Admin Panel

Last updated

Lives at /jabali-admin. Top-level pages:

PagePathPurpose
Dashboard/jabali-admin/dashboardCounts (users, domains, mailboxes), recent activity, health summary, version.
Users/jabali-admin/usersCreate / edit / delete panel users; reset password; reset 2FA; suspend; assign package.
Packages/jabali-admin/packagesBundles of quotas (disk, bandwidth, mailboxes, domains, DBs, PHP-INI overrides).
Domains/jabali-admin/domainsAll hosted domains across all users; per-domain settings (PHP, SSL, DNSSEC, listen IP, redirects, aliases, cache).
DNS/jabali-admin/dnsAll DNS zones; per-domain DNSSEC enable + DS record display.
SSL/jabali-admin/sslCross-user SSL state; LE issuance retry buttons; panel-hostname cert.
Mail/jabali-admin/mail/deliverability, /throttlesDeliverability dashboard (DKIM / SPF / DMARC / MTA-STS state per domain), outbound throttle policy.
Databases (Admin Ops)Server Settings → DatabaseRoot password rotation, curated config tune (innodb_buffer_pool_size, etc.), maintenance, processlist + kill, admin phpMyAdmin SSO.
IPs/jabali-admin/ipsManage the IPv4 pool exposed for per-domain listen-IP selection.
Security/jabali-admin/securityCrowdSec console + decisions + allowlists + alerts; AppSec WAF; AppArmor profile status; Snuffleupagus PHP hardening; AIDE host-integrity; per-user egress firewall; malware scans; UFW port baseline; CrowdSec test-IP card.
Server Status/jabali-admin/server-statusErrgroup-aggregated live status of all services with 5 s polling; per-service start/stop/restart controls (behind an off-toggle).
Resource Limits(per-user under Users → Edit)POSIX quota + cgroup v2 slice + nginx limit_req per user.
PHP/jabali-admin/php-poolsInstalled PHP versions, per-version FPM tuning, server-wide extension manager (M9.6).
Applications/jabali-admin/applicationsApp registry (WP + 14 others); per-app version pin and global enable.
Logs/jabali-admin/logsTail panel / agent / nginx / Stalwart / Kratos / Bulwark / PowerDNS / CrowdSec.
Audit/jabali-admin/auditAppend-only audit log (every privileged mutation; ADR-0106).
Server Settings/jabali-admin/settingsPanel hostname; primary mail domain; default IP pool; DB admin sections; notifications channels; AppSec policy; CrowdSec console enrol; updates source.
Notifications/jabali-admin/notifications/{channels,events,routing,test}Configure 6 channels (in-app, email, Slack, Telegram, ntfy, Web Push); per-event routing; test send.
Updates/jabali-admin/updatesRun jabali update from the UI as a transient systemd unit (survives panel restart mid-update).
Support/jabali-admin/supportGenerate an encrypted diag bundle (enclosed.cc), mailto: ticket.
Migrations/jabali-admin/migrationsIngest cPanel / DirectAdmin / Hestia / WHM archives, track restore progress.
Backups/jabali-admin/backupsDestinations (local / sftp / s3 / b2 / azure / gcs / rest), schedules, retention, restore.
Automation/jabali-admin/automationScoped API tokens for the future Automation API.
Terminal/jabali-admin/terminalWeb terminal (root).

The sidebar groups pages by activity:

  • Overview: Dashboard, Server Status, Audit.
  • Hosting: Users, Packages, Domains, Applications, IPs.
  • Mail & DNS: Mail (deliverability + throttles), DNS, SSL.
  • System: Server Settings, PHP, Security, Resource Limits, Logs, Updates, Backups, Migrations.
  • Other: Notifications, Support, Automation, Terminal, Profile.

What is intentionally not here

  • In-panel impersonation: removed with the M20 Kratos migration. The audit emitter is wired and an ADR-0106 toggle reserves the audit-visibility setting, but no admin → user session-handoff is currently shipped.
  • OIDC / Hydra: rolled back in M16. The panel does not act as an OIDC provider.
  • ModSecurity: replaced by CrowdSec AppSec (M27).
  • filebrowser: replaced by the in-panel AntD File Manager (M11).