new changes

YakPanel-server/backend/app/models/backup_plan.py

@@ -13,3 +13,7 @@ class BackupPlan(Base):
     target_id: Mapped[int] = mapped_column(Integer, nullable=False)  # site_id or database_id
     schedule: Mapped[str] = mapped_column(String(64), nullable=False)  # cron expression, e.g. "0 2 * * *" = daily 2am
     enabled: Mapped[bool] = mapped_column(Boolean, default=True)
+    # Optional S3-compatible copy after local backup (uses AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY env).
+    s3_bucket: Mapped[str] = mapped_column(String(256), default="")
+    s3_endpoint: Mapped[str] = mapped_column(String(512), default="")
+    s3_key_prefix: Mapped[str] = mapped_column(String(256), default="")

YakPanel-server/backend/app/models/site.py

@@ -16,6 +16,14 @@ class Site(Base):
     project_type: Mapped[str] = mapped_column(String(32), default="PHP")
     php_version: Mapped[str] = mapped_column(String(16), default="74")  # 74, 80, 81, 82
     force_https: Mapped[int] = mapped_column(Integer, default=0)  # 0=off, 1=redirect HTTP to HTTPS
+    # Reverse proxy: when proxy_upstream is non-empty, vhost uses proxy_pass instead of PHP root.
+    proxy_upstream: Mapped[str] = mapped_column(String(512), default="")  # e.g. http://127.0.0.1:3000
+    proxy_websocket: Mapped[int] = mapped_column(Integer, default=0)  # 1 = Upgrade headers for WS
+    # HTTP basic auth for a path prefix (nginx auth_basic). user_file = htpasswd path on server.
+    dir_auth_path: Mapped[str] = mapped_column(String(256), default="")
+    dir_auth_user_file: Mapped[str] = mapped_column(String(512), default="")
+    # Block execution of PHP under common upload paths (nginx deny).
+    php_deny_execute: Mapped[int] = mapped_column(Integer, default=0)
     addtime: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow)