mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
Fix install.sh gaps and add missing schema tables
- Add sshpass to base packages (required by ProxyManager remote SSH) - Add PORT_WEBMAIL to Apache ports.conf listen loop (was missing port 8883) - Add systemctl nginx/apache2 to www-data sudoers (local proxy mode needs these) - Fix cron to use real script paths: bin/collect-stats.php + bin/notify-checks.php - Seed proxy_mode=disabled and proxy_apache_port=80 defaults after schema import - Add api_rate_limits table (rate limiting middleware requires it) - Add proxy_hosts table (ProxyManager requires it for host CRUD) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -381,4 +381,25 @@ CREATE TABLE IF NOT EXISTS dkim_keys (
|
|||||||
CONSTRAINT fk_dkim_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE CASCADE
|
CONSTRAINT fk_dkim_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE CASCADE
|
||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS api_rate_limits (
|
||||||
|
ip VARCHAR(45) NOT NULL,
|
||||||
|
endpoint VARCHAR(32) NOT NULL,
|
||||||
|
hits INT UNSIGNED NOT NULL DEFAULT 1,
|
||||||
|
window_start INT UNSIGNED NOT NULL DEFAULT 0,
|
||||||
|
PRIMARY KEY (ip, endpoint)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS proxy_hosts (
|
||||||
|
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
|
||||||
|
account_id INT UNSIGNED,
|
||||||
|
domain VARCHAR(253) NOT NULL,
|
||||||
|
upstream VARCHAR(255) NOT NULL,
|
||||||
|
ssl_enabled TINYINT(1) NOT NULL DEFAULT 0,
|
||||||
|
enabled TINYINT(1) NOT NULL DEFAULT 1,
|
||||||
|
custom_config TEXT,
|
||||||
|
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||||
|
UNIQUE KEY uq_domain (domain),
|
||||||
|
CONSTRAINT fk_proxy_acct FOREIGN KEY (account_id) REFERENCES accounts(id) ON DELETE SET NULL
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||||
|
|
||||||
SET foreign_key_checks = 1;
|
SET foreign_key_checks = 1;
|
||||||
|
|||||||
+14
-4
@@ -134,7 +134,7 @@ apt-get update -qq >> "$LOG" 2>&1
|
|||||||
apt-get upgrade -y -qq >> "$LOG" 2>&1
|
apt-get upgrade -y -qq >> "$LOG" 2>&1
|
||||||
apt-get install -y -qq curl wget gnupg2 lsb-release ca-certificates \
|
apt-get install -y -qq curl wget gnupg2 lsb-release ca-certificates \
|
||||||
software-properties-common apt-transport-https unzip git \
|
software-properties-common apt-transport-https unzip git \
|
||||||
sudo cron logrotate ufw fail2ban >> "$LOG" 2>&1
|
sudo cron logrotate ufw fail2ban sshpass >> "$LOG" 2>&1
|
||||||
log "System packages updated"
|
log "System packages updated"
|
||||||
|
|
||||||
# ── PHP multi-version setup ───────────────────────────────────────────────────
|
# ── PHP multi-version setup ───────────────────────────────────────────────────
|
||||||
@@ -232,8 +232,8 @@ else
|
|||||||
systemctl enable apache2 >> "$LOG" 2>&1
|
systemctl enable apache2 >> "$LOG" 2>&1
|
||||||
log "Apache2 installed"
|
log "Apache2 installed"
|
||||||
|
|
||||||
# Tell Apache to listen on all three panel ports
|
# Tell Apache to listen on all four panel ports
|
||||||
for PORT in $PORT_USER $PORT_RESELLER $PORT_ADMIN; do
|
for PORT in $PORT_USER $PORT_RESELLER $PORT_ADMIN $PORT_WEBMAIL; do
|
||||||
grep -q "Listen $PORT" /etc/apache2/ports.conf 2>/dev/null || echo "Listen $PORT" >> /etc/apache2/ports.conf
|
grep -q "Listen $PORT" /etc/apache2/ports.conf 2>/dev/null || echo "Listen $PORT" >> /etc/apache2/ports.conf
|
||||||
done
|
done
|
||||||
|
|
||||||
@@ -512,6 +512,8 @@ if [[ -f /opt/novacpx-src/db/schema.sql ]]; then
|
|||||||
# Create admin user
|
# Create admin user
|
||||||
ADMIN_HASH=$(php -r "echo password_hash('${ADMIN_PASS}', PASSWORD_BCRYPT);")
|
ADMIN_HASH=$(php -r "echo password_hash('${ADMIN_PASS}', PASSWORD_BCRYPT);")
|
||||||
mysql "$DB_NAME" -e "INSERT INTO users (username,password,email,role,status) VALUES ('admin','$ADMIN_HASH','root@localhost','admin','active') ON DUPLICATE KEY UPDATE password='$ADMIN_HASH';" >> "$LOG" 2>&1
|
mysql "$DB_NAME" -e "INSERT INTO users (username,password,email,role,status) VALUES ('admin','$ADMIN_HASH','root@localhost','admin','active') ON DUPLICATE KEY UPDATE password='$ADMIN_HASH';" >> "$LOG" 2>&1
|
||||||
|
# Seed proxy defaults
|
||||||
|
mysql "$DB_NAME" -e "INSERT INTO settings (\`key\`, value) VALUES ('proxy_mode','disabled'),('proxy_apache_port','80') ON DUPLICATE KEY UPDATE value=VALUES(value);" >> "$LOG" 2>&1
|
||||||
log "Database schema imported and admin user created"
|
log "Database schema imported and admin user created"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -631,6 +633,13 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl restart fail2ban
|
|||||||
www-data ALL=(root) NOPASSWD: /bin/systemctl reload fail2ban
|
www-data ALL=(root) NOPASSWD: /bin/systemctl reload fail2ban
|
||||||
www-data ALL=(root) NOPASSWD: /bin/systemctl start fail2ban
|
www-data ALL=(root) NOPASSWD: /bin/systemctl start fail2ban
|
||||||
www-data ALL=(root) NOPASSWD: /bin/systemctl stop fail2ban
|
www-data ALL=(root) NOPASSWD: /bin/systemctl stop fail2ban
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/systemctl start nginx
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/systemctl stop nginx
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/systemctl restart nginx
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/systemctl reload nginx
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/systemctl restart apache2
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/systemctl reload apache2
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/nginx *
|
||||||
SUDOERS
|
SUDOERS
|
||||||
chmod 440 /etc/sudoers.d/novacpx-firewall
|
chmod 440 /etc/sudoers.d/novacpx-firewall
|
||||||
log "Sudoers rules installed"
|
log "Sudoers rules installed"
|
||||||
@@ -639,7 +648,8 @@ log "Sudoers rules installed"
|
|||||||
step "Setting Up Cron Jobs"
|
step "Setting Up Cron Jobs"
|
||||||
cat > /etc/cron.d/novacpx <<CRON
|
cat > /etc/cron.d/novacpx <<CRON
|
||||||
# NovaCPX system cron jobs
|
# NovaCPX system cron jobs
|
||||||
*/5 * * * * www-data /usr/local/bin/php${PHP_DEFAULT} ${WEB_ROOT}/api/cron/monitor.php >> /var/log/novacpx/cron.log 2>&1
|
*/5 * * * * www-data /usr/bin/php${PHP_DEFAULT} ${WEB_ROOT}/bin/collect-stats.php >> /var/log/novacpx/cron.log 2>&1
|
||||||
|
0 0 * * * www-data /usr/bin/php${PHP_DEFAULT} ${WEB_ROOT}/bin/notify-checks.php >> /var/log/novacpx/cron.log 2>&1
|
||||||
0 * * * * root /usr/local/bin/novacpx-ssl-renew >> /var/log/novacpx/ssl.log 2>&1
|
0 * * * * root /usr/local/bin/novacpx-ssl-renew >> /var/log/novacpx/ssl.log 2>&1
|
||||||
0 2 * * * root /usr/local/bin/novacpx-backup >> /var/log/novacpx/backup.log 2>&1
|
0 2 * * * root /usr/local/bin/novacpx-backup >> /var/log/novacpx/backup.log 2>&1
|
||||||
*/1 * * * * root /usr/local/bin/novacpx-dns-sync >> /var/log/novacpx/dns.log 2>&1
|
*/1 * * * * root /usr/local/bin/novacpx-dns-sync >> /var/log/novacpx/dns.log 2>&1
|
||||||
|
|||||||
Reference in New Issue
Block a user