diff --git a/infra/CLAUDE.md b/infra/CLAUDE.md index 8dc3ec2..a7648a7 100644 --- a/infra/CLAUDE.md +++ b/infra/CLAUDE.md @@ -37,11 +37,11 @@ All key hosts are on Tailscale (myronblair@gmail.com). Use Tailscale IPs for SSH | PVE1 (Proxmox) | orbisne.fortiddns.com (10.48.200.90) | `root / Joker1974!!!` (via Tailscale 100.80.188.8) | Primary hypervisor | | PVE2 (Proxmox) | 10.48.200.91 | `root / Joker1974!!!` | Secondary hypervisor | | JARVIS VM | 10.48.200.211 | `root / Joker1974!!!` (via Tailscale 100.77.178.42) | JARVIS dashboard — PVE1 VM 211, 8c/16GB | -| NPM VM | 10.48.200.201 | `root / Joker1974!!!` (via Tailscale 100.110.239.71) | Nginx Proxy Manager — PVE1 VM 200 (LAN IP .201 despite VM ID 200) | -| Ollama VM | 10.48.200.210 | `root / Joker1974!!!` (via Tailscale 100.96.100.113) | Local LLM — PVE1 VM 210, 4c/8GB | +| NPM VM | 10.48.200.201 | `root / Joker1974!!!` (via Tailscale 100.110.239.71) | Nginx Proxy Manager — PVE1 VM 105 (was VM200 pre-2026-06-22 restore; cloud-init says .200 but runs at .201) | +| Ollama VM | 10.48.200.210 | `root / Joker1974!!!` (via Tailscale 100.96.100.113) | Local LLM — PVE1 VM 106 (was VM210 pre-2026-06-22 restore), 4c/8GB | | Home Assistant | 10.48.200.97 | `myron → sudo` | HA VM 101 | | NetworkBackup | 10.48.200.99 | `myron → sudo` | Backup VM (PVE2 VM 302) | -| MediaStack | 10.48.200.35 | `root via PVE1 key` | Sonarr/Radarr/Prowlarr/qBittorrent (PVE1 VM 113) | +| MediaStack | 10.48.200.35 | `root via PVE1 key` | Sonarr/Radarr/Prowlarr/qBittorrent (PVE1 VM 103, was VM113 pre-2026-06-22 restore) | | NovaCPX | 10.48.200.110 | `root / Joker1974!!!` (direct SSH — Tailscale 100.86.51.18 needs re-auth) | Custom hosting control panel (PVE1 VM 120) | | NPM | 10.48.200.201 | `root / Joker1974!!!` (via Tailscale 100.110.239.71) | Nginx Proxy Manager — PVE1 VM 200 · NPM API: `POST http://localhost:81/api/tokens` identity=myronblair@outlook.com | @@ -231,6 +231,8 @@ Custom web hosting control panel (PVE1 VM 120, 10.48.200.110). Root SSH: `sshpas **Config notes:** `/etc/novacpx/config.ini` must have `server = nginx` (not apache) — VhostManager checks this to write the correct vhost format. +**⚠ After any restore from PBS backup:** config.ini reverts to `server = apache`. Always run: `sed -i "s/^server = apache/server = nginx/" /etc/novacpx/config.ini` after a restore. Also: PHP-FPM will fail to start if orphaned pool configs exist from pre-restore accounts — run the cleanup: `for f in /etc/php/8.3/fpm/pool.d/*.conf; do [[ "$f" == *"www.conf"* ]] && continue; u=$(basename "$f" .conf); id "$u" &>/dev/null || rm -f "$f"; done && systemctl start php8.3-fpm`. The `webacct` hosting account and its nginx vhost must be recreated after restore (Linux user survives but DB record and vhost are lost). + **GitHub:** `myronblair/novacpx` (private). Auto-deploy active: push to `main` (stable) or `beta` → webhook → VM pulls. GitHub Actions auto-bumps VERSION: main→PATCH, beta→-beta.N suffix. Current version: 1.0.40. **Update channels:** `stable` tracks `origin/main`, `beta` tracks `origin/beta`. Set in Admin → Settings → Update Channel. @@ -317,3 +319,27 @@ A SyntaxError in any panels/ file breaks only that group — other panels stay f | myronblair/fusionpbx-config | FusionPBX backup | PostgreSQL dump (gzip) + FS configs, restore.sh | All repos are private. Each has `config/vhost/` with OLS vhost config. The jarvis repo also has `deploy/` (watchdog, deploy runner, systemd units) and `agent/jarvis-agent.py`. + +## Split DNS (added 2026-06-21) + +PVE1 dnsmasq (`/etc/dnsmasq.d/forwarder.conf`) has split DNS entries so all NPM-proxied domains resolve to `10.48.200.201` (NPM internal IP) for LAN clients — bypasses FortiGate hairpin NAT for HTTPS: + +``` +address=/jarvis.orbishosting.com/10.48.200.201 +address=/hoa.orbishosting.com/10.48.200.201 +address=/novacpx.orbishosting.com/10.48.200.201 +address=/admin.novacpx.orbishosting.com/10.48.200.201 +address=/reseller.novacpx.orbishosting.com/10.48.200.201 +address=/panel.novacpx.orbishosting.com/10.48.200.201 +address=/web.orbishosting.com/10.48.200.201 +``` + +For any LAN device to use this: set DNS to `10.48.200.90` in Wi-Fi settings (or update FortiGate DHCP to push 10.48.200.90 as DNS for all clients). + +## NovaCPX Panel (updated 2026-06-22) + +Post-restore notes added — see `deploy/novacpx-post-restore.sh` which fixes config.ini, cleans pools, rebuilds webacct account. VM IDs changed after restore: MediaStack VM103, NPM VM105, Ollama VM106. Run script after any PBS restore. + +**NovaCPX v1.0.54** — security fixes (CORS, open redirect, CSS injection, exception leakage), subdomains (#36), parked domains (#37), account settings page (#38), better default index (#39), post-restore script (#50), collapsible nav (#48). + +**web.orbishosting.com** — Blair HQ dashboard with server-backed notes (notes.php → /home/webacct/notes.json). Password: myronblair@outlook.com / Joker1974!!! diff --git a/ols-vhosts/site-list.txt b/ols-vhosts/site-list.txt index f296429..8455b67 100644 --- a/ols-vhosts/site-list.txt +++ b/ols-vhosts/site-list.txt @@ -1,8 +1,8 @@ -# Websites on DO server — 2026-06-21 +# Websites on DO server — 2026-06-28 - epictravelexpeditions.com (5.4M) - orbishosting.com (114M) -- orbis.orbishosting.com (312K) +- orbis.orbishosting.com (316K) - parkerslingshotrentals.com (1.6M) - tomsjavajive.com (8.0M) - tomtomgames.com (4.4M)