From adc073b751284b40ae52cd3d3b472913706c6b40 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 4 Feb 2026 17:16:29 +0200 Subject: [PATCH] Add ops, security, and troubleshooting docs --- doccs/site/astro.config.mjs | 2 +- doccs/site/src/content/docs/operations.md | 58 ++++++++++++ .../src/content/docs/platform/cli-cookbook.md | 89 +++++++++++++++++++ doccs/site/src/content/docs/quickstart.md | 55 ++++++++++++ doccs/site/src/content/docs/security.md | 36 ++++++++ .../site/src/content/docs/troubleshooting.md | 45 ++++++++++ 6 files changed, 284 insertions(+), 1 deletion(-) create mode 100644 doccs/site/src/content/docs/operations.md create mode 100644 doccs/site/src/content/docs/platform/cli-cookbook.md create mode 100644 doccs/site/src/content/docs/quickstart.md create mode 100644 doccs/site/src/content/docs/security.md create mode 100644 doccs/site/src/content/docs/troubleshooting.md diff --git a/doccs/site/astro.config.mjs b/doccs/site/astro.config.mjs index b7a56f3..5029cd4 100644 --- a/doccs/site/astro.config.mjs +++ b/doccs/site/astro.config.mjs @@ -16,7 +16,7 @@ export default defineConfig({ sidebar: [ { label: 'Getting Started', - items: [{ label: 'Overview', slug: 'overview' }, { label: 'Installation', slug: 'install' }], + items: [{ label: 'Overview', slug: 'overview' }, { label: 'Installation', slug: 'install' }, { label: 'Quickstart', slug: 'quickstart' }, { label: 'Operations', slug: 'operations' }, { label: 'Security', slug: 'security' }, { label: 'Troubleshooting', slug: 'troubleshooting' }], }, { label: 'Admin Panel', diff --git a/doccs/site/src/content/docs/operations.md b/doccs/site/src/content/docs/operations.md new file mode 100644 index 0000000..097f19d --- /dev/null +++ b/doccs/site/src/content/docs/operations.md @@ -0,0 +1,58 @@ +--- +title: Operations and Maintenance +--- + +This page covers routine operations for stable, predictable hosting. + +## Backups + +- Use the admin backups page to configure schedules and retention. +- Test restore workflows on a staging account before relying on them. +- Keep at least one offsite destination configured. + +## Upgrades + +From the panel directory: + +``` +cd /var/www/jabali +php artisan jabali:upgrade +``` + +Check for updates only: + +``` +php artisan jabali:upgrade --check +``` + +## Service health + +Key services: + +- `jabali-agent` +- `jabali-queue` +- `jabali-health-monitor` + +Check status: + +``` +systemctl status jabali-agent jabali-queue jabali-health-monitor +``` + +Restart if needed: + +``` +sudo systemctl restart jabali-agent jabali-queue jabali-health-monitor +``` + +## Log locations + +- Panel logs: `/var/www/jabali/storage/logs` +- Nginx logs: `/var/log/nginx` +- System services: `journalctl -u ` + +## Common maintenance tasks + +- Rotate or archive old backups to control disk usage. +- Review failed jobs and mail queues regularly. +- Audit admin users and remove unused accounts. diff --git a/doccs/site/src/content/docs/platform/cli-cookbook.md b/doccs/site/src/content/docs/platform/cli-cookbook.md new file mode 100644 index 0000000..0ef5743 --- /dev/null +++ b/doccs/site/src/content/docs/platform/cli-cookbook.md @@ -0,0 +1,89 @@ +--- +title: CLI Cookbook +--- + +This page provides practical CLI examples. For the full command list, see the CLI reference. + +## Backups + +Create a backup for a user: + +``` +jabali backup create +``` + +Restore a backup to a user: + +``` +jabali backup restore --user= +``` + +## cPanel migration + +Analyze a cPanel archive: + +``` +jabali cpanel analyze +``` + +Restore a cPanel archive into a user: + +``` +jabali cpanel restore +``` + +## DNS + +List DNS zones: + +``` +jabali dns zones list +``` + +Create a new DNS zone: + +``` +jabali dns zones create example.com --template=default +``` + +## SSL + +Issue a certificate: + +``` +jabali ssl issue example.com +``` + +Renew all certificates: + +``` +jabali ssl renew --all +``` + +## Users + +Create a user: + +``` +jabali users create user@example.com --plan=starter +``` + +Suspend a user: + +``` +jabali users suspend user@example.com +``` + +## Help and discovery + +List all commands: + +``` +jabali --help +``` + +Get help for a specific command: + +``` +jabali --help +``` diff --git a/doccs/site/src/content/docs/quickstart.md b/doccs/site/src/content/docs/quickstart.md new file mode 100644 index 0000000..14968ba --- /dev/null +++ b/doccs/site/src/content/docs/quickstart.md @@ -0,0 +1,55 @@ +--- +title: Quickstart Checklist +--- + +This checklist helps you go from a fresh server to a verified, working panel. + +## Pre-flight + +- Fresh Debian 12 or 13 (no existing web/mail stack). +- DNS points the panel host to the server IP. +- PTR (reverse DNS) set for the mail hostname. +- Ports open: 22, 80, 443, 25, 465, 587, 993, 995, 53. + +## Install + +``` +curl -fsSL https://raw.githubusercontent.com/shukiv/jabali-panel/main/install.sh | sudo bash +``` + +Optional flags: + +- `JABALI_MINIMAL=1` for core-only install +- `JABALI_FULL=1` to force all optional components + +## First login + +- Admin panel: `https://your-host/jabali-admin` +- User panel: `https://your-host/jabali-panel` +- Webmail: `https://your-host/webmail` + +## Post-install verification + +1) Check services: + +``` +systemctl status jabali-agent jabali-queue jabali-health-monitor +``` + +2) Check SSL: + +- Open the admin panel URL and confirm HTTPS is valid. + +3) Check mail flow: + +- Create a test mailbox and send/receive via SMTP/IMAP. + +4) Check DNS: + +- If hosting DNS, confirm zone creation and record updates. + +## Common fixes + +- If the panel does not load, check nginx and ports 80/443. +- If background jobs stall, check `jabali-queue` service status. +- If agent actions fail, check `jabali-agent` service status. diff --git a/doccs/site/src/content/docs/security.md b/doccs/site/src/content/docs/security.md new file mode 100644 index 0000000..268b15a --- /dev/null +++ b/doccs/site/src/content/docs/security.md @@ -0,0 +1,36 @@ +--- +title: Security Hardening +--- + +Use this page as a baseline security checklist. + +## Core practices + +- Use SSH keys and disable password auth where possible. +- Enable 2FA for all admin accounts. +- Keep the OS up to date with regular security patches. + +## Firewall and intrusion prevention + +- Validate firewall rules match your required ports. +- Enable Fail2ban and review ban logs. + +## Mail security + +- Confirm PTR, SPF, DKIM, and DMARC records. +- Review mail logs and reject spikes. + +## SSL and TLS + +- Ensure certificates renew automatically. +- Use strong TLS settings and disable obsolete protocols. + +## Least privilege + +- Limit admin access to known IPs when possible. +- Remove unused accounts and API tokens. + +## Demo mode + +- Demo environments should be isolated and read-only. +- Never reuse demo credentials in production. diff --git a/doccs/site/src/content/docs/troubleshooting.md b/doccs/site/src/content/docs/troubleshooting.md new file mode 100644 index 0000000..ee0ad29 --- /dev/null +++ b/doccs/site/src/content/docs/troubleshooting.md @@ -0,0 +1,45 @@ +--- +title: Troubleshooting +--- + +Common issues and where to look first. + +## Panel does not load + +- Check nginx: `systemctl status nginx` +- Confirm ports 80/443 are open. +- Verify DNS points to the server IP. + +## Agent actions fail + +- Check agent service: + +``` +systemctl status jabali-agent +journalctl -u jabali-agent -n 200 --no-pager +``` + +## Background jobs not running + +- Check queue service: + +``` +systemctl status jabali-queue +journalctl -u jabali-queue -n 200 --no-pager +``` + +## SSL issuance issues + +- Confirm DNS for the domain resolves to the server. +- Check nginx logs: `/var/log/nginx/error.log` + +## Mail delivery problems + +- Verify PTR and DNS records (SPF, DKIM, DMARC). +- Review mail logs: `/var/log/mail.log` (path may vary by distro). + +## Logs + +- Panel logs: `/var/www/jabali/storage/logs` +- Nginx logs: `/var/log/nginx` +- Systemd logs: `journalctl -u `