lighttpd migration/ttyd proxy/auth

[iamromulan]

@snowzach @dr-dolomite
I've merged @snowzach 's PR after a few edits/changes however there is a bug fix todo list I will start to look into today.

Goals from this merge:

• Ditch httpd for lighttpd and it's auth/proxy features

• Make simpleadmin more secure by using port 80 to redirect to 443 SSL (no more 8080)

• Require a username/password to access simpleadmin (we may move to have 80 http serve just the stats only with a "login" button in the nav that redirects to 443/full simpleadmin behind auth. Lets talk about this more)

• Add ttyd as part of simpleadmin. This involves taking advantage of the lighttpd proxy (/console will proxy to ttyd)

• Update the tookit sh to be dynamic as possible when handling update scenarios (no matter what revison of toolkit install that is installed). Since entware/opkg is a major dependency of simpleadmin now, and ttyd will be changing how/where it listens, existing installations will need to be modified. I have already made some improvements to the ensure_entware function as it needed to be more aggressive. I tried to account for each possible scenario dependent upon when entware was originally installed. If any new element is missing in a current installation It should add those in. Ttyd installation is also something that needs to be modified. I'm trying to account for a scenario where a user is utilizing ttyd to run the toolkit instead of ssh or adb. As a result I moved to choosing to use systemd to update it. This is using a mechanism of the new simpleupdates process. It downloads a script to update a particular thing, makes it executable, then runs it. With ttyd I've opted to have the script create a seperate script in /tmp and a service unit to be ran in order to actually update ttyd. This makes it so it can continue to run the update process when the ttyd session is inevitably killed.

Bugs at this point:

• TTL does not work (something to do with edits to simplefirewall?) Setting TTL does not work, it can be read.

  • This has something to do with the change to lighttpd: It cannot read the ttl file or set it while the toolkit can. CGI issue?
  • lighttpd is not ran as root anymore causing permission issues

• Multi-session login doesn't seem to function properly (if you are logged in somewhere else the server doesn't respond elsewhere?)

  • I was having issues with this but it seeems to be fixed after coreecting the correct service file for ttyd to be installed.
  • I still think we need to add a way (even a logout button) to manage login sessions. Login timeout?
  • @dr-dolomite has mentioned a JS based /auth page instead of lighttpd auth which will probably be a better experience

• No way to logout other than waiting a while (Add a way to log out?)

• The password for lighttpd auth is limited to only 8 characters (@snowzach not sure about this one lol)

  • This has been solved by using the htpasswd utility from Apache. You can now set the simpleadmin password at anytime by running simplepasswd from the console.

• If tailscale web UI is installed it was using 8088, that caused a conflict with moving to 8088 for ttyd. In fact the service unit for ttyd became masked at startup. Not sure if they are related or not. I can tell you that the tailscale web UI doesn't seem to like the proxy but we can look further into this if we want to proxy to the tailscale web ui in the future as well.

  • This has been fixed. ttyd set to 8080; proxy set to look for 8080

• Not a bug exactly, but lets move the contents of the lighttpd directory to the simpleadmin directory in order to keep things organized. Paths will need to be updated accordingly elsewhere

  • Completed