mabdalla/sawa-control-panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sawa-control-panel/docs/ISSUES.md

5 KiB
Raw Blame History

Sawa Control Panel — Issues & Decisions

Track open questions, known problems, and architectural decisions here.

Open Issues

ISSUE-001 — sudo whitelist scope

Status: Partially resolved
Note: Sudoers whitelist deployed. Panel still runs as root via PM2 — migration to panel user pending.

ISSUE-002 — Client cert distribution to mobile

Status: Open
Priority: High

Installing a client certificate on Android/iOS requires PKCS12 (.p12) format. Script generates .p12 correctly. Transfer mechanism not yet implemented.

Options:

  • One-time HTTPS download endpoint on server (auto-deletes after download)
  • AirDrop (iOS only)
  • Manual USB transfer

ISSUE-003 — Service status parsing reliability

Status: Open
Priority: Medium

rc-service <name> status returns inconsistent output across services. Should normalize to started | stopped | crashed | unknown.

Suggested fix: Use rc-status instead — returns structured view of all services in one call.

ISSUE-004 — Build and deploy workflow

Status: Resolved
deploy.ps1 implemented. Tar+gzip bundles, single file upload per component, server-side extract. Flags: -All -Backend -Frontend -Nginx -Certs.

ISSUE-005 — wlan0 fails on boot

Status: Open — low priority
wpa_supplicant starts before WiFi hardware is ready. sleep 5 pre-up workaround in /etc/network/interfaces — not yet confirmed stable across reboots.

ISSUE-006 — Diskless/RAM mode not configured

Status: Open — planned
Currently in sys mode. USB wear reduction requires diskless conversion. Test on spare USB clone first — never on master.

ISSUE-007 — Disk usage shows corrupt data intermittently

Status: Open
Priority: High — fix in Phase 4

Disk panel shows / at 445% full with 224GB size, then snaps back to correct values on next poll. Virtual/pseudo filesystems leaking through filter in systemInfo.js.

Fix: Filter by filesystem type — only include ext4, ext3, xfs, btrfs, vfat. Exclude tmpfs, devtmpfs, sysfs, proc, cgroup, overlay, and any mount where size is 0.

ISSUE-008 — MariaDB restart shows false error in UI

Status: Open — cosmetic
Priority: Low

Panel shows error dialog on MariaDB restart:

/usr/bin/mysqld_safe: Deprecated program name.
Use 'mariadbd-safe' instead.
* ERROR: mariadb failed to start

Service actually starts correctly. Exit code is non-zero due to deprecation warning being misread as failure.

Fix: In rcService.js, treat this specific stderr pattern as warning not error for mariadb.

ISSUE-009 — TLS 1.3 incompatible with nginx mTLS client cert request

Status: Resolved
With TLS 1.3, nginx never sends CertificateRequest — browsers never prompt for or send client cert. Fixed by setting ssl_protocols TLSv1.2; in sawa-panel.conf. Revisit when nginx adds proper TLS 1.3 post-handshake auth support.

ISSUE-010 — Rogue default.conf intercepted mTLS requests

Status: Resolved
/etc/nginx/conf.d/default.conf had a listen 443 ssl catch-all block with no mTLS, intercepting all requests before sawa-panel.conf. Deleted. http.d/default.conf (port 80 → 404) retained.

Prevention needed: Deploy script should warn about conflicting 443 server blocks.

Resolved Decisions

DECISION-001 — Authentication: nginx mTLS

Client certificates only. No login page. Unauthorized devices get TLS handshake failure.

DECISION-002 — Frontend: React + Vite + Tailwind CSS

DECISION-003 — Backend: Node.js + Express

DECISION-004 — Database stack convention

Use case Database
WordPress, Laravel MariaDB
Node.js apps PostgreSQL
Sessions, queues Redis (RDB+AOF)
Pure caching Memcached

DECISION-005 — Panel on LAN only, port 443

DECISION-006 — Phase 4 UI redesign

  • Header: persistent CPU% + RAM% + Uptime + Live dot
  • Sidebar: collapsible sections — System / Services (tree) / Websites
  • Services: toggle switches, each service gets own detail page
  • Websites: add/remove form + enable/disable toggles
  • Per-service pages: relevant stats + controls (pgAdmin iframe for PostgreSQL, phpMyAdmin for MariaDB — Phase 5)

Technical Debt

  • Panel runs as root via PM2 — migrate to panel user
  • noatime not set on fstab — USB write wear pending
  • Diskless mode not configured — ISSUE-006
  • MariaDB deprecated binary warning — ISSUE-008
  • resolv.conf not protected from networking restart overwrite
  • firstboot.sh clone logic not tested on real hardware clone
  • No log rotation — logs will grow unbounded
  • SSH on port 22 — move to non-standard port to reduce scan noise
  • Deploy script does not warn about conflicting nginx 443 server blocks
  • create-client.sh uses temp file workaround for EKU extension — works but fragile