Fix install.sh gaps and add missing schema tables

- Add sshpass to base packages (required by ProxyManager remote SSH)
- Add PORT_WEBMAIL to Apache ports.conf listen loop (was missing port 8883)
- Add systemctl nginx/apache2 to www-data sudoers (local proxy mode needs these)
- Fix cron to use real script paths: bin/collect-stats.php + bin/notify-checks.php
- Seed proxy_mode=disabled and proxy_apache_port=80 defaults after schema import
- Add api_rate_limits table (rate limiting middleware requires it)
- Add proxy_hosts table (ProxyManager requires it for host CRUD)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-09 10:40:37 +00:00
parent a2daaa1ea3
commit 4409a94d78
2 changed files with 35 additions and 4 deletions
+21
View File
@@ -381,4 +381,25 @@ CREATE TABLE IF NOT EXISTS dkim_keys (
CONSTRAINT fk_dkim_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS api_rate_limits (
ip VARCHAR(45) NOT NULL,
endpoint VARCHAR(32) NOT NULL,
hits INT UNSIGNED NOT NULL DEFAULT 1,
window_start INT UNSIGNED NOT NULL DEFAULT 0,
PRIMARY KEY (ip, endpoint)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS proxy_hosts (
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
account_id INT UNSIGNED,
domain VARCHAR(253) NOT NULL,
upstream VARCHAR(255) NOT NULL,
ssl_enabled TINYINT(1) NOT NULL DEFAULT 0,
enabled TINYINT(1) NOT NULL DEFAULT 1,
custom_config TEXT,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY uq_domain (domain),
CONSTRAINT fk_proxy_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE SET NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
SET foreign_key_checks = 1;
+14 -4
View File
@@ -134,7 +134,7 @@ apt-get update -qq >> "$LOG" 2>&1
apt-get upgrade -y -qq >> "$LOG" 2>&1
apt-get install -y -qq curl wget gnupg2 lsb-release ca-certificates \
software-properties-common apt-transport-https unzip git \
sudo cron logrotate ufw fail2ban >> "$LOG" 2>&1
sudo cron logrotate ufw fail2ban sshpass >> "$LOG" 2>&1
log "System packages updated"
# ── PHP multi-version setup ───────────────────────────────────────────────────
@@ -232,8 +232,8 @@ else
systemctl enable apache2 >> "$LOG" 2>&1
log "Apache2 installed"
# Tell Apache to listen on all three panel ports
for PORT in $PORT_USER $PORT_RESELLER $PORT_ADMIN; do
# Tell Apache to listen on all four panel ports
for PORT in $PORT_USER $PORT_RESELLER $PORT_ADMIN $PORT_WEBMAIL; do
grep -q "Listen $PORT" /etc/apache2/ports.conf 2>/dev/null || echo "Listen $PORT" >> /etc/apache2/ports.conf
done
@@ -512,6 +512,8 @@ if [[ -f /opt/novacpx-src/db/schema.sql ]]; then
# Create admin user
ADMIN_HASH=$(php -r "echo password_hash('${ADMIN_PASS}', PASSWORD_BCRYPT);")
mysql "$DB_NAME" -e "INSERT INTO users (username,password,email,role,status) VALUES ('admin','$ADMIN_HASH','root@localhost','admin','active') ON DUPLICATE KEY UPDATE password='$ADMIN_HASH';" >> "$LOG" 2>&1
# Seed proxy defaults
mysql "$DB_NAME" -e "INSERT INTO settings (\`key\`, value) VALUES ('proxy_mode','disabled'),('proxy_apache_port','80') ON DUPLICATE KEY UPDATE value=VALUES(value);" >> "$LOG" 2>&1
log "Database schema imported and admin user created"
fi
@@ -631,6 +633,13 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl restart fail2ban
www-data ALL=(root) NOPASSWD: /bin/systemctl reload fail2ban
www-data ALL=(root) NOPASSWD: /bin/systemctl start fail2ban
www-data ALL=(root) NOPASSWD: /bin/systemctl stop fail2ban
www-data ALL=(root) NOPASSWD: /bin/systemctl start nginx
www-data ALL=(root) NOPASSWD: /bin/systemctl stop nginx
www-data ALL=(root) NOPASSWD: /bin/systemctl restart nginx
www-data ALL=(root) NOPASSWD: /bin/systemctl reload nginx
www-data ALL=(root) NOPASSWD: /bin/systemctl restart apache2
www-data ALL=(root) NOPASSWD: /bin/systemctl reload apache2
www-data ALL=(root) NOPASSWD: /usr/sbin/nginx *
SUDOERS
chmod 440 /etc/sudoers.d/novacpx-firewall
log "Sudoers rules installed"
@@ -639,7 +648,8 @@ log "Sudoers rules installed"
step "Setting Up Cron Jobs"
cat > /etc/cron.d/novacpx <<CRON
# NovaCPX system cron jobs
*/5 * * * * www-data /usr/local/bin/php${PHP_DEFAULT} ${WEB_ROOT}/api/cron/monitor.php >> /var/log/novacpx/cron.log 2>&1
*/5 * * * * www-data /usr/bin/php${PHP_DEFAULT} ${WEB_ROOT}/bin/collect-stats.php >> /var/log/novacpx/cron.log 2>&1
0 0 * * * www-data /usr/bin/php${PHP_DEFAULT} ${WEB_ROOT}/bin/notify-checks.php >> /var/log/novacpx/cron.log 2>&1
0 * * * * root /usr/local/bin/novacpx-ssl-renew >> /var/log/novacpx/ssl.log 2>&1
0 2 * * * root /usr/local/bin/novacpx-backup >> /var/log/novacpx/backup.log 2>&1
*/1 * * * * root /usr/local/bin/novacpx-dns-sync >> /var/log/novacpx/dns.log 2>&1