easy-devops 0.2.0 → 0.2.2

package/README.md

@@ -21,6 +21,7 @@ A unified DevOps management tool with interactive CLI and web dashboard for mana
 
 - **Node.js 18+** (with npm)
 - **Linux** (Debian/Ubuntu) or **Windows**
+- ⚠️ **Windows users: PowerShell must be run as Administrator** (required for installing packages via winget, managing services, and SSL certificates)
 - Optional: Nginx, Certbot, nvm (installed separately or via the tool)
 
 ## Installation
@@ -49,6 +50,8 @@ wget -qO- https://raw.githubusercontent.com/omar00050/Easy-DevOps/main/install.s
 
 #### Windows (PowerShell)
 
+> ⚠️ **Important:** Run PowerShell **as Administrator**. Right-click PowerShell → "Run as Administrator".
+
 ```powershell
 Invoke-WebRequest -Uri "https://raw.githubusercontent.com/omar00050/Easy-DevOps/main/install.ps1" -OutFile "install.ps1"; ./install.ps1
 ```
@@ -175,6 +178,20 @@ Manage Let's Encrypt SSL certificates using Certbot.
 
 > **Note:** Renewing a certificate temporarily stops Nginx to free port 80, then restarts it automatically.
 
+#### Windows Package Manager (winget)
+
+Easy DevOps uses **winget** (Windows Package Manager) to install certbot and other packages on Windows. If winget is not installed, Easy DevOps will automatically prompt to install it using the [asheroto/winget-install](https://github.com/asheroto/winget-install) script.
+
+**Installing winget manually:**
+
+If you prefer to install winget separately, you can:
+
+1. **Install from Microsoft Store:** Search for "App Installer" in the Microsoft Store
+2. **Use the winget-install script:** [https://github.com/asheroto/winget-install](https://github.com/asheroto/winget-install)
+3. **Official Microsoft documentation:** [https://learn.microsoft.com/en-us/windows/package-manager/winget/](https://learn.microsoft.com/en-us/windows/package-manager/winget/)
+
+> **Note:** The embedded `winget-install.ps1` script in this project is sourced from [asheroto/winget-install](https://github.com/asheroto/winget-install) — a community-maintained, reliable installer for winget on Windows Server and systems without the Microsoft Store.
+
 ---
 
 ### Web Dashboard
@@ -187,7 +204,15 @@ Start the web dashboard:
 npm run dashboard
 ```
 
-Access at `http://localhost:3000` (or configured port).
+Access at `http://localhost:6443` (or configured port).
+
+#### First-Time Login
+
+Default credentials:
+- **Username:** `admin`
+- **Password:** Set in Settings menu or check your configuration
+
+> **Tip:** From the Dashboard menu, select "How to use" for a quick guide on getting started.
 
 #### Dashboard Pages
 
@@ -245,7 +270,8 @@ easy-devops/
 │   ├── config.js         # Configuration loader
 │   ├── db.js             # SQLite database (good.db)
 │   ├── detector.js       # System environment detection
-│   └── shell.js          # Cross-platform shell executor
+│   ├── shell.js          # Cross-platform shell executor
+│   └── nginx-conf-generator.js  # Nginx config file generator
 ├── dashboard/
 │   ├── server.js         # Express + Socket.io server
 │   ├── routes/           # API endpoints
@@ -255,7 +281,10 @@ easy-devops/
 ├── data/
 │   └── easy-devops.sqlite
 └── lib/
-    └── installer/        # Bootstrap scripts
+    └── installer/
+        ├── install.ps1   # Windows bootstrap installer
+        ├── install.sh    # Linux/macOS bootstrap installer
+        └── winget-install.ps1  # Windows Package Manager installer
 ```
 
 ---

package/cli/managers/ssl-manager.js

@@ -15,6 +15,7 @@ import inquirer from 'inquirer';
 import ora from 'ora';
 import fs from 'fs/promises';
 import path from 'path';
+import { fileURLToPath } from 'url';
 import { run, runLive } from '../../core/shell.js';
 import { loadConfig } from '../../core/config.js';
 
@@ -340,23 +341,7 @@ async function installCertbot() {
     if (r.success) return true;
     if (showErrors && r.stderr) lastDownloadError = `Invoke-WebRequest: ${r.stderr}`;
 
-    // Method 2: WebClient with TLS
-    r = await safeRun(
-      `${tlsSetup}; (New-Object System.Net.WebClient).DownloadFile('${safeUrl}','${safeDest}')`,
-      { timeout: 130000 },
-    );
-    if (r.success) return true;
-    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `WebClient: ${r.stderr}`;
-
-    // Method 3: BITS Transfer
-    r = await safeRun(
-      `Import-Module BitsTransfer -ErrorAction SilentlyContinue; Start-BitsTransfer -Source '${safeUrl}' -Destination '${safeDest}' -ErrorAction Stop`,
-      { timeout: 130000 },
-    );
-    if (r.success) return true;
-    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `BITS: ${r.stderr}`;
-
-    // Method 4: curl.exe (works on Windows 10+)
+    // Method 2: curl.exe (works on Windows 10+, often bypasses AV detection)
     if (hasCurl) {
       r = await safeRun(
         `curl.exe -L --ssl-no-revoke --max-time 120 -o '${safeDest}' '${safeUrl}'`,
@@ -366,61 +351,33 @@ async function installCertbot() {
       if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `curl: ${r.stderr}`;
     }
 
-    // Method 5: HttpClient with custom handler
+    // Method 3: WebClient with TLS
     r = await safeRun(
-      `${tlsSetup}; $handler=[System.Net.Http.HttpClientHandler]::new(); $handler.ServerCertificateCustomValidationCallback={$true}; $handler.AllowAutoRedirect=$true; $hc=[System.Net.Http.HttpClient]::new($handler); $hc.DefaultRequestHeaders.Add('User-Agent','Mozilla/5.0 (Windows NT 10.0; Win64; x64)'); $hc.Timeout=[TimeSpan]::FromSeconds(120); $bytes=$hc.GetByteArrayAsync('${safeUrl}').GetAwaiter().GetResult(); [System.IO.File]::WriteAllBytes('${safeDest}',$bytes)`,
+      `${tlsSetup}; (New-Object System.Net.WebClient).DownloadFile('${safeUrl}','${safeDest}')`,
       { timeout: 130000 },
     );
     if (r.success) return true;
-    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `HttpClient: ${r.stderr}`;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `WebClient: ${r.stderr}`;
 
-    // Method 6: Certutil (built-in Windows tool)
+    // Method 4: HttpClient with custom handler
     r = await safeRun(
-      `certutil.exe -urlcache -split -f "${safeUrl}" "${safeDest}"`,
+      `${tlsSetup}; $handler=[System.Net.Http.HttpClientHandler]::new(); $handler.ServerCertificateCustomValidationCallback={$true}; $handler.AllowAutoRedirect=$true; $hc=[System.Net.Http.HttpClient]::new($handler); $hc.DefaultRequestHeaders.Add('User-Agent','Mozilla/5.0 (Windows NT 10.0; Win64; x64)'); $hc.Timeout=[TimeSpan]::FromSeconds(120); $bytes=$hc.GetByteArrayAsync('${safeUrl}').GetAwaiter().GetResult(); [System.IO.File]::WriteAllBytes('${safeDest}',$bytes)`,
       { timeout: 130000 },
     );
     if (r.success) return true;
-    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `certutil: ${r.stderr}`;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `HttpClient: ${r.stderr}`;
 
-    // Method 7: PowerShell with DisableKeepAlive
+    // Method 5: BITS Transfer (background transfers)
     r = await safeRun(
-      `${tlsSetup}; $req=[System.Net.WebRequest]::Create('${safeUrl}'); $req.Method='GET'; $req.KeepAlive=$false; $req.UserAgent='Mozilla/5.0'; $resp=$req.GetResponse(); $stream=$resp.GetResponseStream(); $reader=[System.IO.BinaryReader]::new($stream); $bytes=$reader.ReadBytes($resp.ContentLength); $reader.Close(); [System.IO.File]::WriteAllBytes('${safeDest}',$bytes)`,
+      `Import-Module BitsTransfer -ErrorAction SilentlyContinue; Start-BitsTransfer -Source '${safeUrl}' -Destination '${safeDest}' -ErrorAction Stop`,
       { timeout: 130000 },
     );
     if (r.success) return true;
-    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `WebRequest: ${r.stderr}`;
-
-    return false;
-  }
-
-  // Test network connectivity to common endpoints
-  async function testNetworkConnectivity() {
-    console.log(chalk.cyan('\n Testing network connectivity...'));
-    const tests = [
-      { name: 'GitHub', url: 'https://github.com' },
-      { name: 'Microsoft', url: 'https://microsoft.com' },
-      { name: 'EFF', url: 'https://eff.org' },
-    ];
-    const results = [];
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `BITS: ${r.stderr}`;
 
-    for (const test of tests) {
-      const r = await run(`curl.exe -I --ssl-no-revoke --max-time 10 "${test.url}"`, { timeout: 15000 });
-      const success = r.success || r.stdout.includes('HTTP') || r.stdout.includes('200');
-      results.push({ name: test.name, success });
-      console.log(chalk.gray(`   ${test.name}: ${success ? chalk.green('✓ Connected') : chalk.red('✗ Failed')}`));
-    }
+    // Note: certutil.exe removed - it triggers Trojan:Win32/Ceprolad.A detection
 
-    const allFailed = results.every(r => !r.success);
-    if (allFailed) {
-      console.log(chalk.yellow('\n   ⚠ All external connections failed.'));
-      console.log(chalk.gray('   This could indicate:'));
-      console.log(chalk.gray('   • Firewall blocking outbound connections'));
-      console.log(chalk.gray('   • Proxy server required'));
-      console.log(chalk.gray('   • DNS resolution issues'));
-      console.log(chalk.gray('   • Antivirus blocking downloads'));
-    }
-    console.log();
-    return results;
+    return false;
   }
 
   async function runNsisInstaller(exePath) {
@@ -445,70 +402,62 @@ async function installCertbot() {
 
   if (!wingetAvailable) {
     console.log(chalk.yellow('\n ⚠ winget is not installed on this system.'));
-    console.log(chalk.gray('   winget (Windows Package Manager) provides the easiest installation method.'));
+    console.log(chalk.gray(' winget (Windows Package Manager) provides the easiest installation method.'));
 
     let installWinget;
     try {
       ({ installWinget } = await inquirer.prompt([{
         type: 'confirm',
         name: 'installWinget',
-        message: 'Would you like to install winget (App Installer) from Microsoft Store?',
+        message: 'Would you like to install winget automatically?',
         default: true,
       }]));
     } catch { /* user cancelled */ }
 
     if (installWinget) {
-      console.log(chalk.cyan('\n Opening Microsoft Store to install App Installer...'));
-      console.log(chalk.gray(' Please complete the installation, then run this command again.\n'));
-
-      // Try to open Microsoft Store
-      const storeOpened = await run(
-        'Start-Process "ms-windows-store://pdp/?ProductId=9NBLGGH4NNS1"',
-        { timeout: 10000 }
-      ).catch(() => ({ success: false }));
-
-      if (storeOpened.success) {
-        console.log(chalk.green(' Microsoft Store opened successfully.'));
-        console.log(chalk.gray(' After installing App Installer, winget will be available.\n'));
+      console.log(chalk.cyan('\n Opening winget installer in a new window...'));
+      console.log(chalk.gray(' The installer will run in a separate PowerShell window.'));
+      console.log(chalk.gray(' Please complete the installation in that window.\n'));
+
+      // Use the embedded winget-install.ps1 script
+      const scriptDir = path.dirname(fileURLToPath(import.meta.url));
+      const wingetScriptPath = path.join(scriptDir, '..', '..', 'lib', 'installer', 'winget-install.ps1');
+
+      // Check if the embedded script exists
+      const scriptExists = await run(`Test-Path "${wingetScriptPath}"`);
+      if (scriptExists.stdout.trim().toLowerCase() !== 'true') {
+        console.log(chalk.red('\n Embedded winget installer script not found.'));
+        console.log(chalk.gray(' Expected location: ' + wingetScriptPath + '\n'));
       } else {
-        console.log(chalk.yellow(' Could not open Microsoft Store directly.'));
-        console.log(chalk.gray(' Please manually install "App Installer" from:'));
-        console.log(chalk.cyan(' https://apps.microsoft.com/store/detail/app-installer/9NBLGGH4NNS1\n'));
-      }
+        // Run the installer in a new PowerShell window with -NoExit so user can see output
+        // The script has a built-in -NoExit parameter we can use
+        await run(`Start-Process powershell.exe -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File "${wingetScriptPath}" -NoExit' -Verb RunAs -Wait`);
 
-      // Optional: try direct download of App Installer
-      let tryDownload;
-      try {
-        ({ tryDownload } = await inquirer.prompt([{
-          type: 'confirm',
-          name: 'tryDownload',
-          message: 'Would you like to try downloading App Installer directly?',
-          default: false,
-        }]));
-      } catch { tryDownload = false; }
-
-      if (tryDownload) {
-        const appInstallerUrl = 'https://aka.ms/getwinget';
-        const appInstallerDest = '$env:TEMP\\AppInstaller.msixbundle';
-
-        console.log(chalk.gray('\n Downloading App Installer...'));
-        let downloaded = false; try { downloaded = await downloadFile(appInstallerUrl, appInstallerDest); } catch (err) { if (err.code === 'EPERM' || err.message?.includes('EPERM')) { console.log(chalk.red('\n ? Windows Defender blocked the download.')); console.log(chalk.gray(' Add an exclusion in Windows Defender or download manually.')); console.log(chalk.gray(' Download URL: https://aka.ms/getwinget\n')); } else { console.log(chalk.yellow('\n Download failed: ' + err.message + '\n')); } }
-
-        if (downloaded) {
-          console.log(chalk.gray(' Running App Installer...'));
-          await run(`Start-Process -FilePath '${appInstallerDest}' -Wait`, { timeout: 300000 });
-
-          // Re-check for winget
-          const recheck = await run('where.exe winget 2>$null');
-          if (recheck.success && recheck.stdout.trim()) {
+        console.log(chalk.gray('\n Winget installer window has closed.'));
+        console.log(chalk.cyan(' Checking if winget is now available...\n'));
+
+        // Give a moment for PATH to update
+        await new Promise(res => setTimeout(res, 2000));
+
+        // Re-check for winget
+        const recheck = await run('where.exe winget 2>$null');
+        if (recheck.success && recheck.stdout.trim()) {
+          console.log(chalk.green(' ✓ winget installed successfully!\n'));
+          wingetAvailable = true;
+        } else {
+          // Try refreshing PATH from registry and check again
+          console.log(chalk.yellow(' winget not immediately detected. Refreshing PATH...'));
+          await run(`$env:PATH = [System.Environment]::GetEnvironmentVariable('PATH', 'Machine') + ';' + [System.Environment]::GetEnvironmentVariable('PATH', 'User')`);
+          await new Promise(res => setTimeout(res, 1000));
+
+          const recheck2 = await run('where.exe winget 2>$null');
+          if (recheck2.success && recheck2.stdout.trim()) {
             console.log(chalk.green('\n ✓ winget installed successfully!\n'));
             wingetAvailable = true;
           } else {
-            console.log(chalk.yellow('\n App Installer ran but winget is not yet available.'));
-            console.log(chalk.gray(' You may need to restart your terminal or sign out/in.\n'));
+            console.log(chalk.yellow('\n winget may have been installed but is not in PATH yet.'));
+            console.log(chalk.gray(' You may need to restart your terminal or computer.\n'));
           }
-        } else {
-          console.log(chalk.yellow('\n Could not download App Installer automatically.\n'));
         }
       }
 
@@ -521,28 +470,28 @@ async function installCertbot() {
     }
   }
 
-  // ── Method 1: winget (win-acme - has better success rate) ─────────────────────
+  // ── Method 1: winget (certbot EFF - most reliable) ────────────────────────────
   if (wingetAvailable) {
-    step('Trying winget (win-acme) ...');
-    console.log(chalk.gray(' Running: winget install win-acme.win-acme\n'));
+    step('Trying winget (EFF.Certbot) ...');
+    console.log(chalk.gray(' Running: winget install EFF.Certbot\n'));
     const exitCode = await runLive(
-      'winget install -e --id win-acme.win-acme --accept-package-agreements --accept-source-agreements',
+      'winget install -e --id EFF.Certbot --accept-package-agreements --accept-source-agreements',
       { timeout: 180000 },
     );
-    if (exitCode === 0 || await verifyWinAcme()) return { success: true, client: 'winacme' };
-    console.log(chalk.yellow(' winget win-acme failed, trying next...\n'));
+    if (exitCode === 0 || await verifyCertbot()) return { success: true };
+    console.log(chalk.yellow(' winget certbot failed, trying next...\n'));
   }
 
-  // ── Method 2: winget (certbot EFF) ────────────────────────────────────────────
+  // ── Method 2: winget (win-acme) ───────────────────────────────────────────────
   if (wingetAvailable) {
-    step('Trying winget (EFF.Certbot) ...');
-    console.log(chalk.gray(' Running: winget install EFF.Certbot\n'));
+    step('Trying winget (win-acme) ...');
+    console.log(chalk.gray(' Running: winget install win-acme.win-acme\n'));
     const exitCode = await runLive(
-      'winget install -e --id EFF.Certbot --accept-package-agreements --accept-source-agreements',
+      'winget install -e --id win-acme.win-acme --accept-package-agreements --accept-source-agreements',
       { timeout: 180000 },
     );
-    if (exitCode === 0 || await verifyCertbot()) return { success: true };
-    console.log(chalk.yellow(' winget certbot failed, trying next...\n'));
+    if (exitCode === 0 || await verifyWinAcme()) return { success: true, client: 'winacme' };
+    console.log(chalk.yellow(' winget win-acme failed, trying next...\n'));
   }
 
   // ── Method 3: Chocolatey (win-acme) ───────────────────────────────────────────
@@ -585,9 +534,6 @@ async function installCertbot() {
   // ── Method 7: Direct download win-acme (ZIP - smaller, no installer) ──────────
   const WINACME_DEST = 'C:\\Program Files\\win-acme';
 
-  // Test network before attempting downloads
-  try { await testNetworkConnectivity(); } catch (err) { console.log(chalk.yellow('Network test failed: ' + err.message)); }
-
   step('Downloading win-acme from GitHub ...');
   const winAcmeUrls = [
     'https://github.com/win-acme/win-acme/releases/latest/download/win-acme.zip',
@@ -600,7 +546,14 @@ async function installCertbot() {
 
     const zipDest = `$env:TEMP\\win-acme.zip`;
     lastDownloadError = '';
-    let dlOk = false; try { dlOk = await downloadFile(url, zipDest, true); } catch (err) { if (err.code === 'EPERM' || err.message?.includes('EPERM')) { console.log(chalk.red('Windows Defender blocked this download.')); console.log(chalk.gray('Use the manual installer option or add a Windows Defender exclusion.')); } } if (dlOk) {
+    let dlOk = false;
+    try { dlOk = await downloadFile(url, zipDest, true); } catch (err) {
+      if (err.code === 'EPERM' || err.message?.includes('EPERM')) {
+        console.log(chalk.red('Windows Defender blocked this download.'));
+        console.log(chalk.gray('Use the manual installer option or add a Windows Defender exclusion.'));
+      }
+    }
+    if (dlOk) {
       console.log(chalk.gray(' Extracting win-acme ...\n'));
       await run(`New-Item -ItemType Directory -Force -Path '${WINACME_DEST}'`);
       await run(`Expand-Archive -Path '${zipDest}' -DestinationPath '${WINACME_DEST}' -Force`);
@@ -632,7 +585,14 @@ async function installCertbot() {
     step(`Downloading certbot installer from ${hostname} ...`);
 
     lastDownloadError = '';
-    let dlOk = false; try { dlOk = await downloadFile(url, INSTALLER_DEST, true); } catch (err) { if (err.code === 'EPERM' || err.message?.includes('EPERM')) { console.log(chalk.red('Windows Defender blocked this download.')); console.log(chalk.gray('Use the manual installer option or add a Windows Defender exclusion.')); } } if (dlOk) {
+    let dlOk = false;
+    try { dlOk = await downloadFile(url, INSTALLER_DEST, true); } catch (err) {
+      if (err.code === 'EPERM' || err.message?.includes('EPERM')) {
+        console.log(chalk.red('Windows Defender blocked this download.'));
+        console.log(chalk.gray('Use the manual installer option or add a Windows Defender exclusion.'));
+      }
+    }
+    if (dlOk) {
       console.log(chalk.gray(' Running installer silently ...\n'));
       const ok = await runNsisInstaller(INSTALLER_DEST);
       await run(`Remove-Item -Force '${INSTALLER_DEST}' -ErrorAction SilentlyContinue`);
@@ -677,7 +637,7 @@ async function installCertbot() {
     await run('Start-Process "https://certbot.eff.org/instructions?ws=other&os=windows"');
 
     console.log(chalk.green('✓ Browser opened. Download the installer, then run:'));
-    console.log(chalk.cyan('  easy-devops → SSL Manager → Install certbot → Specify local installer path\n'));
+    console.log(chalk.cyan(' easy-devops → SSL Manager → Install certbot → Specify local installer path\n'));
 
     return { success: false };
   }

package/cli/menus/dashboard.js

@@ -139,6 +139,26 @@ function openBrowser(url) {
   run(cmd).catch(() => {});
 }
 
+// ─── Usage Info ──────────────────────────────────────────────────────────────
+
+function showUsageInfo() {
+  console.log(chalk.cyan('\n How to use the Dashboard:'));
+  console.log(chalk.gray(' ─'.repeat(40)));
+  console.log('  1. Start the dashboard from this menu');
+  console.log('  2. Open it in your browser (or visit the URL shown)');
+  console.log('  3. Log in with the admin password from config');
+  console.log('  4. Use the dashboard to:');
+  console.log(chalk.gray('     • Manage domains → create nginx configs'));
+  console.log(chalk.gray('     • View SSL certificates'));
+  console.log(chalk.gray('     • Control nginx (start/stop/reload)'));
+  console.log(chalk.gray('     • Edit nginx configuration files'));
+  console.log();
+  console.log(chalk.yellow(' Default login:'));
+  console.log(chalk.gray('   Username: admin'));
+  console.log(chalk.gray('   Password: (check your config or set one)'));
+  console.log();
+}
+
 // ─── Menu ─────────────────────────────────────────────────────────────────────
 
 export default async function dashboardMenu() {
@@ -160,8 +180,8 @@ export default async function dashboardMenu() {
     console.log();
 
     const choices = status.running
-      ? ['Open in browser', 'Stop dashboard', new inquirer.Separator(), '← Back']
-      : ['Start dashboard', new inquirer.Separator(), '← Back'];
+      ? ['Open in browser', 'Stop dashboard', 'How to use', new inquirer.Separator(), '← Back']
+      : ['Start dashboard', 'How to use', new inquirer.Separator(), '← Back'];
 
     let choice;
     try {

package/core/nginx-conf-generator.js

@@ -257,7 +257,8 @@ export function buildConf(domain, nginxDir, certbotDir) {
 
   // Logging
   if (advanced?.accessLog) {
-    mainBlock.push(`  access_log /var/log/nginx/${name}.access.log;`);
+    const logDir = isWindows ? `${nginxDir.replace(/\\/g, '/')}/logs` : '/var/log/nginx';
+    mainBlock.push(` access_log ${logDir}/${name}.access.log;`);
   }
 
   // ─── Location Block ─────────────────────────────────────────────────────────
@@ -301,10 +302,10 @@ export function buildConf(domain, nginxDir, certbotDir) {
       mainBlock.push(`  error_page 500 502 503 504 /50x.html;`);
     }
     if (security.custom404) {
-      mainBlock.push(`  location = /404.html { root /usr/share/nginx/html; internal; }`);
+      mainBlock.push(`  location = /404.html { root ${isWindows ? nginxDir.replace(/\\/g, '/') + '/html' : '/usr/share/nginx/html'}; internal; }`);
     }
     if (security.custom50x) {
-      mainBlock.push(`  location = /50x.html { root /usr/share/nginx/html; internal; }`);
+      mainBlock.push(`  location = /50x.html { root ${isWindows ? nginxDir.replace(/\\/g, '/') + '/html' : '/usr/share/nginx/html'}; internal; }`);
     }
   }
 

package/dashboard/lib/nginx-service.js

@@ -141,17 +141,26 @@ export async function start() {
     throw new NginxNotFoundError('nginx binary not found');
   }
 
-  // Test config before starting
+  // Ensure required directories exist on Windows
+  if (process.platform === 'win32') {
+    await fs.mkdir(path.join(nginxDir, 'logs'), { recursive: true });
+    await fs.mkdir(path.join(nginxDir, 'temp'), { recursive: true });
+  }
+
+  // Test config before starting with explicit config path on Windows
   await ensureNginxInclude(nginxDir);
-  const testResult = await run(`${nginxExe} -t`);
+  const testCmd = process.platform === 'win32'
+    ? `${nginxExe} -c "${path.join(nginxDir, 'conf', 'nginx.conf')}" -t`
+    : `${nginxExe} -t`;
+  const testResult = await run(testCmd);
   if (!testResult.success) {
     return { success: false, output: combineOutput(testResult) };
   }
 
-  // Start nginx
+  // Start nginx with explicit config path on Windows
   if (process.platform === 'win32') {
-    // On Windows, nginx runs in foreground so we need Start-Process
-    const startCmd = `Start-Process -FilePath "${path.join(nginxDir, 'nginx.exe')}" -WorkingDirectory "${nginxDir}" -WindowStyle Hidden`;
+    const confPath = path.join(nginxDir, 'conf', 'nginx.conf');
+    const startCmd = `Start-Process -FilePath "${path.join(nginxDir, 'nginx.exe')}" -ArgumentList '-c','"${confPath}"' -WorkingDirectory "${nginxDir}" -WindowStyle Hidden`;
     await run(startCmd, { timeout: 10000 });
   } else {
     const result = await run('nginx', { cwd: nginxDir, timeout: 15000 });
@@ -216,7 +225,11 @@ export async function test() {
   }
 
   await ensureNginxInclude(nginxDir);
-  const result = await run(`${nginxExe} -t`);
+  // Use explicit -c flag on Windows to avoid path issues
+  const testCmd = process.platform === 'win32'
+    ? `${nginxExe} -c "${path.join(nginxDir, 'conf', 'nginx.conf')}" -t`
+    : `${nginxExe} -t`;
+  const result = await run(testCmd);
   return { success: result.success, output: combineOutput(result) };
 }
 

package/dashboard/routes/domains.js

@@ -18,7 +18,12 @@ function getNginxExe(nginxDir) {
 
 function nginxTestCmd(nginxDir) {
   const exe = getNginxExe(nginxDir);
-  return isWindows ? `& "${exe}" -t` : 'nginx -t';
+  // Use explicit -c flag on Windows to avoid path issues
+  if (isWindows) {
+    const confPath = `${nginxDir}\\conf\\nginx.conf`;
+    return `& "${exe}" -c "${confPath}" -t`;
+  }
+  return 'nginx -t';
 }
 
 function nginxReloadCmd(nginxDir) {