From 4409a94d78a7abb6d67a9bf9b57a0c70f09aafcd Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Tue, 9 Jun 2026 10:40:37 +0000 Subject: [PATCH] Fix install.sh gaps and add missing schema tables - Add sshpass to base packages (required by ProxyManager remote SSH) - Add PORT_WEBMAIL to Apache ports.conf listen loop (was missing port 8883) - Add systemctl nginx/apache2 to www-data sudoers (local proxy mode needs these) - Fix cron to use real script paths: bin/collect-stats.php + bin/notify-checks.php - Seed proxy_mode=disabled and proxy_apache_port=80 defaults after schema import - Add api_rate_limits table (rate limiting middleware requires it) - Add proxy_hosts table (ProxyManager requires it for host CRUD) Co-Authored-By: Claude Sonnet 4.6 --- db/schema.sql | 21 +++++++++++++++++++++ install.sh | 18 ++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/db/schema.sql b/db/schema.sql index 642aba8..41d3998 100644 --- a/db/schema.sql +++ b/db/schema.sql @@ -381,4 +381,25 @@ CREATE TABLE IF NOT EXISTS dkim_keys ( CONSTRAINT fk_dkim_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; +CREATE TABLE IF NOT EXISTS api_rate_limits ( + ip VARCHAR(45) NOT NULL, + endpoint VARCHAR(32) NOT NULL, + hits INT UNSIGNED NOT NULL DEFAULT 1, + window_start INT UNSIGNED NOT NULL DEFAULT 0, + PRIMARY KEY (ip, endpoint) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE IF NOT EXISTS proxy_hosts ( + id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, + account_id INT UNSIGNED, + domain VARCHAR(253) NOT NULL, + upstream VARCHAR(255) NOT NULL, + ssl_enabled TINYINT(1) NOT NULL DEFAULT 0, + enabled TINYINT(1) NOT NULL DEFAULT 1, + custom_config TEXT, + created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + UNIQUE KEY uq_domain (domain), + CONSTRAINT fk_proxy_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE SET NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + SET foreign_key_checks = 1; diff --git a/install.sh b/install.sh index 1f583d4..5f00979 100644 --- a/install.sh +++ b/install.sh @@ -134,7 +134,7 @@ apt-get update -qq >> "$LOG" 2>&1 apt-get upgrade -y -qq >> "$LOG" 2>&1 apt-get install -y -qq curl wget gnupg2 lsb-release ca-certificates \ software-properties-common apt-transport-https unzip git \ - sudo cron logrotate ufw fail2ban >> "$LOG" 2>&1 + sudo cron logrotate ufw fail2ban sshpass >> "$LOG" 2>&1 log "System packages updated" # ── PHP multi-version setup ─────────────────────────────────────────────────── @@ -232,8 +232,8 @@ else systemctl enable apache2 >> "$LOG" 2>&1 log "Apache2 installed" - # Tell Apache to listen on all three panel ports - for PORT in $PORT_USER $PORT_RESELLER $PORT_ADMIN; do + # Tell Apache to listen on all four panel ports + for PORT in $PORT_USER $PORT_RESELLER $PORT_ADMIN $PORT_WEBMAIL; do grep -q "Listen $PORT" /etc/apache2/ports.conf 2>/dev/null || echo "Listen $PORT" >> /etc/apache2/ports.conf done @@ -512,6 +512,8 @@ if [[ -f /opt/novacpx-src/db/schema.sql ]]; then # Create admin user ADMIN_HASH=$(php -r "echo password_hash('${ADMIN_PASS}', PASSWORD_BCRYPT);") mysql "$DB_NAME" -e "INSERT INTO users (username,password,email,role,status) VALUES ('admin','$ADMIN_HASH','root@localhost','admin','active') ON DUPLICATE KEY UPDATE password='$ADMIN_HASH';" >> "$LOG" 2>&1 + # Seed proxy defaults + mysql "$DB_NAME" -e "INSERT INTO settings (\`key\`, value) VALUES ('proxy_mode','disabled'),('proxy_apache_port','80') ON DUPLICATE KEY UPDATE value=VALUES(value);" >> "$LOG" 2>&1 log "Database schema imported and admin user created" fi @@ -631,6 +633,13 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl restart fail2ban www-data ALL=(root) NOPASSWD: /bin/systemctl reload fail2ban www-data ALL=(root) NOPASSWD: /bin/systemctl start fail2ban www-data ALL=(root) NOPASSWD: /bin/systemctl stop fail2ban +www-data ALL=(root) NOPASSWD: /bin/systemctl start nginx +www-data ALL=(root) NOPASSWD: /bin/systemctl stop nginx +www-data ALL=(root) NOPASSWD: /bin/systemctl restart nginx +www-data ALL=(root) NOPASSWD: /bin/systemctl reload nginx +www-data ALL=(root) NOPASSWD: /bin/systemctl restart apache2 +www-data ALL=(root) NOPASSWD: /bin/systemctl reload apache2 +www-data ALL=(root) NOPASSWD: /usr/sbin/nginx * SUDOERS chmod 440 /etc/sudoers.d/novacpx-firewall log "Sudoers rules installed" @@ -639,7 +648,8 @@ log "Sudoers rules installed" step "Setting Up Cron Jobs" cat > /etc/cron.d/novacpx <> /var/log/novacpx/cron.log 2>&1 +*/5 * * * * www-data /usr/bin/php${PHP_DEFAULT} ${WEB_ROOT}/bin/collect-stats.php >> /var/log/novacpx/cron.log 2>&1 +0 0 * * * www-data /usr/bin/php${PHP_DEFAULT} ${WEB_ROOT}/bin/notify-checks.php >> /var/log/novacpx/cron.log 2>&1 0 * * * * root /usr/local/bin/novacpx-ssl-renew >> /var/log/novacpx/ssl.log 2>&1 0 2 * * * root /usr/local/bin/novacpx-backup >> /var/log/novacpx/backup.log 2>&1 */1 * * * * root /usr/local/bin/novacpx-dns-sync >> /var/log/novacpx/dns.log 2>&1