diff --git a/README.md b/README.md index aff706a..88a87f3 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ A modern web hosting control panel for WordPress and general PHP hosting. Built with Laravel 12, Filament v5, Livewire 4, and Tailwind CSS v4. -Version: 0.9-rc17 (release candidate) +Version: 0.9-rc19 (release candidate) This is a release candidate. Expect rapid iteration and breaking changes until 1.0. diff --git a/VERSION b/VERSION index 21e6f7f..66db36f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -VERSION=0.9-rc17 +VERSION=0.9-rc19 diff --git a/app/Filament/Admin/Pages/Waf.php b/app/Filament/Admin/Pages/Waf.php index 9ac0bd5..8eb8126 100644 --- a/app/Filament/Admin/Pages/Waf.php +++ b/app/Filament/Admin/Pages/Waf.php @@ -56,7 +56,20 @@ class Waf extends Page implements HasForms protected function detectWaf(): bool { - return file_exists('/etc/nginx/modsec/main.conf') || file_exists('/etc/nginx/modsecurity.conf'); + $paths = [ + '/etc/nginx/modsec/main.conf', + '/etc/nginx/modsecurity.conf', + '/etc/modsecurity/modsecurity.conf', + '/etc/modsecurity/modsecurity.conf-recommended', + ]; + + foreach ($paths as $path) { + if (file_exists($path)) { + return true; + } + } + + return false; } protected function getForms(): array @@ -72,7 +85,9 @@ class Waf extends Page implements HasForms Section::make(__('WAF Settings')) ->schema([ Toggle::make('enabled') - ->label(__('Enable ModSecurity')), + ->label(__('Enable ModSecurity')) + ->disabled(fn () => ! $this->wafInstalled) + ->helperText(fn () => $this->wafInstalled ? null : __('ModSecurity is not installed. Install it to enable WAF.')), Select::make('paranoia') ->label(__('Paranoia Level')) ->options([ @@ -92,18 +107,33 @@ class Waf extends Page implements HasForms public function saveWafSettings(): void { $data = $this->wafForm->getState(); - Setting::set('waf_enabled', ! empty($data['enabled']) ? '1' : '0'); + $requestedEnabled = ! empty($data['enabled']); + if ($requestedEnabled && ! $this->wafInstalled) { + $requestedEnabled = false; + } + + Setting::set('waf_enabled', $requestedEnabled ? '1' : '0'); Setting::set('waf_paranoia', (string) ($data['paranoia'] ?? '1')); Setting::set('waf_audit_log', ! empty($data['audit_log']) ? '1' : '0'); try { $agent = new AgentClient; $agent->wafApplySettings( - ! empty($data['enabled']), + $requestedEnabled, (string) ($data['paranoia'] ?? '1'), ! empty($data['audit_log']) ); + if (! $this->wafInstalled && ! empty($data['enabled'])) { + Notification::make() + ->title(__('ModSecurity is not installed')) + ->body(__('WAF was disabled automatically. Install ModSecurity to enable it.')) + ->warning() + ->send(); + + return; + } + Notification::make() ->title(__('WAF settings applied')) ->success() diff --git a/bin/jabali-agent b/bin/jabali-agent index c6f9d38..700f425 100755 --- a/bin/jabali-agent +++ b/bin/jabali-agent @@ -4029,7 +4029,9 @@ function domainCreate(array $params): array $userHome = $userInfo['dir']; $uid = $userInfo['uid']; $gid = $userInfo['gid']; - + + ensureJabaliNginxIncludeFiles(); + // Create domain directories $domainRoot = "{$userHome}/domains/{$domain}"; $publicHtml = "{$domainRoot}/public_html"; diff --git a/install.sh b/install.sh index cfa1493..6abeb61 100755 --- a/install.sh +++ b/install.sh @@ -12,7 +12,7 @@ set -e # Version - will be read from VERSION file after clone, this is fallback -JABALI_VERSION="0.9-rc17" +JABALI_VERSION="0.9-rc19" # Colors RED='\033[0;31m' @@ -1001,6 +1001,16 @@ configure_nginx() { chmod 600 "$ssl_dir/panel.key" chmod 644 "$ssl_dir/panel.crt" + # Ensure Jabali Nginx include files exist for WAF/Geo includes + local jabali_includes="/etc/nginx/jabali/includes" + mkdir -p "$jabali_includes" + if [[ ! -f "$jabali_includes/waf.conf" ]]; then + echo "# Managed by Jabali" > "$jabali_includes/waf.conf" + fi + if [[ ! -f "$jabali_includes/geo.conf" ]]; then + echo "# Managed by Jabali" > "$jabali_includes/geo.conf" + fi + # Create Jabali site config with HTTPS and HTTP redirect cat > /etc/nginx/sites-available/${SERVER_HOSTNAME} << NGINX # Redirect HTTP to HTTPS