From e2f2d5cc380495c4ed3b53e5e950d2c956bed970 Mon Sep 17 00:00:00 2001 From: Niranjan Date: Tue, 7 Apr 2026 04:03:46 +0530 Subject: [PATCH] new changes --- YakPanel-server/install.sh | 88 +++++++++++++++++++++++++++----------- 1 file changed, 63 insertions(+), 25 deletions(-) diff --git a/YakPanel-server/install.sh b/YakPanel-server/install.sh index 60e9f18b..bc78e8e4 100644 --- a/YakPanel-server/install.sh +++ b/YakPanel-server/install.sh @@ -246,31 +246,19 @@ npm run build echo "" echo "[5/6] Configuring systemd..." REDIS_AFTER="redis.target" -if [ "$PKG" = apt ]; then - REDIS_AFTER="redis-server.service" -fi - -cat > "/etc/systemd/system/${SYSTEMD_UNIT}.service" << EOF -[Unit] -Description=YakPanel Backend -After=network.target $REDIS_AFTER - -[Service] -Type=simple -User=root -WorkingDirectory=$INSTALL_PATH/backend -Environment="PATH=$INSTALL_PATH/backend/venv/bin:\$PATH" -ExecStart=$INSTALL_PATH/backend/venv/bin/uvicorn app.main:app --host 127.0.0.1 --port $BACKEND_PORT -Restart=always - -[Install] -WantedBy=multi-user.target -EOF - -systemctl daemon-reload -systemctl enable "$SYSTEMD_UNIT" -systemctl restart "$SYSTEMD_UNIT" || systemctl start "$SYSTEMD_UNIT" +REDIS_WANTS="" +case "$PKG" in + apt) + REDIS_AFTER="redis-server.service" + REDIS_WANTS="Wants=redis-server.service" + ;; + dnf|yum) + REDIS_AFTER="redis.service" + REDIS_WANTS="Wants=redis.service" + ;; +esac +# Redis must be up before Uvicorn; starting it after the panel caused 502 (nginx OK, API down). case "$PKG" in apt) systemctl enable redis-server 2>/dev/null || true @@ -282,6 +270,45 @@ case "$PKG" in ;; esac +cat > "/etc/systemd/system/${SYSTEMD_UNIT}.service" << EOF +[Unit] +Description=YakPanel Backend +After=network.target $REDIS_AFTER +$REDIS_WANTS + +[Service] +Type=simple +User=root +WorkingDirectory=$INSTALL_PATH/backend +Environment="PATH=$INSTALL_PATH/backend/venv/bin:\$PATH" +ExecStart=$INSTALL_PATH/backend/venv/bin/uvicorn app.main:app --host 127.0.0.1 --port $BACKEND_PORT +Restart=always +RestartSec=3 + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable "$SYSTEMD_UNIT" +systemctl restart "$SYSTEMD_UNIT" || systemctl start "$SYSTEMD_UNIT" + +backend_ok=0 +for _ in {1..40}; do + if curl -sfS --max-time 2 "http://127.0.0.1:${BACKEND_PORT}/api/health" >/dev/null 2>&1; then + backend_ok=1 + break + fi + sleep 0.5 +done +if [ "$backend_ok" -ne 1 ]; then + echo "" + echo "WARNING: Backend did not respond on http://127.0.0.1:${BACKEND_PORT}/api/health (login will show 502 via Nginx)." + echo "Check: systemctl status $SYSTEMD_UNIT --no-pager" + echo "Logs: journalctl -u $SYSTEMD_UNIT -n 80 --no-pager" + echo "If SELinux is Enforcing: setsebool -P httpd_can_network_connect 1" +fi + write_nginx_site() { local target="$1" cat > "$target" << NGINXEOF @@ -300,6 +327,9 @@ server { proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; } } NGINXEOF @@ -319,6 +349,13 @@ systemctl start nginx 2>/dev/null || true nginx -t systemctl reload nginx 2>/dev/null || systemctl restart nginx +# Nginx -> upstream (e.g. 127.0.0.1:$BACKEND_PORT) is blocked by default on EL + SELinux => 502. +if command -v getenforce >/dev/null 2>&1 && [ "$(getenforce 2>/dev/null)" = "Enforcing" ]; then + if command -v setsebool >/dev/null 2>&1; then + setsebool -P httpd_can_network_connect 1 2>/dev/null || true + fi +fi + if systemctl is-active --quiet firewalld 2>/dev/null; then firewall-cmd --permanent --add-port="${PANEL_PORT}/tcp" >/dev/null 2>&1 || true firewall-cmd --reload >/dev/null 2>&1 || true @@ -337,5 +374,6 @@ echo " Access: http://YOUR_SERVER_IP:$PANEL_PORT" echo " Login: admin / admin" echo "" echo " Change your password after first login." -echo " SELinux: if Nginx returns 403, see README (labels or temporary permissive)." +echo " UI works but login shows 502? Backend down or SELinux: systemctl status $SYSTEMD_UNIT; journalctl -u $SYSTEMD_UNIT -n 50" +echo " SELinux: installer calls setsebool httpd_can_network_connect if Enforcing; see README for 403 on static files." echo "=========================================="