💻 onifast-panel

Central administrator dashboard for MySQL, isolated system accounts, PAM layers, and Telegram telemetry.

Control Panel Go Engine PAM Auth Multi-User Scopes

The Onifast Panel is the central administrative web application for the entire Onifast hosting stack. Written in Go, it provides a dual-mode interface: a Root Panel for server administrators and a User Panel for hosted accounts.

Central Operations Hub

All panel sessions are secured via Linux PAM authentication, ensuring that only valid system users can log in.

The panel embeds its HTML templates and static assets directly into the binary (embed.FS), meaning no external web server is required to serve the UI. It manages the full hosting lifecycle: from creating Linux users and MySQL databases to DNS zones, SSL certificates, PHP configuration, FTP accounts, backups and more.

Independent Go Modules

The panel is composed of standalone Go modules, each managing a specific feature domain:

mod_user.goUser CRUD, quotas, resources
mod_domain.goDomains & DNS zone init
mod_ssl.goSSL ACME provisioning
mod_mail.goAddresses & SMTP configs
mod_ftp.goVirtual FTP account management
mod_backup.goBackups & local archives
mod_backup_s3.goS3 cloud backups offloading
mod_files.goFile manager web editor
mod_scheduler.goCron jobs and tasks
mod_dns.goDNS record configurations
mod_php.goPHP pools & FPM configs
mod_ipblocker.goFail2ban IP firewall

Port Allocations

Port Mode Description
4048 Root HTTP Non-SSL login & redirect (internal path)
4049 User HTTP Non-SSL login & SSL setup (internal path)
4050 Root HTTPS Dual-mode HTTPS — primary root admin access hub
4051 User HTTPS Dual-mode HTTPS — user panel access portal
Access Reference
Access the root panel at https://your-domain:4050 and user panel at https://your-domain:4051. phpMyAdmin is accessible at /phpmyadmin on both ports.

Linux PAM Authentication

Login is handled via Linux PAM (Pluggable Authentication Modules). Any valid system user with the correct password can log in. The panel differentiates between root (full admin) and regular users (scoped to their resources).

Brute-Force Mitigations (Math CAPTCHA)

The login form presents a simple arithmetic CAPTCHA (e.g. 3 + 4) to mitigate brute-force attacks. The answer is stored in the session server-side.

Session Management

Sessions use gorilla/sessions with a 15-minute inactivity timeout (MaxAge: 900). Each request refreshes the timer. Sessions are port-scoped — root and user panels maintain separate cookies.

Account Suspension

Non-root accounts can be suspended via the panel. A suspended user receives an error message at login without revealing the suspension reason externally.

License Verification

Every login triggers a license check via mod_license.go. The panel supports an offline grace mode if the license server is unreachable.

Telegram Notifications

Both successful and failed logins trigger Telegram notifications via the BroadcastNotification function, including the username, IP address and timestamp.

Configuration Matrix

The panel parses properties from /home/root/onifast/config/serverconfig.json at startup:

Key Name Description
bind_config.ns1 Primary nameserver hostname (DNS)
bind_config.ns2 Secondary nameserver hostname (DNS)
bind_config.server_ip Public IP address of this server
mysql_config.DB_HOST MySQL database host (default: 127.0.0.1)
mysql_config.DB_USER MySQL username (default: root)
mysql_config.DB_PASS MySQL account password
hostname Server display name or identity
ftp_port FTP control port (default: 2121)
ssh_port SSH port for web terminal access
s3_storage_path Path template for S3 storage (use {username} placeholder)
s3_allow_create_bucket Allow users to spawn custom S3 buckets (bool)
domain_tunnel Relay domain mapped for smart subdomain routing
timezone Server time configuration zone string

Systemd Service Configuration

The panel service is deployed as a standard background daemon:

systemd 
[Unit]
Description=Onifast Panel
After=network.target

[Service]
ExecStart=/home/root/go/onifast-panel
WorkingDirectory=/home/root/go
Restart=always

[Install]
WantedBy=multi-user.target

Operational Management

Run these standard systemd commands to start, enable, and monitor status:

bash 
# Enable and launch immediately
sudo systemctl enable --now onifast-panel

# Check current status
sudo systemctl status onifast-panel

Internal API Endpoints

Other services communicate back to the panel via internal HTTP endpoints (restricted to localhost):

Endpoint Method Description
/api/internal/notify POST Send Telegram notification alert for user event
/api/internal/log/add POST Add audit log entry to activity tables
/api/internal/ssl/generate GET Trigger ACME SSL certificate generation (on port 4030)
Security Rule
Internal API endpoints only accept connections from 127.0.0.1. Never expose ports 4030, 4031, 4032, 4033 to the public internet.
Copied snippet to clipboard!