let's Encrypt (certbot).</p>
<h2>8. SMTP / Email</h2>
<p>Configure and manage mail services. View mail queue, check DKIM/SPF/DMARC records,
test email delivery, and manage Postfix configuration.</p>
<h2>9. Firewall</h2>
<p>The Firewall page (separate from Security) provides:</p>
<ul style="margin-left:15px;line-height:2">
<li><strong>Dashboard</strong> &mdash; Firewall activity overview and monitoring</li>
<li><strong>UFW</strong> &mdash; Simplified firewall rule management</li>
<li><strong>iptables</strong> &mdash; Advanced packet filtering rules</li>
<li><strong>nftables</strong> &mdash; Modern netfilter framework management</li>
<li><strong>firewalld</strong> &mdash; Zone-based firewall management</li>
<li><strong>CSF</strong> &mdash; ConfigServer Security &amp; Firewall</li>
<li><strong>Migration</strong> &mdash; Convert between UFW and iptables with one click</li>
</ul>
<h2>10. Fail2Ban</h2>
<p>Manage Fail2Ban jails, view banned IPs, check jail status, and configure ban rules
to protect against brute-force attacks on SSH, nginx, and other services.</p>
<h2>11. Security Center</h2>
<p>The Security page is your central hub for hardening and monitoring:</p>
<p style="color:#ffaa00;margin-top:10px">Hardening Tools</p>
<ul style="margin-left:15px;line-height:2">
<li><strong>SSH Hardening</strong> &mdash; Disable root login, enforce key auth, change port</li>
<li><strong>Kernel Hardening</strong> &mdash; Sysctl tweaks for network and memory protection</li>
<li><strong>Auto Updates</strong> &mdash; Enable unattended-upgrades for security patches</li>
<li><strong>.sec Patch System</strong> &mdash; Apply SETEC-curated distro-specific security patches</li>
</ul>
<p style="color:#ffaa00;margin-top:10px">Security Applications (each with full management tab)</p>
<table style="margin:8px 0">
<tr><th>App</th><th>Purpose</th></tr>
<tr><td style="color:#00ff41">ClamAV</td><td>Antivirus scanning, quarantine management, scheduled scans</td></tr>
<tr><td style="color:#00ff41">rkhunter</td><td>Rootkit detection, file property checks</td></tr>
<tr><td style="color:#00ff41">chkrootkit</td><td>Alternative rootkit scanner with expert mode</td></tr>
<tr><td style="color:#00ff41">Lynis</td><td>Security auditing and hardening index scoring</td></tr>
<tr><td style="color:#00ff41">OSSEC</td><td>Host-based intrusion detection (HIDS), log monitoring, alerts</td></tr>
<tr><td style="color:#00ff41">ModSecurity</td><td>Web application firewall (WAF) for nginx, OWASP CRS rules</td></tr>
<tr><td style="color:#00ff41">AIDE</td><td>File integrity monitoring, baseline comparison</td></tr>
<tr><td style="color:#00ff41">Cowrie</td><td>SSH/Telnet honeypot for attacker monitoring</td></tr>
</table>
<p style="color:#888;font-size:11px">Each app tab provides: install/uninstall, status, configuration, scanning/auditing, logs, and scheduled tasks.</p>
<h2>12. Detect</h2>
<p>Server detection and fingerprinting. Identifies installed software, open ports,
running services, and potential security issues.</p>
<h2>13. Configs</h2>
<p>View and edit critical configuration files directly: sshd_config, nginx.conf,
jail.local, and other system configs with syntax-aware editing.</p>
<h2>14. Files</h2>
<p>Browse the server filesystem, view file contents, upload and download files,
manage permissions, and navigate directories.</p>
<h2>15. Terminal</h2>
<p>Direct SSH terminal access from the browser. Execute commands on your server
with full output display. Useful for tasks not covered by the GUI.</p>
<h2>16. Settings</h2>
<p>Configure all SETEC Manager settings:</p>
<ul style="margin-left:15px;line-height:2">
<li><strong>VPS Connection</strong> &mdash; Host, user, port, SSH key path</li>
<li><strong>Hosting Provider API</strong> &mdash; Provider selection, API key, documentation links</li>
<li><strong>Domain &amp; Paths</strong> &mdash; Domain, web root, compose path</li>
</ul>
<h2>17. Front Page</h2>
<p>Manage the public-facing landing page for your domain. Edit content,
configure styling, and deploy updates.</p>
<h2>18. Keyboard Shortcuts &amp; Tips</h2>
<ul style="margin-left:15px;line-height:2">
<li>All actions use AJAX &mdash; the page never fully reloads</li>
<li>Output panels are scrollable; long scan outputs won't overflow</li>
<li>Red text = error, yellow text = warning, green text = success</li>
<li>Every destructive action (uninstall, delete, purge) requires confirmation</li>
<li>SSH connection is shared &mdash; the manager reuses a single SSH session</li>
</ul>
<h2>19. Getting Help</h2>
<ul style="margin-left:15px;line-height:2">
<li>Official repo: <a href="https://repo.seteclabs.io" target="_blank">repo.seteclabs.io</a></li>
<li>GitHub mirror: <a href="https://github.com/DigiJEth" target="_blank">github.com/DigiJEth</a></li>
<li>Submit issues and feature requests at the Gitea repo</li>
</ul>
</div>
</div>
<!-- ═══════════════════════════════════════════════════════════════ -->
<!-- HOST API / SSH LINKS -->
<!-- ═══════════════════════════════════════════════════════════════ -->
<div id="doc-hostlinks" class="card" style="display:none">
<div class="card-title">Host API / SSH Links</div>
<div style="font-size:12px;line-height:1.7;color:#ccc">
<p style="color:#888;margin-bottom:15px">Quick-access links to API key generation and SSH key setup guides for every supported hosting provider.</p>
<!-- Hostinger -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Hostinger</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Key Gen:</td>
<td>hPanel &rarr; Profile &rarr; API Keys &rarr; Create new key with DNS permissions<br>
<a href="https://developers.hostinger.com" target="_blank">developers.hostinger.com</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>hPanel &rarr; VPS &rarr; Settings &rarr; SSH Keys &rarr; Add SSH Key<br>
<a href="https://support.hostinger.com/en/articles/1583522-how-to-generate-ssh-keys" target="_blank">support.hostinger.com/.../how-to-generate-ssh-keys</a></td>
</tr>
</table>
</div>
<!-- Cloudflare -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Cloudflare</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Token:</td>
<td>dash.cloudflare.com &rarr; My Profile &rarr; API Tokens &rarr; Create Token &rarr; "Edit zone DNS" template<br>
<a href="https://developers.cloudflare.com/api" target="_blank">developers.cloudflare.com/api</a></td>
</tr>
<tr>
<td style="color:#888">SSH (Tunnel):</td>
<td>Cloudflare is a DNS/CDN provider, not a VPS host. If using Cloudflare Tunnel for SSH:<br>
<a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/" target="_blank">developers.cloudflare.com/.../ssh</a></td>
</tr>
</table>
</div>
<!-- DigitalOcean -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>DigitalOcean</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Token:</td>
<td>cloud.digitalocean.com &rarr; API &rarr; Tokens &rarr; Generate New Token (read+write)<br>
<a href="https://docs.digitalocean.com/reference/api" target="_blank">docs.digitalocean.com/reference/api</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>Settings &rarr; Security &rarr; SSH Keys &rarr; Add SSH Key<br>
<a href="https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/" target="_blank">docs.digitalocean.com/.../add-ssh-keys</a></td>
</tr>
</table>
</div>
<!-- Vultr -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Vultr</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Key:</td>
<td>my.vultr.com &rarr; Account &rarr; API &rarr; Enable API &rarr; copy key (whitelist server IP)<br>
<a href="https://www.vultr.com/api" target="_blank">vultr.com/api</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>Account &rarr; SSH Keys &rarr; Add SSH Key<br>
<a href="https://docs.vultr.com/how-do-i-generate-ssh-keys" target="_blank">docs.vultr.com/how-do-i-generate-ssh-keys</a></td>
</tr>
</table>
</div>
<!-- Linode -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Linode (Akamai)</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Token:</td>
<td>cloud.linode.com &rarr; My Profile &rarr; API Tokens &rarr; Create Personal Access Token (Domains read/write)<br>
<a href="https://www.linode.com/docs/api" target="_blank">linode.com/docs/api</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>Profile &rarr; SSH Keys &rarr; Add SSH Key (injected into new Linodes at creation)<br>
<a href="https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/" target="_blank">linode.com/docs/.../use-public-key-authentication-with-ssh</a></td>
</tr>
</table>
</div>
<!-- GoDaddy -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>GoDaddy</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Key:</td>
<td>developer.godaddy.com &rarr; API Keys &rarr; Create New API Key. Format: <span style="color:#00ff41">key:secret</span><br>
<a href="https://developer.godaddy.com" target="_blank">developer.godaddy.com</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>GoDaddy is primarily a domain registrar. For VPS/dedicated hosting SSH:<br>
<a href="https://www.godaddy.com/help/generate-ssh-keys-40767" target="_blank">godaddy.com/help/generate-ssh-keys-40767</a></td>
</tr>
</table>
</div>
<!-- Namecheap -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Namecheap</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Key:</td>
<td>Profile &rarr; Tools &rarr; API Access &rarr; Enable API (requires IP whitelist)<br>
<a href="https://www.namecheap.com/support/api/intro" target="_blank">namecheap.com/support/api/intro</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>Namecheap is primarily a domain registrar. For hosting products:<br>
<a href="https://www.namecheap.com/support/knowledgebase/article.aspx/9356/69/how-to-generate-an-ssh-key/" target="_blank">namecheap.com/.../how-to-generate-an-ssh-key</a></td>
</tr>
</table>
</div>
<!-- Hetzner -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Hetzner</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Token:</td>
<td>dns.hetzner.com &rarr; API Tokens &rarr; Create new token<br>
<a href="https://dns.hetzner.com/api-docs" target="_blank">dns.hetzner.com/api-docs</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>Cloud Console &rarr; Security &rarr; SSH Keys &rarr; Add SSH Key<br>
<a href="https://docs.hetzner.com/cloud/servers/getting-started/connecting-to-the-server/" target="_blank">docs.hetzner.com/.../connecting-to-the-server</a></td>
</tr>
</table>
</div>
<!-- OVH -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>OVH / OVHcloud</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Key:</td>
<td>Requires Application Key, Application Secret, and Consumer Key<br>
<a href="https://api.ovh.com/createApp" target="_blank">api.ovh.com/createApp</a><br>
<a href="https://api.ovh.com" target="_blank">api.ovh.com (documentation)</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>Control Panel &rarr; Public Cloud &rarr; SSH Keys &rarr; Add key<br>
<a href="https://help.ovhcloud.com/csm/en-dedicated-servers-creating-ssh-keys" target="_blank">help.ovhcloud.com/.../creating-ssh-keys</a></td>
</tr>
</table>
</div>
<!-- AWS Route 53 -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>AWS Route 53</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API Key:</td>
<td>IAM Console &rarr; Users &rarr; Create Access Key (needs AmazonRoute53FullAccess). Format: <span style="color:#00ff41">ACCESS_KEY:SECRET_KEY</span><br>
<a href="https://docs.aws.amazon.com/Route53/latest/APIReference" target="_blank">docs.aws.amazon.com/Route53/latest/APIReference</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>EC2 Console &rarr; Key Pairs &rarr; Create/Import key pair (downloads .pem file)<br>
<a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html" target="_blank">docs.aws.amazon.com/.../ec2-key-pairs.html</a></td>
</tr>
</table>
</div>
<!-- Contabo -->
<div style="border:1px solid #333;padding:12px;margin-bottom:10px;background:#0a0a0a">
<p style="color:#00ff41;font-size:13px;margin-bottom:8px"><strong>Contabo</strong></p>
<table style="width:100%">
<tr>
<td style="color:#888;width:120px">API:</td>
<td>Contabo does not provide a DNS API. Use a third-party DNS provider (Cloudflare, etc.) or manage records manually.<br>
<a href="https://api.contabo.com" target="_blank">api.contabo.com (server management API only)</a></td>
</tr>
<tr>
<td style="color:#888">SSH Key Guide:</td>
<td>No panel-based SSH key manager. Generate keys locally and copy with <code style="color:#00ff41">ssh-copy-id</code><br>
<a href="https://contabo.com/blog/establishing-connection-server-ssh/" target="_blank">contabo.com/blog/establishing-connection-server-ssh</a></td>
</tr>
</table>
</div>
<!-- Generic SSH keygen -->
<div style="border:1px solid #00ff41;padding:12px;margin-top:15px;background:#0a0a0a">
<p style="color:#88ff88;font-size:13px;margin-bottom:8px"><strong>Universal: Generate SSH Keys (any provider)</strong></p>
<div style="background:#000;padding:10px;border:1px solid #333;margin:8px 0;font-size:11px">
<span style="color:#888"># Generate ed25519 key pair (recommended)</span><br>
<span style="color:#00ff41">ssh-keygen -t ed25519 -f C:/keys/setec -N ""</span><br><br>
<span style="color:#888"># Copy public key to server</span><br>
<span style="color:#00ff41">ssh-copy-id -i C:/keys/setec.pub -p 2222 root@YOUR_SERVER_IP</span><br><br>
<span style="color:#888"># Test connection</span><br>
<span style="color:#00ff41">ssh -i C:/keys/setec -p 2222 root@YOUR_SERVER_IP</span><br><br>
<span style="color:#888"># (Alternative) RSA 4096-bit key</span><br>
<span style="color:#00ff41">ssh-keygen -t rsa -b 4096 -f C:/keys/setec -N ""</span>
</div>
</div>
</div>
</div>
<!-- ═══════════════════════════════════════════════════════════════ -->
<!-- TROUBLESHOOTING GUIDE -->
<!-- ═══════════════════════════════════════════════════════════════ -->
<div id="doc-troubleshoot" class="card" style="display:none">
<div class="card-title">Troubleshooting Guide</div>
<div style="font-size:12px;line-height:1.7;color:#ccc">
<!-- SSH Connection -->
<h2>SSH Connection Issues</h2>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Error: "Connection refused" or "Connection timed out"</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Verify the server IP is correct and the VPS is powered on</li>
<li>Check the SSH port matches what's configured: <code style="color:#00ff41">nc -zv YOUR_IP YOUR_PORT</code></li>
<li>Confirm the port is open on the server firewall:
<div style="background:#000;padding:6px;margin:4px 0;font-size:11px">
<span style="color:#00ff41">ufw status</span> &nbsp;or&nbsp; <span style="color:#00ff41">iptables -L -n | grep YOUR_PORT</span>
</div>
</li>
<li>Check if your home IP is blocked (fail2ban, CSF, or hosting provider firewall)</li>
</ul>
</div>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Error: "Permission denied (publickey)"</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Verify the key path in Settings points to your <strong>private</strong> key (not .pub)</li>
<li>Check the public key is in the server's authorized_keys:
<div style="background:#000;padding:6px;margin:4px 0;font-size:11px">
<span style="color:#00ff41">cat ~/.ssh/authorized_keys</span>
</div>
</li>
<li>Fix permissions on the server:
<div style="background:#000;padding:6px;margin:4px 0;font-size:11px">
<span style="color:#00ff41">chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys</span>
</div>
</li>
<li>Test manually with verbose output:
<div style="background:#000;padding:6px;margin:4px 0;font-size:11px">
<span style="color:#00ff41">ssh -i /path/to/key -p PORT user@IP -vvv</span>
</div>
</li>
</ul>
</div>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Error: "Host key verification failed"</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>The server's fingerprint changed (reinstall, IP reassignment, or MITM)</li>
<li>Remove the old key: <code style="color:#00ff41">ssh-keygen -R YOUR_IP</code></li>
<li>Reconnect and verify the new fingerprint with your hosting provider</li>
</ul>
</div>
<div style="border-left:3px solid #ffaa00;padding:8px 12px;margin:10px 0;background:#1a1a0a">
<p style="color:#ffaa00;margin-bottom:5px"><strong>SSH connects but commands time out</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Server may be under heavy load &mdash; check CPU/RAM in your hosting panel</li>
<li>Long-running commands (full scans, package installs) have extended timeouts but may still exceed them</li>
<li>Try running the command directly from Terminal page for real-time output</li>
</ul>
</div>
<!-- DNS API -->
<h2>DNS API Issues</h2>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Error: "HTTP 401" or "HTTP 403"</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>API key is invalid, expired, or has insufficient permissions</li>
<li>Regenerate a new API key from your provider's dashboard (see Host API Links)</li>
<li>Ensure the key has DNS read/write permissions</li>
<li>Some providers (Vultr, Namecheap) require IP whitelisting</li>
</ul>
</div>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Error: "HTTP 530" or Cloudflare blocking API calls</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>If your domain uses Cloudflare as a proxy, API calls from your VPS may be intercepted</li>
<li>SETEC Manager routes API calls through your VPS via SSH to bypass this</li>
<li>If still failing, try making the API call directly from your local machine</li>
<li>Check if the provider's API endpoint is behind Cloudflare</li>
</ul>
</div>
<div style="border-left:3px solid #ffaa00;padding:8px 12px;margin:10px 0;background:#1a1a0a">
<p style="color:#ffaa00;margin-bottom:5px"><strong>DNS changes not propagating</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>DNS propagation takes time (minutes to 48 hours depending on TTL)</li>
<li>Check current state: <code style="color:#00ff41">dig +short A yourdomain.com</code></li>
<li>Check with different resolvers: <code style="color:#00ff41">dig @8.8.8.8 +short A yourdomain.com</code></li>
<li>Lower your TTL to 300 before making changes for faster propagation</li>
</ul>
</div>
<!-- Security Tools -->
<h2>Security Tool Issues</h2>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Tool install fails with "dpkg lock" error</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Another package operation is in progress (apt update, unattended-upgrades)</li>
<li>Wait a few minutes and retry, or check:
<div style="background:#000;padding:6px;margin:4px 0;font-size:11px">
<span style="color:#00ff41">lsof /var/lib/dpkg/lock-frontend</span>
</div>
</li>
<li>If the process is stuck, kill it (last resort):
<div style="background:#000;padding:6px;margin:4px 0;font-size:11px">
<span style="color:#00ff41">kill -9 PID && dpkg --configure -a</span>
</div>
</li>
</ul>
</div>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>ClamAV: "freshclam" or virus DB errors</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Stop freshclam service before manual update: <code style="color:#00ff41">systemctl stop clamav-freshclam</code></li>
<li>Run manual update: <code style="color:#00ff41">freshclam</code></li>
<li>ClamAV CDN may rate-limit &mdash; wait and retry in 30 minutes</li>
<li>Check if DNS resolves: <code style="color:#00ff41">dig database.clamav.net</code></li>
</ul>
</div>
<div style="border-left:3px solid #ffaa00;padding:8px 12px;margin:10px 0;background:#1a1a0a">
<p style="color:#ffaa00;margin-bottom:5px"><strong>Scans/audits appear to hang or run forever</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Full system scans (ClamAV, Lynis, AIDE) can take 10-60+ minutes</li>
<li>Use "Quick Scan" options when available for faster results</li>
<li>Check server load &mdash; scans are CPU-intensive</li>
<li>For long scans, use the Terminal page for real-time output</li>
</ul>
</div>
<!-- Firewall -->
<h2>Firewall Issues</h2>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Locked out of server after firewall change</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li style="color:#ff4444"><strong>Prevention:</strong> ALWAYS allow your SSH port before enabling the firewall</li>
<li>Use your hosting provider's console/VNC access to regain control</li>
<li>From console: <code style="color:#00ff41">ufw allow 2222/tcp && ufw reload</code></li>
<li>Or disable the firewall entirely: <code style="color:#00ff41">ufw disable</code></li>
</ul>
</div>
<div style="border-left:3px solid #ffaa00;padding:8px 12px;margin:10px 0;background:#1a1a0a">
<p style="color:#ffaa00;margin-bottom:5px"><strong>Multiple firewalls conflicting</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Only run ONE firewall at a time (UFW, iptables raw, nftables, firewalld, or CSF)</li>
<li>UFW is a frontend for iptables &mdash; they share the same backend</li>
<li>Use the Migration tabs (UFW&harr;iptables) to safely switch</li>
<li>Check what's active: <code style="color:#00ff41">ufw status</code>, <code style="color:#00ff41">iptables -L -n</code>, <code style="color:#00ff41">nft list ruleset</code></li>
</ul>
</div>
<!-- Nginx / SSL -->
<h2>Nginx / SSL Issues</h2>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Certbot SSL fails: "DNS problem: NXDOMAIN"</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>The domain/subdomain doesn't have a DNS A record pointing to your server</li>
<li>Add the A record first, wait for propagation, then retry certbot</li>
<li>Verify: <code style="color:#00ff41">dig +short A subdomain.yourdomain.com</code></li>
</ul>
</div>
<div style="border-left:3px solid #ff4444;padding:8px 12px;margin:10px 0;background:#1a0a0a">
<p style="color:#ff4444;margin-bottom:5px"><strong>Nginx won't start: "address already in use"</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Another process is using port 80/443: <code style="color:#00ff41">ss -tlnp | grep ':80\|:443'</code></li>
<li>Common culprit: Apache. Stop it: <code style="color:#00ff41">systemctl stop apache2 && systemctl disable apache2</code></li>
</ul>
</div>
<!-- General -->
<h2>General Issues</h2>
<div style="border-left:3px solid #ffaa00;padding:8px 12px;margin:10px 0;background:#1a1a0a">
<p style="color:#ffaa00;margin-bottom:5px"><strong>Manager shows "Loading..." forever</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>SSH connection dropped &mdash; refresh the page to reconnect</li>
<li>Check that <code style="color:#00ff41">python app.py</code> is still running in your terminal</li>
<li>Check browser console (F12) for JavaScript errors</li>
</ul>
</div>
<div style="border-left:3px solid #ffaa00;padding:8px 12px;margin:10px 0;background:#1a1a0a">
<p style="color:#ffaa00;margin-bottom:5px"><strong>Settings not saving / resetting on restart</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Config is stored at <code style="color:#00ff41">~/.setec-mgr/config.json</code></li>
<li>Check file permissions: <code style="color:#00ff41">ls -la ~/.setec-mgr/</code></li>
<li>View current config: <code style="color:#00ff41">cat ~/.setec-mgr/config.json</code></li>
</ul>
</div>
<div style="border:1px solid #00ff41;padding:12px;margin-top:20px;background:#0a0a0a">
<p style="color:#88ff88;margin-bottom:5px"><strong>Still need help?</strong></p>
<ul style="margin-left:15px;color:#888;line-height:1.8">
<li>Submit a ticket: <a href="https://repo.seteclabs.io" target="_blank">repo.seteclabs.io</a></li>
<li>GitHub mirror: <a href="https://github.com/DigiJEth" target="_blank">github.com/DigiJEth</a></li>
<li>Include: error message, server OS, SETEC Manager version, and steps to reproduce</li>
</ul>
</div>
</div>
</div>
{% endblock %}
{% block scripts %}
<script>
function showDoc(id) {
document.getElementById('doc-manual').style.display = (id === 'manual') ? 'block' : 'none';
document.getElementById('doc-hostlinks').style.display = (id === 'hostlinks') ? 'block' : 'none';
document.getElementById('doc-troubleshoot').style.display = (id === 'troubleshoot') ? 'block' : 'none';
}
</script>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink