From 189c2a405eebb9e0f6cfbd3846fa2f78a802e544 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Sat, 14 Feb 2026 10:59:05 +0100 Subject: [PATCH] docs: Update HISTORY.md with Domoticz exposure and WAF fix - Documented home.maegia.tv (Domoticz) exposure - Documented WAF redirect loop fix for gk2.secubox.in - Added mitmproxy-in configuration changes Co-Authored-By: Claude Opus 4.5 --- .claude/HISTORY.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md index 338744e2..0b0c40f7 100644 --- a/.claude/HISTORY.md +++ b/.claude/HISTORY.md @@ -1502,3 +1502,31 @@ Updated `/etc/init.d/secubox-lxc` to manage all LXC containers: - All Docker containers removed - Jellyfin accessible via https://media.maegia.tv - Full LXC-based infrastructure + +## 2026-02-14: Domoticz Exposure & WAF Redirect Fix + +### Domoticz Exposed via HAProxy +- **Domain:** https://home.maegia.tv +- **Backend:** 127.0.0.1:8084 (LXC with host networking) +- **DNS:** A record added via Gandi API +- **SSL:** Let's Encrypt certificate issued + +### HAProxy Configuration +- Created `domoticz_web` backend +- Created `home_maegia_tv` vhost with `waf_bypass=1` +- SSL certificate: `/srv/haproxy/certs/home.maegia.tv.pem` + +### WAF Redirect Loop Fix +- **Issue:** mitmproxy causing 301 redirect loops for multiple vhosts +- **Root cause:** mitmproxy-in in "reverse" mode without proper HAProxy router addon +- **Fix:** Added `waf_bypass=1` to affected vhosts (gk2.secubox.in, home.maegia.tv) +- **Additional fix:** Updated mitmproxy-in LXC config to enable HAProxy router mode + +### Domoticz Configuration +- Reset admin password via SQLite +- Added local network bypass for HAProxy access +- LXC container: `/srv/lxc/domoticz/` with USB passthrough for Zigbee + +### Result +- https://home.maegia.tv → Domoticz (200 OK) +- https://gk2.secubox.in → GK2 Hub (200 OK, redirect loop fixed)