mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
Add DKIM auto-provisioning, OS/panel self-update with self-healing
- AccountManager: auto-generate DKIM keypair + inject SPF/DKIM/DMARC DNS records on account create - AccountManager: rotateDKIM() method for key rotation with new selector - New dkim.php endpoint: list/view/rotate/provision DKIM keys per domain - schema.sql: add dkim_keys table - install.sh: install opendkim, wire into Postfix milter, fix dotfile copy (. vs *), fix config.ini permissions (root:www-data 640), copy VERSION to web root, add opendkim to service restart - api/index.php: fix NOVACPX_ROOT path (was 2 levels too high), fix CORS ports (8880-8883), VERSION fallback to /opt/novacpx-src - api/.htaccess: route all /api/* requests through index.php - system.php: check-os-update, apply-os-update (self-healing: auto-restart downed services, restore web root if panel ports go down), check-novacpx-update, apply-novacpx-update (PHP syntax validation before deploy, backup + restore on failure) - admin.js: Updates page now shows both NovaCPX panel updates and OS package upgrades in one section; sidebar badge shows combined count Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+27
-3
@@ -364,6 +364,28 @@ apt-get install -y -qq proftpd-basic proftpd-mod-mysql >> "$LOG" 2>&1
|
||||
systemctl enable proftpd >> "$LOG" 2>&1
|
||||
log "ProFTPD installed"
|
||||
|
||||
# ── OpenDKIM ─────────────────────────────────────────────────────────────────
|
||||
step "Installing OpenDKIM"
|
||||
apt-get install -y -qq opendkim opendkim-tools >> "$LOG" 2>&1
|
||||
mkdir -p /etc/opendkim/keys
|
||||
cat >> /etc/opendkim/opendkim.conf <<DKIM
|
||||
Mode sv
|
||||
Canonicalization relaxed/simple
|
||||
KeyTable /etc/opendkim/key.table
|
||||
SigningTable refile:/etc/opendkim/signing.table
|
||||
ExternalIgnoreList refile:/etc/opendkim/trusted.hosts
|
||||
InternalHosts refile:/etc/opendkim/trusted.hosts
|
||||
DKIM
|
||||
touch /etc/opendkim/key.table /etc/opendkim/signing.table
|
||||
echo "127.0.0.1\nlocalhost" > /etc/opendkim/trusted.hosts
|
||||
chown -R opendkim:opendkim /etc/opendkim
|
||||
# Wire opendkim into Postfix
|
||||
postconf -e "milter_default_action = accept" >> "$LOG" 2>&1
|
||||
postconf -e "smtpd_milters = local:/run/opendkim/opendkim.sock" >> "$LOG" 2>&1
|
||||
postconf -e "non_smtpd_milters = local:/run/opendkim/opendkim.sock" >> "$LOG" 2>&1
|
||||
systemctl enable opendkim >> "$LOG" 2>&1
|
||||
log "OpenDKIM installed"
|
||||
|
||||
# ── SSL Certificate ───────────────────────────────────────────────────────────
|
||||
step "Generating Self-Signed SSL (Panel)"
|
||||
mkdir -p /etc/novacpx/ssl
|
||||
@@ -452,10 +474,11 @@ mkdir -p "$WEB_ROOT" "$PANEL_DIR"
|
||||
|
||||
# Install panel files from GitHub
|
||||
if [[ -d /opt/novacpx-src ]]; then
|
||||
cp -r /opt/novacpx-src/panel/public/* "$WEB_ROOT/"
|
||||
cp -r /opt/novacpx-src/panel/public/. "$WEB_ROOT/"
|
||||
cp -r /opt/novacpx-src/panel/api "$WEB_ROOT/api"
|
||||
cp -r /opt/novacpx-src/panel/lib "$WEB_ROOT/lib"
|
||||
cp -r /opt/novacpx-src/panel/lib /opt/novacpx/lib
|
||||
cp /opt/novacpx-src/VERSION "$WEB_ROOT/VERSION" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Write config
|
||||
@@ -480,7 +503,8 @@ version = ${NOVACPX_VERSION}
|
||||
server = ${WEB_SERVER}
|
||||
php_default = ${PHP_DEFAULT}
|
||||
CONFIG
|
||||
chmod 600 /etc/novacpx/config.ini
|
||||
chown root:www-data /etc/novacpx/config.ini
|
||||
chmod 640 /etc/novacpx/config.ini
|
||||
|
||||
# Import database schema
|
||||
if [[ -f /opt/novacpx-src/db/schema.sql ]]; then
|
||||
@@ -580,7 +604,7 @@ else
|
||||
systemctl restart apache2 >> "$LOG" 2>&1
|
||||
fi
|
||||
$INSTALL_MYSQL && systemctl restart mysql >> "$LOG" 2>&1
|
||||
systemctl restart postfix dovecot proftpd named >> "$LOG" 2>&1
|
||||
systemctl restart postfix dovecot proftpd named opendkim >> "$LOG" 2>&1
|
||||
log "All services started"
|
||||
|
||||
# ── Done ─────────────────────────────────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user