Updated feature / fix

YakPanel-server/README.md

@@ -49,7 +49,7 @@ All native installs require **root**. Use `sudo -E ...` when you set environment
 
 | Variable | Meaning | Default |
 | --- | --- | --- |
-| `REPO_URL` | Git URL to clone | `https://github.com/YakPanel/YakPanel.git` (optional: `https://source.yakpanel.com/yakpanel.git` when your mirror is live) |
+| `REPO_URL` | Git URL to clone | `https://source.yakpanel.com/admin/yakpanel-core.git` (override for other mirrors) |
 | `YAKPANEL_BRANCH` | Branch/tag for shallow clone | default branch |
 | `GIT_REF` | Alias for `YAKPANEL_BRANCH` | — |
 | `INSTALL_PATH` | Install directory | `/www/server/YakPanel-server` |
@@ -103,7 +103,7 @@ sudo bash scripts/install.sh
 Uses `docker-compose.yml` in this directory — **not** the same layout as native (no host Nginx unit from `install.sh`).
 
 ```bash
-git clone --depth 1 https://github.com/YakPanel/YakPanel.git
+git clone --depth 1 https://source.yakpanel.com/admin/yakpanel-core.git
 # Then cd to this folder (in the full monorepo it is under YakPanel-master/YakPanel-server).
 cd YakPanel-master/YakPanel-server
 docker compose up -d

YakPanel-server/backend/.env.example

@@ -1,5 +1,6 @@
-# YakPanel - Environment
+# YakPanel - Environment (this file lives next to app/ — loaded from backend/ always, not shell CWD)
 SECRET_KEY=change-this-in-production
+# Resolved to backend/data/default.db (see app/core/database.py)
 DATABASE_URL=sqlite+aiosqlite:///./data/default.db
 REDIS_URL=redis://localhost:6379/0
 DEBUG=false

YakPanel-server/backend/app/core/config.py

@@ -1,15 +1,26 @@
 """YakPanel - Configuration"""
 import os
-from typing import Any
-from pydantic_settings import BaseSettings
 from functools import lru_cache
+from pathlib import Path
+from typing import Any
+
+from pydantic_settings import BaseSettings, SettingsConfigDict
 
 # Runtime config loaded from DB on startup (overrides Settings)
 _runtime_config: dict[str, Any] = {}
 
+_BACKEND_ROOT = Path(__file__).resolve().parent.parent
+
 
 class Settings(BaseSettings):
     """Application settings"""
+
+    model_config = SettingsConfigDict(
+        env_file=str(_BACKEND_ROOT / ".env"),
+        env_file_encoding="utf-8",
+        extra="ignore",
+    )
+
     app_name: str = "YakPanel"
     app_version: str = "1.0.0"
     debug: bool = False
@@ -21,7 +32,7 @@ class Settings(BaseSettings):
     www_logs: str = "/www/wwwlogs"
     vhost_path: str = "/www/server/panel/vhost"
 
-    # Database (use absolute path for SQLite)
+    # Database (relative SQLite paths are resolved to backend/data/, not process CWD)
     database_url: str = "sqlite+aiosqlite:///./data/default.db"
 
     # Redis
@@ -47,10 +58,6 @@ class Settings(BaseSettings):
     # Comma-separated CIDRs; empty = no restriction (e.g. "10.0.0.0/8,192.168.0.0/16")
     remote_install_allowed_target_cidrs: str = ""
 
-    class Config:
-        env_file = ".env"
-        env_file_encoding = "utf-8"
-
 
 @lru_cache
 def get_settings() -> Settings:

YakPanel-server/backend/app/core/database.py

@@ -1,21 +1,63 @@
 """YakPanel - Database configuration"""
 import os
-from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
+import sqlite3
+from pathlib import Path
+
+from sqlalchemy.engine.url import make_url
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
 from sqlalchemy.orm import DeclarativeBase
+
 from app.core.config import get_settings
 
 
-settings = get_settings()
+def _resolve_database_url(raw_url: str) -> str:
+    """Anchor relative SQLite paths to the backend directory (not process CWD)."""
+    url = make_url(raw_url)
+    if not url.drivername.startswith("sqlite"):
+        return raw_url
+    db_path = url.database
+    if db_path is None or db_path.startswith(":"):
+        return raw_url
+    path = Path(db_path)
+    backend_dir = Path(__file__).resolve().parent.parent
+    if not path.is_absolute():
+        path = (backend_dir / path).resolve()
+    else:
+        path = path.resolve()
+    data_dir = path.parent
+    data_dir.mkdir(parents=True, exist_ok=True)
+    try:
+        os.chmod(data_dir, 0o755)
+    except OSError:
+        pass
+    if not os.access(data_dir, os.W_OK):
+        raise RuntimeError(
+            f"SQLite directory not writable: {data_dir} "
+            f"(fix ownership or permissions; check SELinux if enabled)."
+        )
+    abs_path = path.as_posix()
+    try:
+        test = sqlite3.connect(abs_path)
+        test.close()
+    except sqlite3.Error as e:
+        raise RuntimeError(
+            f"SQLite refused to open {abs_path} (from DATABASE_URL). {e}. "
+            f"Parent dir: {data_dir} writable={os.access(data_dir, os.W_OK)}."
+        ) from e
+    # Unix absolute file: sqlite+aiosqlite:////abs/path (four slashes total after the colon)
+    return f"sqlite+aiosqlite:///{abs_path}"
 
-# Ensure data directory exists for SQLite
-if "sqlite" in settings.database_url:
-    backend_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-    data_dir = os.path.join(backend_dir, "data")
-    os.makedirs(data_dir, exist_ok=True)
+
+settings = get_settings()
+DATABASE_URL = _resolve_database_url(settings.database_url)
+
+_engine_kw = {"echo": settings.debug}
+if make_url(DATABASE_URL).drivername.startswith("sqlite"):
+    _engine_kw["connect_args"] = {"timeout": 30}
 
 engine = create_async_engine(
-    settings.database_url,
-    echo=settings.debug,
+    DATABASE_URL,
+    **_engine_kw,
 )
 
 AsyncSessionLocal = async_sessionmaker(
@@ -29,6 +71,7 @@ AsyncSessionLocal = async_sessionmaker(
 
 class Base(DeclarativeBase):
     """SQLAlchemy declarative base"""
+
     pass
 
 
@@ -48,13 +91,22 @@ async def get_db():
 def _run_migrations(conn):
     """Add new columns to existing tables (SQLite)."""
     import sqlalchemy
+
     try:
         r = conn.execute(sqlalchemy.text("PRAGMA table_info(sites)"))
         cols = [row[1] for row in r.fetchall()]
         if "php_version" not in cols:
-            conn.execute(sqlalchemy.text("ALTER TABLE sites ADD COLUMN php_version VARCHAR(16) DEFAULT '74'"))
+            conn.execute(
+                sqlalchemy.text(
+                    "ALTER TABLE sites ADD COLUMN php_version VARCHAR(16) DEFAULT '74'"
+                )
+            )
         if "force_https" not in cols:
-            conn.execute(sqlalchemy.text("ALTER TABLE sites ADD COLUMN force_https INTEGER DEFAULT 0"))
+            conn.execute(
+                sqlalchemy.text(
+                    "ALTER TABLE sites ADD COLUMN force_https INTEGER DEFAULT 0"
+                )
+            )
     except Exception:
         pass
     # Create backup_plans if not exists (create_all handles new installs)
@@ -91,6 +143,7 @@ def _run_migrations(conn):
 async def init_db():
     """Initialize database tables"""
     import app.models  # noqa: F401 - register all models with Base.metadata
+
     async with engine.begin() as conn:
         await conn.run_sync(Base.metadata.create_all)
         if "sqlite" in str(engine.url):

YakPanel-server/install.sh

@@ -9,7 +9,7 @@
 #   sudo -E bash install.sh
 #
 # Environment (optional):
-#   REPO_URL              Git URL (default: public GitHub; use source.yakpanel.com when mirror is live)
+#   REPO_URL              Git URL (default: https://source.yakpanel.com/admin/yakpanel-core.git)
 #   YAKPANEL_BRANCH       Branch/tag for shallow clone (default: default branch)
 #   GIT_REF               Alias for YAKPANEL_BRANCH
 #   INSTALL_PATH          Install dir (default: /www/server/YakPanel-server)
@@ -22,7 +22,7 @@
 
 set -euo pipefail
 
-REPO_URL="${REPO_URL:-https://github.com/YakPanel/YakPanel.git}"
+REPO_URL="${REPO_URL:-https://source.yakpanel.com/admin/yakpanel-core.git}"
 INSTALL_PATH="${INSTALL_PATH:-/www/server/YakPanel-server}"
 PANEL_PORT="${PANEL_PORT:-8888}"
 BACKEND_PORT="${BACKEND_PORT:-8889}"
@@ -202,15 +202,19 @@ if [ -n "${YAKPANEL_SOURCE_DIR:-}" ]; then
 else
   TMP_DIR="$(mktemp -d)"
   trap 'rm -rf "$TMP_DIR"' EXIT
-  CLONE_ARGS=(git clone --depth 1)
+  export GIT_TERMINAL_PROMPT=0
+  # Disable credential helpers for this clone so anonymous HTTPS public repos work
+  # from curl|bash (no TTY); USER:TOKEN in REPO_URL is still used if present.
+  CLONE_ARGS=(git -c credential.helper= clone --depth 1)
   if [ -n "$YAKPANEL_BRANCH" ]; then
     CLONE_ARGS+=(--branch "$YAKPANEL_BRANCH")
   fi
   CLONE_ARGS+=("$REPO_URL" "$TMP_DIR/repo")
   if ! "${CLONE_ARGS[@]}"; then
     echo "Git clone failed. Check REPO_URL=$REPO_URL, DNS, and outbound HTTPS."
-    echo "Try: sudo -E env REPO_URL=https://github.com/YakPanel/YakPanel.git bash install.sh"
-    echo "Own mirror: REPO_URL=https://source.yakpanel.com/yakpanel.git (requires bare repo published; see HOSTING.txt)."
+    echo "If the server requires sign-in: allow anonymous clone for HTTP(S), or use a token in the URL, e.g."
+    echo "  REPO_URL=https://USER:TOKEN@source.yakpanel.com/admin/yakpanel-core.git"
+    echo "Or override: REPO_URL=https://your.other.git/mirror.git"
     exit 1
   fi
   SRC_DIR="$(find_yakpanel_root_in_tree "$TMP_DIR/repo")"