diff --git a/panel/lib/ProxyManager.php b/panel/lib/ProxyManager.php index fd87c64..86d7e91 100644 --- a/panel/lib/ProxyManager.php +++ b/panel/lib/ProxyManager.php @@ -3,12 +3,54 @@ * ProxyManager — manages Nginx reverse proxy for NovaCPX hosted accounts. * Supports local nginx (on same VM) or remote nginx (separate proxy VM via SSH). * - * Settings keys: + * ── INTENDED ENVIRONMENT ──────────────────────────────────────────────────── + * This proxy feature is designed for Proxmox VE (or similar Linux + * hypervisor / LXC / KVM environments) where you run NovaCPX on one VM + * and dedicate a lightweight container (Debian/Ubuntu LXC, 512MB RAM, + * 1 vCPU) purely to nginx as a reverse proxy. + * + * Typical stack on Proxmox: + * CT 120 NovaCPX VM 10.48.200.110 — Apache + PHP, panel on :8880–8883 + * CT 121 Proxy LXC 10.48.200.112 — nginx only, public ports 80/443 + * FortiGate VIPs route 80/443 → 10.48.200.112 + * + * The panel pushes nginx vhost configs to the proxy VM via SSH and can + * start/stop/reload nginx remotely — all from Admin → Nginx Proxy. + * + * ── NON-PROXMOX / BARE-METAL / OTHER HYPERVISORS ──────────────────────────── + * The feature works on any Linux environment. Requirements: + * + * 1. A second Linux VM or server accessible by SSH from NovaCPX. + * (AWS EC2, DigitalOcean droplet, VMware VM, Hyper-V, bare-metal — all fine.) + * 2. SSH password auth enabled for root (or another sudo user). + * 3. The proxy VM must be able to reach NovaCPX's Apache (port 80) via LAN/VPN. + * 4. sshpass must be installed on the NovaCPX server: apt-get install -y sshpass + * + * Configuration (Admin → Nginx Proxy → Settings): + * Mode: remote + * Remote host: + * Remote user: root + * Remote pass: + * Backend IP: + * + * One-time setup: click "Run Setup on Remote VM" — it installs nginx, + * removes the default site, and creates the NovaCPX catch-all. + * After that, add proxy hosts per domain from Admin → Nginx Proxy → Add Host. + * + * ── LOCAL MODE (nginx on same VM as NovaCPX) ──────────────────────────────── + * Apache must be moved off port 80/443 first: + * 1. Edit /etc/apache2/ports.conf → change Listen 80 to Listen 8090 + * 2. Restart Apache: systemctl restart apache2 + * 3. Set proxy_backend_ip = 127.0.0.1 and all upstreams to http://127.0.0.1:8090 + * 4. Set Mode = local, click Install Nginx Locally + * 5. Click Sync Accounts to populate proxy hosts + * + * ── Settings keys stored in `settings` table ──────────────────────────────── * proxy_mode — 'disabled' | 'local' | 'remote' * proxy_remote_host — IP/hostname of remote nginx VM * proxy_remote_user — SSH user (default: root) * proxy_remote_pass — SSH password - * proxy_backend_ip — IP of NovaCPX Apache server (used when syncing proxy hosts) + * proxy_backend_ip — IP of NovaCPX Apache (used when syncing proxy hosts) */ class ProxyManager { diff --git a/panel/public/assets/js/admin.js b/panel/public/assets/js/admin.js index cc0be01..04d8c42 100644 --- a/panel/public/assets/js/admin.js +++ b/panel/public/assets/js/admin.js @@ -2802,48 +2802,75 @@ window.proxyDeleteHost = (id, domain) => { }; window.proxySetupInstructions = async () => { - const scriptUrl = '/api/proxy/setup-script'; Nova.modal('Nginx Proxy Setup Guide', ` -
-

Option A — Local (Nginx on this VM)

-

Install Nginx alongside Apache on this VM. Nginx listens on ports 80/443 and forwards to Apache. Best for SSL termination and caching.

-
    -
  1. Click Install Nginx Locally on the main Nginx Proxy page
  2. -
  3. Move Apache to port 8080: edit /etc/apache2/ports.conf → change Listen 80 to Listen 8080
  4. -
  5. Update upstream in all proxy hosts to http://127.0.0.1:8080
  6. -
  7. Click Sync Accounts to auto-populate proxy hosts from your hosted accounts
  8. -
  9. Click Reload Config to apply changes
  10. -
+
-

Option B — Remote Proxy VM (Recommended for production)

-

Run a dedicated Nginx proxy VM in front of this NovaCPX VM. Traffic flows: Internet → FortiGate → Nginx Proxy VM → NovaCPX VM (Apache).

-
    -
  1. Create a new VM on Proxmox (Ubuntu 22.04, 1 vCPU, 1GB RAM)
  2. -
  3. Run the setup script below on the new VM as root
  4. -
  5. Point FortiGate VIPs to the proxy VM IP (ports 80/443)
  6. -
  7. Set the proxy upstream to this NovaCPX VM IP (http://10.48.200.110:80)
  8. -
  9. Add proxy hosts for each domain from your NovaCPX admin panel
  10. -
- -

Automated Setup Script

-

Run this on the target VM (local or remote) as root:

-
- curl -sk https://YOUR_NOVACPX_IP:8882/api/proxy/setup-script | bash -
-

Or download and review before running:

-
- curl -sk https://YOUR_NOVACPX_IP:8882/api/proxy/setup-script -o proxy-setup.sh
- cat proxy-setup.sh # review
- bash proxy-setup.sh +
+ Designed for Proxmox (or any Linux hypervisor)
+ + Run NovaCPX on one VM and a lightweight Debian LXC as the nginx proxy. + The panel pushes configs and controls nginx via SSH. + Works equally well on VMware, AWS, DigitalOcean, bare-metal — see Option C below. +
-

Integration with VirtualHost Manager

-

When proxy mode is active, NovaCPX automatically:

-
    -
  • Creates a proxy host entry for every new account
  • -
  • Removes the proxy host when an account is terminated
  • -
  • Re-generates Nginx config on every account change
  • -
  • Uses account SSL certs automatically if SSL is enabled on the proxy host
  • +

    Option A — Proxmox LXC (Recommended)

    +

    Create a 512MB Debian 12 LXC on the same Proxmox node. Costs almost no resources.

    +
      +
    1. In Proxmox: Create CT → Debian 12 → 512MB RAM, 8GB disk, same bridge as NovaCPX VM
    2. +
    3. Boot the LXC, set root password
    4. +
    5. Go to Settings → set Mode=Remote, enter the LXC IP, root password, and this VM's IP as Backend IP
    6. +
    7. Click Run Setup on Remote VM — watch live progress
    8. +
    9. Point your router/firewall port 80/443 to the LXC IP
    10. +
    11. Click Sync Accounts to auto-populate proxy hosts
    12. +
    + +

    Option B — Other hypervisors (VMware, Hyper-V, KVM)

    +

    Same flow — any Debian/Ubuntu VM reachable by SSH works.

    +
      +
    1. Create a Debian/Ubuntu VM (1 vCPU, 512MB RAM)
    2. +
    3. Enable SSH root login: PermitRootLogin yes in /etc/ssh/sshd_config
    4. +
    5. Install sshpass on the NovaCPX server: apt-get install -y sshpass
    6. +
    7. Follow steps 3–6 from Option A above
    8. +
    + +

    Option C — Cloud / Remote Server (AWS, DigitalOcean, etc.)

    +

    NovaCPX pushes configs via public SSH. The proxy VM's public IP handles port 80/443; it forwards to NovaCPX over a private network or VPN.

    +
      +
    1. Provision a small Debian droplet/instance in the same region or with low latency to NovaCPX
    2. +
    3. Open port 22 (SSH) from NovaCPX's IP only; open 80/443 from anywhere
    4. +
    5. Set Backend IP to NovaCPX's IP reachable from the cloud proxy (use VPN/private IP if possible)
    6. +
    7. In Settings: set Remote Host to the cloud server's public IP or hostname
    8. +
    9. Click Run Setup, then Sync Accounts
    10. +
    + +

    Option D — Local nginx on this VM

    +

    Not recommended — requires moving Apache off port 80/443 first.

    +
      +
    1. Edit /etc/apache2/ports.conf → change Listen 80 to Listen 8090, restart Apache
    2. +
    3. Set Settings → Mode = Local, Backend IP = 127.0.0.1
    4. +
    5. Click Install Nginx Locally
    6. +
    7. Set upstream http://127.0.0.1:8090 on all proxy hosts
    8. +
    9. Click Sync Accounts
    10. +
    + +

    Settings Reference (Admin → Nginx Proxy → Settings)

    + + + + + + + +
    FieldDescription
    Modedisabled / remote / local
    Remote HostIP or hostname of nginx proxy VM (SSH target)
    Remote UserSSH user on proxy VM (default: root)
    Remote PasswordSSH password (stored encrypted in DB)
    Backend IPIP of this NovaCPX Apache — used in auto-generated proxy upstream URLs
    + +

    How it works

    +
      +
    • Each domain gets an nginx vhost config on the proxy VM, proxying to Apache on the backend IP
    • +
    • Configs are pushed automatically when accounts are created/terminated or manually via Sync Accounts
    • +
    • The panel starts/stops/reloads nginx on the proxy VM over SSH
    • +
    • Every 5 minutes the health check verifies nginx is running and restarts it if not
    • +
    • Use Uninstall to remove proxy configs or wipe nginx from the remote VM entirely
`, null, { cancelLabel: 'Close', showConfirm: false });