Automatically add domains to PMG

Abdelrahman

Member
Dec 9, 2018
19
1
8
31
Hello,

Does PMG provide API to automatically add domains to "Relay domains, Transport and DKIM Sign?

Thank you
 
Dec 14, 2020
40
5
8
Australia
Hi there, you can do this with the pmgsh functionality at command-line.

You could go via the API as well if that's preferred. Have you read docs/manuals?

For example:

Code:
pmgsh help /config/domains --verbose
pmgsh help /config/transport --verbose

It looks like DKIM would be under pmgconfig, though I haven't looked into it extensively. :)
 

Abdelrahman

Member
Dec 9, 2018
19
1
8
31
Hi there, you can do this with the pmgsh functionality at command-line.

You could go via the API as well if that's preferred. Have you read docs/manuals?

For example:

Code:
pmgsh help /config/domains --verbose
pmgsh help /config/transport --verbose

It looks like DKIM would be under pmgconfig, though I haven't looked into it extensively. :)
Thanks a lot!
 

Abdelrahman

Member
Dec 9, 2018
19
1
8
31
What's the best way to get/put API calls using URLs with tokens or username and passwords?

https://pmg.proxmox.com/pmg-docs/api-viewer/index.html#/config/domains/{domain}

I tried GET, POST and PUT

https://pmg.xxx.com:8006/api2/json/config/transport/domains/?domain=test.com&comment=test

as "domain" and "comment" required here

but the return result from Postman is
401Unauthorized
Time:3.69 s
Size:197 B
Save Response
Pretty
Raw
Preview
Visualize
Text

I tried with username &password of course but still the same results...
https://pmg.xxx.com:8006/api2/json/...comment=test&username=test@test&password=test

Sorry, I'm not a developer ...
 
Last edited:
If you just want to run the API URLs in your browser, just login to the node and then run the API url in another browser tab. The API will use your current session cookie for the API calls -- very handy for testing out calls during dev.

Otherwise, if connecting to API from a script, like PHP, you need to create an access ticket and supply that when you are doing calls. https://pmg.proxmox.com/pmg-docs/api-viewer/index.html#/access/ticket - provide username, password, and realm (pmg) in a POST. It will return an access ticket and a CSRF token and you provide that ticket in a PMGAuthCookie cookie with along with CSRFPreventionToken http header that has the CSRP token.

PMG API uses the same, as far as I am aware, API authentication as proxmox ve. So if you find a script for proxmox ve that has the login, you can adapt it for PMG.

@Abdelrahman what is your goal here for the API? I mean do you want to intergrate in to a deployment system, control panel, or ?
 
  • Like
Reactions: Abdelrahman

Abdelrahman

Member
Dec 9, 2018
19
1
8
31
If you just want to run the API URLs in your browser, just login to the node and then run the API url in another browser tab. The API will use your current session cookie for the API calls -- very handy for testing out calls during dev.

Otherwise, if connecting to API from a script, like PHP, you need to create an access ticket and supply that when you are doing calls. https://pmg.proxmox.com/pmg-docs/api-viewer/index.html#/access/ticket - provide username, password, and realm (pmg) in a POST. It will return an access ticket and a CSRF token and you provide that ticket in a PMGAuthCookie cookie with along with CSRFPreventionToken http header that has the CSRP token.

PMG API uses the same, as far as I am aware, API authentication as proxmox ve. So if you find a script for proxmox ve that has the login, you can adapt it for PMG.

@Abdelrahman what is your goal here for the API? I mean do you want to intergrate in to a deployment system, control panel, or ?
I want to create a bash script to automatically add new domains from WHM/cPanel to PMG,
I already tried access/ticket and I got the CSRFPreventionToken

so how can I use this one?
PUT /api2/json/config/domains/{domain}?
https://pmg.proxmox.com:8006/api2/json/config/domains/xxx.com + CSRFPreventionToken + PMGAuthCookie ? ..
I got 401Unauthorized :( from Postman
 
Last edited:
You need to first get the access ticket via curl, wget, whatever and get the PMGAuthCookie and CSFR token into bash script variables. How you get those there is up to you. It returns a json, so you'll need to parse it out. Using the jq tool seems to be a commonly recommended method for json in bash.

Once you have the PMGAuthCookie and CSRF token in bash variables, you do curl, wget, whatever that can pass a cookie and header and do a POST. So for example, curl would be:

Bash:
curl --request POST \
-d "domain=$currentDomain" \
-d "comment=hosted-`hostname`" \
--cookie "$PMGcookie" \
--header "CSRFPreventionToken: $CSRFtoken" \
https://pmg-server.example.com:8006/api2/json/config/domains

Note that we're doing POST here and not PUT and we don't give the domain in the URL. PUT is only for updating an existing domain and using PUT while trying to add will lead to an error .
 

Abdelrahman

Member
Dec 9, 2018
19
1
8
31
You need to first get the access ticket via curl, wget, whatever and get the PMGAuthCookie and CSFR token into bash script variables. How you get those there is up to you. It returns a json, so you'll need to parse it out. Using the jq tool seems to be a commonly recommended method for json in bash.

Once you have the PMGAuthCookie and CSRF token in bash variables, you do curl, wget, whatever that can pass a cookie and header and do a POST. So for example, curl would be:

Bash:
curl --request POST \
-d "domain=$currentDomain" \
-d "comment=hosted-`hostname`" \
--cookie "$PMGcookie" \
--header "CSRFPreventionToken: $CSRFtoken" \
https://pmg-server.example.com:8006/api2/json/config/domains

Note that we're doing POST here and not PUT and we don't give the domain in the URL. PUT is only for updating an existing domain and using PUT while trying to add will lead to an error .
Got it .. I just did but I got an empty response, I checked on UI and I didn't see the domain added

Code:
root@pmg:~# curl --request POST \
> -d "domain=xxx.com" \
> -d "comment=hosted-`test`" \
> --cookie "PMG:apis@pmg:60E9F16F::xxxxxxxx" \
> --header "CSRFPreventionToken: xxxxx" \
> https://pmg.domain.com:8006/api2/json/config/domains
root@pmg:~#

what's this means?
 
You replaced "hostname" with "test" within the tildes and that is likely where the issue is as test is not a valid command. Putting something between tildes ("`") instructs bash to run that as as command and to use that output. You could remove that part if you want and just have the comment be: -d "comment=blah" .

Adding on --verbose to the curl will also help to determine errors from pmg.
 

Abdelrahman

Member
Dec 9, 2018
19
1
8
31
You replaced "hostname" with "test" within the tildes and that is likely where the issue is as test is not a valid command. Putting something between tildes ("`") instructs bash to run that as as command and to use that output. You could remove that part if you want and just have the comment be: -d "comment=blah" .

Adding on --verbose to the curl will also help to determine errors from pmg.
Note: Unnecessary use of -X or --request, POST is already inferred.
* Expire in 0 ms for 6 (transfer 0x56512641afb0)
* Closing connection -1
curl: (3) URL using bad/illegal format or missing URL
Note: Unnecessary use of -X or --request, POST is already inferred.
* Expire in 0 ms for 6 (transfer 0x56512641afb0)
* Expire in 1 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 1 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 1 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 1 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Expire in 0 ms for 1 (transfer 0x56512641afb0)
* Trying xxxx...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x56512641afb0)
* Connected to xxxxx (xxxx) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=xxxxx
* start date: May 16 03:33:49 2021 GMT
* expire date: Aug 14 03:33:49 2021 GMT
* subjectAltName: host "xxxx" matched cert's "xxxx"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> POST /api2/json/config/domains HTTP/1.1
> Host: xxxxxxxx
> User-Agent: curl/7.64.0
> Accept: */*
> Cookie: “xxxxxxx==”
> Content-Length: 42
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 42 out of 42 bytes
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 401 No ticket
< Cache-Control: max-age=0
< Connection: close
< Date: Mon, 12 Jul 2021 14:42:07 GMT
< Pragma: no-cache
< Server: pve-api-daemon/3.0
< Expires: Mon, 12 Jul 2021 14:42:07 GMT
<
* Closing connection 0
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!