[orbis] Weekly backup 2026-06-09 — 52 files changed, 2700 insertions(+)

This commit is contained in:
DO Server Backup
2026-06-09 03:53:55 +00:00
parent 5b1f83b1ea
commit 34e2485b9a
52 changed files with 2700 additions and 0 deletions
+48
View File
@@ -0,0 +1,48 @@
# DO Server Infrastructure
DigitalOcean server at 165.22.1.228 (CyberPanel / OpenLiteSpeed).
## Directory Structure
- `cron/` — Root crontab (CyberPanel + JARVIS entries)
- `systemd/` — Custom systemd service units
- `agent/` — JARVIS agent config template
## Deploy workflow
1. Edit code in site repos (myronblair/*)
2. `git push origin main`
3. On server: `cd /home/<site>/public_html && git pull origin main`
## JARVIS agent install
```bash
cp agent/config.json /opt/jarvis-agent/config.json
systemctl enable jarvis-agent
systemctl start jarvis-agent
```
## Cloudflare Rocket Loader — IMPORTANT
JARVIS (and all sites) sit behind Cloudflare with **Rocket Loader enabled**.
Rocket Loader does two things that break JavaScript login forms:
1. Changes `<script>` tag `type` to a fake value, deferring execution.
2. Injects `if (!window.__cfRLUnblockHandlers) return false;` into **every**
`onclick=`, `onkeydown=`, and other inline HTML event attributes,
blocking them until Rocket Loader finishes loading.
### Rules for any page with JavaScript that must run immediately:
- Add `data-cfasync="false"` to ALL `<script>` tags.
- **Never use inline event handler attributes** (`onclick=`, `onkeydown=`, etc.)
on HTML elements — Rocket Loader will block them.
- Attach all event listeners via `addEventListener()` in JavaScript.
- Use `XMLHttpRequest` instead of `fetch()` for auth calls (more compatible).
- Put scripts **after** their target DOM elements (end of body), not in `<head>`,
so the elements exist when the script runs without needing DOMContentLoaded.
### Current login implementation (jarvis repo: public_html/login.html)
Standalone `/login.html` page handles all auth. `index.html` redirects to
`/login.html` if no `jarvis_token` in sessionStorage.
- Script is at end of body, after elements, with `data-cfasync="false"`
- All handlers attached via `addEventListener` — no inline attributes
- Uses XHR (not fetch) to POST to `/api/auth`