From 60004a29d60f4bf54f6a539b504731de80d2d59a Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Sun, 21 Jun 2026 03:44:36 +0000 Subject: [PATCH] fix: default web server to nginx, add php-fpm pool cron, sudoers for pool rm, disable apache on install (#49) Co-Authored-By: Claude Sonnet 4.6 Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ --- install.sh | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index fe841bf..9dcd27c 100644 --- a/install.sh +++ b/install.sh @@ -30,7 +30,7 @@ info() { echo -e "${BLUE}[→]${NC} $*" | tee -a "$LOG"; } step() { echo -e "\n${BOLD}━━━ $* ━━━${NC}" | tee -a "$LOG"; } # ── Argument parsing ────────────────────────────────────────────────────────── -WEB_SERVER="apache" +WEB_SERVER="nginx" INSTALL_MYSQL=true INSTALL_POSTGRES=true @@ -722,6 +722,9 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl reload php*-fpm www-data ALL=(root) NOPASSWD: /bin/systemctl restart php*-fpm www-data ALL=(root) NOPASSWD: /bin/systemctl start php*-fpm www-data ALL=(root) NOPASSWD: /bin/systemctl stop php*-fpm +www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/php/*/fpm/pool.d/* +www-data ALL=(root) NOPASSWD: /bin/rm -f /etc/php/*/fpm/pool.d/*.conf +www-data ALL=(root) NOPASSWD: /usr/bin/rm -f /etc/php/*/fpm/pool.d/*.conf # Web config file management (scoped paths only) www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/conf.d/* www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-available/* @@ -757,9 +760,32 @@ cat > /etc/cron.d/novacpx <> /var/log/novacpx/backup.log 2>&1 */1 * * * * root /usr/local/bin/novacpx-dns-sync >> /var/log/novacpx/dns.log 2>&1 CRON + +# PHP-FPM pool cleanup + deferred reload (runs every minute as root) +# Removes orphaned pool configs for deleted Linux users before reloading, +# preventing php-fpm from failing to start due to missing user references. +(crontab -l 2>/dev/null | grep -v "novacpx-fpm-reload"; echo '* * * * * for f in /etc/php/*/fpm/pool.d/*.conf; do [[ "$f" == *"www.conf"* ]] && continue; u=$(basename "$f" .conf); id "$u" &>/dev/null || rm -f "$f"; done; for flag in /tmp/novacpx-fpm-reload-*; do [ -f "$flag" ] && ver=$(basename "$flag" | sed s/novacpx-fpm-reload-//) && rm -f "$flag" && systemctl reload php${ver}-fpm 2>/dev/null; done') | crontab - mkdir -p /var/log/novacpx log "Cron jobs installed" +# ── Disable conflicting web servers ─────────────────────────────────────────── +step "Disabling Conflicting Web Servers" +if [[ "$WEB_SERVER" == "nginx" ]]; then + systemctl stop apache2 2>/dev/null || true + systemctl disable apache2 2>/dev/null || true + # Replace nginx default site with a 444 connection-close so unmatched + # vhosts don't accidentally serve Apache's default HTML page + cat > /etc/nginx/sites-available/default <<'NGINXDEFAULT' +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 444; +} +NGINXDEFAULT + log "Apache2 disabled; nginx default site set to return 444" +fi + # ── Restart services ────────────────────────────────────────────────────────── step "Starting All Services" if [[ "$WEB_SERVER" == "nginx" ]]; then