novacpx/docs/admin-guide.md

NovaCPX — Administrator Guide

Accessing the Admin Panel

The admin panel runs on port 8882. Navigate to https://<server-ip>:8882 and log in with your admin credentials.

The browser will show a self-signed certificate warning on a fresh install. Accept it, or replace the certificate at /etc/novacpx/ssl/ with a trusted cert and restart Apache.

Dashboard

The dashboard shows real-time server stats (CPU, RAM, disk, uptime), running services with restart/stop controls, and NovaCPX version information.

Click Check for Updates to see if a newer version is available.

Accounts

Accounts → All Accounts lists every hosting account on the server. From this page you can:

• Search by domain or username
• Suspend / Unsuspend an account (suspending disables the web vhost and sends an email notification to the account holder)
• Change Password for any account
• Terminate an account permanently (deletes files, databases, DNS zone, email accounts — irreversible)

Creating an account

Accounts → Create Account

Field	Notes
Username	Lowercase, alphanumeric. Creates a Linux system user.
Domain	Primary domain for the account. A DNS zone and vhost are created automatically.
Email	Account holder's email. Receives the welcome notification.
Password	Min 8 characters. Also set as the Linux system password.
Package	Disk/resource limits applied to the account.
PHP version	Per-account PHP-FPM pool version.
Reseller	(Optional) Assign account to a reseller.

After creation, the welcome email (if notifications are enabled) is sent to the account holder with login credentials.

Resellers

Accounts → Resellers manages reseller sub-admin accounts. Resellers can create and manage their own customer accounts, set per-customer Docker quotas, and apply white-label branding.

To create a reseller, go to Accounts → Create Account and select the Reseller role.

Packages

Define hosting plans. Each package sets limits on:

• Disk (MB)
• Email accounts
• MySQL databases
• FTP accounts
• Domains
• Subdomains

Accounts without a package have no enforced limits.

DNS

DNS Zones

Lists all DNS zones on the server. You can add, edit, and delete DNS records directly. Zones are managed by BIND9 and reloaded via rndc.

Supported record types: A, AAAA, CNAME, MX, TXT, NS, SRV, CAA.

Nameservers

Set the global NS1/NS2 hostnames used when creating new zones. After saving, click Check All to verify the nameservers are resolving correctly.

Services

Web Server

Shows Apache or Nginx configuration. Switch between web servers. The switch script runs in the background — check the page again after ~30 seconds to confirm.

PHP Manager

Install or remove PHP versions (7.4, 8.1, 8.2, 8.3). Each version gets its own PHP-FPM pool. Accounts can be assigned any installed version.

MySQL Manager

Shows MySQL status and running databases. Provides a link to phpMyAdmin if installed.

Mail Server

Shows Postfix/Dovecot status. Switch mail server stack (postfix-dovecot or postfix-dovecot-rspamd).

FTP Server

Shows FTP daemon status. Switch between ProFTPD, vsftpd, and PureFTPD.

Nginx Proxy Manager

Reverse proxy management for additional services. The Nginx Proxy Manager runs as a Docker container. Use Setup to configure it.

WordPress Manager

One-click WordPress installs via WP-CLI. Actions: install, update, toggle maintenance mode, clone to staging.

Docker

Full Docker Engine management:

• Containers — run, stop, start, restart, remove, view logs
• Images — pull, list, remove
• Volumes and Networks — list, remove
• Compose Stacks — create from YAML, bring up/down, view logs

Security

SSL Manager

View SSL certificates for all accounts. Certificates issued via Certbot (Let's Encrypt). The domain must resolve publicly for issuance to succeed.

Firewall / Fail2Ban

Manage UFW rules (allow/deny by port, protocol, and IP). View and unban Fail2Ban jail entries. NovaCPX jails monitor:

• SSH brute-force (sshd)
• Panel login failures (novacpx-auth)
• API abuse (novacpx-api)
• PHP error flooding (novacpx-php)
• Postfix SMTP auth (postfix-auth)

Audit Log

Full log of all admin, reseller, and user actions. Filter by username, action type, and date range. Click any row to expand the raw JSON detail payload.

2FA Manager

Manage TOTP two-factor authentication. Admins can view which accounts have 2FA enabled and reset (revoke) 2FA for a user if they lose their authenticator.

Sessions

View all active login sessions. Revoke individual sessions or all sessions for a specific user. Useful for forcing a logout after a password reset.

System

Updates

Check for NovaCPX and OS updates. Results are cached for 12 hours so the page loads instantly; click ↻ Refresh now to force a live check.

Update channels (set in Settings):

Channel	GitHub branch	Versioning
Stable	main	Major/minor releases (e.g. 1.1.0)
Beta	beta	Patch and pre-release (e.g. 1.1.1-beta.3)

The Updates page shows your installed version, the latest available version for your channel, and pending commits. Click Update NovaCPX to pull and deploy. PHP syntax is validated before deploy; if the panel goes down after update it auto-restores from a backup.

OS Upgrade streams apt-get upgrade output in real time. A backup of the web root is made before upgrading.

Backups

Schedule and manage per-account backups:

• Backup now — immediate backup of files + databases
• Download — download a backup archive
• Restore — restore files and databases from a backup
• Schedule — set automatic backup frequency per account
• Optional rclone/S3 remote destination

Cloudflare

Per-account Cloudflare API key management. Pull/push DNS zone records, toggle the CDN proxy per record.

Server Options

Configure which services NovaCPX manages:

Setting	Options
Web server	apache, nginx, openlitespeed, caddy
Mail server	postfix-dovecot, postfix-dovecot-rspamd
FTP server	proftpd, vsftpd, pureftpd
DNS server	bind9, powerdns, nsd, none
WHMCS	Enable and configure the billing bridge API key

Notifications

Configure email alerts sent via CyberMail:

Field	Notes
CyberMail API Key	From platform.cyberpersons.com
From Email	Sender address (must be a verified sender domain)
From Name	Display name shown in email clients
Admin Alert Email	Receives admin copies of all notifications
Notifications	Enable or disable all outbound notifications

Click Send Test Email to verify the configuration.

Notification triggers:

• Account created → welcome email to new user + admin alert
• Account suspended → notification to account holder + admin alert
• Disk quota ≥ 85% → daily warning (cron, 06:00)
• SSL certificate expiring ≤ 14 days → expiry notice (cron, 06:00)

Settings

Panel-wide settings. All values are loaded from the database when the page opens and saved individually.

Setting	Description
Panel Name	Name shown in the browser title and sidebar
Default PHP Version	PHP version applied to new accounts (7.4, 8.1, 8.2, 8.3)
Primary Nameserver	NS1 hostname shown to users when setting up DNS
Secondary Nameserver	NS2 hostname
Update Channel	Stable (main branch) or Beta (beta branch) — controls which GitHub branch the Updates page checks and deploys from

WHMCS Billing Bridge

NovaCPX exposes a WHMCS-compatible server module API at /api/whmcs/<action>. Enable it in Server Options and set the API key. The WHMCS module calls these endpoints to provision, suspend, and terminate accounts automatically.

Supported actions: create, suspend, unsuspend, terminate, changepackage, info.

Authenticate with the X-WHMCS-Key: <api_key> header.

Log files

File	Contents
/var/log/novacpx/deploy.log	Auto-deploy activity
/var/log/novacpx/stats-collector.log	Server stats cron output
/var/log/novacpx/notify-checks.log	Disk/SSL notification cron output
/var/log/novacpx/switch-*.log	Service switch script output