From 02d16752d108327e09685196cff57d288a14a046 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Tue, 3 Mar 2026 10:26:40 +0100
Subject: [PATCH] docs: Add comprehensive service audit to tracking files

- Disabled WAF bypass on 21 vhosts for full traffic inspection
- Fixed mitmproxy service startup and port 8889 binding
- Enabled autostart on 9 essential LXC containers
- Fixed glances container cgroup mount issue
- Verified 18 containers running, 30 streamlit instances, 95+ metablogizer sites
- All core services responding (Nextcloud, Webmail, Jellyfin, Gitea, Matrix, PeerTube)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .claude/HISTORY.md | 29 ++++++++++++++++++++++++++++-
 .claude/WIP.md     | 12 +++++++++++-
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md
index 64102e3c..104ceb54 100644
--- a/.claude/HISTORY.md
+++ b/.claude/HISTORY.md
@@ -1,6 +1,6 @@
 # SecuBox UI & Theme History
 
-_Last updated: 2026-03-03 (Vortex Sinkhole Server)_
+_Last updated: 2026-03-03 (Comprehensive Service Audit)_
 
 1. **Unified Dashboard Refresh (2025-12-20)**  
    - Dashboard received the "sh-page-header" layout, hero stats, and SecuNav top tabs.  
@@ -4304,3 +4304,30 @@ git checkout HEAD -- index.html
       - Extracted and validated shell syntax
       - 63 lines, 7 opkg calls, 10 log statements
     - **Tools available:** All required tools (gunzip, gzip, fdisk, sfdisk, parted, e2fsck, resize2fs, losetup, blkid, truncate) present
+
+70. **Comprehensive Service Audit (2026-03-03)**
+    - **WAF Enforcement:**
+      - Disabled `waf_bypass='1'` on 21 vhosts that were incorrectly bypassing WAF
+      - All HTTP traffic now routes through mitmproxy WAF for inspection
+      - Regenerated and reloaded HAProxy configuration
+    - **Mitmproxy WAF:**
+      - Fixed service startup - restarted host `/etc/init.d/mitmproxy`
+      - Verified port 8889 binding for mitmproxy-in (WAF inbound)
+      - Confirmed HAProxy backend `mitmproxy_inspector` routing correctly
+    - **Container Autostart:**
+      - Enabled `lxc.start.auto=1` on 9 essential containers:
+        haproxy, mitmproxy-in, streamlit, matrix, jabber, voip, gitea, domoticz, glances
+      - Previously 5 containers had autostart enabled (nextcloud, mailserver, roundcube, jellyfin, peertube)
+    - **Glances Container Fix:**
+      - Root cause: cgroup mount failure with `cgroup:mixed` option
+      - Simplified LXC config to `lxc.mount.auto = proc:mixed sys:ro` (no cgroup)
+      - Container now starts successfully
+    - **Service Inventory:**
+      - 30 streamlit instances running
+      - 95+ metablogizer sites configured
+      - 18 LXC containers running: domoticz, gitea, glances, haproxy, jabber, jellyfin, lyrion, mailserver, matrix, mitmproxy-in, mitmproxy-out, nextcloud, peertube, roundcube, streamlit, voip, wazuh
+    - **Health Verification:**
+      - All core services responding (HTTP 301 redirect to HTTPS as expected):
+        Nextcloud, Webmail, Jellyfin, Gitea, Matrix, PeerTube, Streamlit portal, Metablogizer sites
+      - HAProxy backend health checks verified (`check` option on all servers)
+      - External access requires upstream router port forwarding (82.67.100.75 → 192.168.255.1)
diff --git a/.claude/WIP.md b/.claude/WIP.md
index 9af90bd0..b8f170a7 100644
--- a/.claude/WIP.md
+++ b/.claude/WIP.md
@@ -1,6 +1,6 @@
 # Work In Progress (Claude)
 
-_Last updated: 2026-03-03 (Image Builder Validation)_
+_Last updated: 2026-03-03 (Comprehensive Service Audit)_
 
 > **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches
 
@@ -66,6 +66,16 @@ _Last updated: 2026-03-03 (Image Builder Validation)_
 
 ### Just Completed (2026-03-03)
 
+- **Comprehensive Service Audit** — DONE (2026-03-03)
+  - **WAF Enforcement**: Disabled `waf_bypass` on 21 vhosts - all traffic now routes through mitmproxy WAF
+  - **Mitmproxy WAF**: Restarted service, verified port 8889 binding, HAProxy routing working
+  - **Container Autostart**: Enabled `lxc.start.auto=1` on 9 essential containers (haproxy, mitmproxy-in, streamlit, matrix, jabber, voip, gitea, domoticz, glances)
+  - **Glances Fix**: Resolved cgroup mount issue - simplified LXC config to `proc:mixed sys:ro` without cgroup mount
+  - **Service Verification**: All 30 streamlit instances running, 95+ metablogizer sites configured
+  - **Health Checks**: HAProxy backend health checks verified (`check` option on all servers)
+  - **18 LXC Containers Running**: domoticz, gitea, glances, haproxy, jabber, jellyfin, lyrion, mailserver, matrix, mitmproxy-in, mitmproxy-out, nextcloud, peertube, roundcube, streamlit, voip, wazuh
+  - **Core Services Responding**: Nextcloud, Webmail, Jellyfin, Gitea, Matrix, PeerTube (all return HTTP 301 redirect to HTTPS)
+
 - **Vortex DNS Firewall Phase 3 - DNS Guard Integration** — DONE (2026-03-03)
   - Integrated DNS Guard AI detection engine with Vortex Firewall
   - Enhanced import with metadata (type, confidence, reason) from alerts.json