if the user ccd file is empty or only blank lines, we erase it after unban.

addons/cmd/ban_client.sh

@@ -43,7 +43,7 @@ main() {
         ban)
             if [[ -z "$is_banned" ]]; then
                 log "Ban user: ${username}"
-                sed -i '1i\disable' "${ccd_file}"
+                echo -e "disable\n$(cat "$ccd_file")" > "$ccd_file"
                 log "User ${username} banned successfully"
             else
                 log "User ${username} is already banned"
@@ -54,6 +54,11 @@ main() {
                 log "Unban user: ${username}"
                 sed -i '/^disable$/d' "${ccd_file}"
                 log "User ${username} unbanned successfully"
+                # if the file is empty or only blank lines, we erase it.
+                if [[ ! -s "${ccd_file}" ]] || ! grep -q '[^[:space:]]' "${ccd_file}"; then
+                    log "CCD file ${ccd_file} is empty after unban, removing"
+                    rm -f "${ccd_file}"
+                fi
             else
                 log "User ${username} is not banned"
             fi

addons/cmd/functions.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 owner_user=nobody
-owner_group=www-data
+owner_group=nogroup
 
 # Name of the current script (without path)
 script_name="$(basename "${BASH_SOURCE[0]}")"
@@ -39,10 +39,6 @@ check_ccd_path() {
             log "Error: No write permission for file: $path"
             exit 1
         fi
-    else
-        # Path does not exist or is not a regular file/directory
-        log "Error: Path does not exist or is not a file/directory: $path"
-        exit 1
     fi
 }
 

addons/nginx/site.conf

@@ -0,0 +1,39 @@
+server {
+
+    listen 80;
+    server_name vpn.example.com;
+
+    root /var/www/vpn;
+    index index.php;
+
+    access_log /var/log/nginx/vpn-access.log;
+    error_log  /var/log/nginx/vpn-error.log;
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    # PHP
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.4-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+
+    # запрет листинга
+    autoindex off;
+
+    # admin auth
+    location /admin {
+        auth_basic "VPN Admin";
+        auth_basic_user_file /etc/nginx/.htpasswd-admin;
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    # ccd auth
+    location /ccd {
+        auth_basic "VPN User";
+        auth_basic_user_file /etc/nginx/.htpasswd-ccd;
+        try_files $uri $uri/ /index.php?$args;
+    }
+}