myron
6fdccc6dbd
feat: items #9-13 — password change, webmail SSO, DKIM live, file manager security, cache busting
...
#9 auth.php: add self-service change-password action (current+new+confirm)
accounts.php: fix admin change-password — accept account_id, fetch username
for chpasswd (was using int ID), add Auth::require('admin') guard
user.js: add Change Password page + navItem + submitChangePassword()
#10 EmailManager: store AES-256-CBC enc_password alongside SHA512-CRYPT hash
webmail.php: rewrite login-url to use webmail_sso_tokens table
novacpx-sso.php: Roundcube SSO bridge (validate token, decrypt, autosubmit)
Migration 005: add enc_password column + webmail_sso_tokens table
#11 opendkim: installed, configured (/etc/opendkim.conf, signing.table,
key.table, trusted.hosts), socket at /var/spool/postfix/opendkim/,
Postfix milter wired, service enabled+running, key generation verified
#12 files.php: fix safe_path() for non-existent paths (write/mkdir),
add safe_path_new() helper using parent-dir realpath check,
fix delete guard (block deleting account root dirs),
fix rename destination, clamp chmod to 0777
#13 nova.js: api() handles network errors, 429 rate-limit with retry-after,
non-JSON responses (PHP fatal pages) — graceful error instead of throw
admin/user/reseller index.php: filemtime-based cache-busting on all assets
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-08 01:19:33 +00:00
myron
1e5a0a0210
Add DKIM auto-provisioning, OS/panel self-update with self-healing
...
- AccountManager: auto-generate DKIM keypair + inject SPF/DKIM/DMARC DNS records on account create
- AccountManager: rotateDKIM() method for key rotation with new selector
- New dkim.php endpoint: list/view/rotate/provision DKIM keys per domain
- schema.sql: add dkim_keys table
- install.sh: install opendkim, wire into Postfix milter, fix dotfile copy (. vs *), fix config.ini permissions (root:www-data 640), copy VERSION to web root, add opendkim to service restart
- api/index.php: fix NOVACPX_ROOT path (was 2 levels too high), fix CORS ports (8880-8883), VERSION fallback to /opt/novacpx-src
- api/.htaccess: route all /api/* requests through index.php
- system.php: check-os-update, apply-os-update (self-healing: auto-restart downed services, restore web root if panel ports go down), check-novacpx-update, apply-novacpx-update (PHP syntax validation before deploy, backup + restore on failure)
- admin.js: Updates page now shows both NovaCPX panel updates and OS package upgrades in one section; sidebar badge shows combined count
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-07 15:54:15 +00:00
myron
e94dc719c8
feat: feature registry, auto-deploy, IP management, Docker support
...
Feature Manager (70+ features across 20 categories):
- Web servers: Apache2, nginx, OpenLiteSpeed, Varnish
- PHP: 7.4/8.1/8.2/8.3 multi-version, Composer
- Databases: MySQL 8, MariaDB, PostgreSQL, Redis, Memcached, phpMyAdmin, phpPgAdmin
- Email: Postfix, Dovecot, Roundcube, RainLoop, SpamAssassin, Rspamd, DKIM
- DNS: BIND9, PowerDNS
- FTP: ProFTPD, vsftpd, Pure-FTPd
- SSL: Certbot/Let's Encrypt, acme.sh
- Security: Fail2Ban, ModSecurity WAF, ImunifyAV, ClamAV, UFW, CrowdSec
- Containers: Docker Engine, Docker Compose, Portainer CE, per-account Docker hosting
- IP Management: Shared IPs (SNI), Dedicated IPs, IPv6
- Monitoring: Netdata, AWStats, GoAccess, Grafana+Prometheus
- Backup: BorgBackup, rclone (S3/B2/GCS), Duplicati
- CDN: Cloudflare API, PageSpeed Module
- Dev: Gitea, Phusion Passenger, JupyterHub
- One-click apps: WordPress+WP-CLI, auto-installer (50+ apps)
- Billing: WHMCS bridge, BoxBilling
- Reseller: White label, custom nameservers
- Notifications: Email, Slack, Telegram
- Compliance: Auditd, OSSEC HIDS
Auto-deploy pipeline (deploy/):
- webhook.php: HMAC-verified GitHub push webhook
- deploy-runner.sh: PHP syntax validation → git pull → rsync → DB migrations → PHP-FPM reload
- setup-deploy.sh: one-shot setup script, outputs GitHub webhook config
- Runs every minute via cron; locked to prevent concurrent deploys
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-07 05:11:36 +00:00
myron
e802443d4a
feat: NovaCPX v1.0.0 initial scaffold
...
Full hosting control panel with 3 tiers: Admin, Reseller, User.
- install.sh: unattended installer for Ubuntu 20/22/24 + Debian 11/12
- PHP multi-version (7.4/8.1/8.2/8.3), Apache2/nginx choice, MySQL, PostgreSQL
- BIND9 DNS, Postfix+Dovecot mail, ProFTPD, Certbot SSL, UFW, Fail2Ban
- 18-table DB schema with audit log and version tracking
- PHP REST API (auth, system/updates, server stats, service control)
- Admin panel: dark dashboard, service manager, git-based update system
- User panel: usage rings + feature card grid (distinct from cPanel)
- VERSION file: git-tracked; Admin > Updates panel shows/applies git commits
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-07 05:05:30 +00:00