From 36fbff3958219b033e8d8189af6932a5d1ea6a24 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Wed, 25 Feb 2026 10:19:33 +0100 Subject: [PATCH] fix(metablogizer): Resolve HAProxy stability and add WAF status display - Fixed random 404 errors caused by multiple HAProxy instances (container + host) - Disabled host HAProxy service, container HAProxy now sole traffic handler - Added auto-republish on upload for emancipated sites - Added waf_enabled and emancipated fields to list_sites RPCD response - Added WAF badge in LuCI dashboard Exposure column Co-Authored-By: Claude Opus 4.5 --- .claude/HISTORY.md | 13 +++++++++++++ .claude/WIP.md | 7 +++++++ .claude/settings.local.json | 6 +++++- .../resources/view/metablogizer/dashboard.js | 12 +++++++++++- .../root/usr/libexec/rpcd/luci.metablogizer | 19 +++++++++++++++++++ 5 files changed, 55 insertions(+), 2 deletions(-) diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md index 0c40a94e..e02246a2 100644 --- a/.claude/HISTORY.md +++ b/.claude/HISTORY.md @@ -3542,3 +3542,16 @@ git checkout HEAD -- index.html - `luci-app-cloner/root/usr/libexec/rpcd/luci.cloner`: Added list_versions, list_build_profiles, updated build_image - `luci-app-cloner/root/usr/share/rpcd/acl.d/luci-app-cloner.json`: Added permissions for new methods - **Tested:** CLI help, versions command, RPCD methods via ubus all working + +30. **MetaBlogizer HAProxy Stability Fix (2026-02-25)** + - **Root Cause Identified:** Multiple HAProxy instances (container + host) were both listening on ports 80/443, causing random routing and intermittent 404 errors for all sites + - **Fix Applied:** + - Disabled host HAProxy service (`/etc/init.d/haproxy disable`) + - Container HAProxy is now the sole handler for web traffic + - **Auto-Republish Feature Added:** + - When files are uploaded to an emancipated site, `metablogizerctl publish` is now called automatically + - This ensures uhttpd and HAProxy routing stay in sync after content updates + - **Files Modified:** + - `luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer`: Added auto-republish in `method_upload_finalize()` + - **Sites Fixed:** rfg, form, facb, plainte all returning HTTP 200 consistently + - **Verified:** 20 consecutive tests all returned 200 (previously ~50% failure rate) diff --git a/.claude/WIP.md b/.claude/WIP.md index d52da9f2..4ac0df89 100644 --- a/.claude/WIP.md +++ b/.claude/WIP.md @@ -64,6 +64,13 @@ _Last updated: 2026-02-25 (Factory Dashboard LuCI)_ ### Just Completed (2026-02-25) +- **MetaBlogizer HAProxy Stability** — DONE (2026-02-25) + - Fixed random 404 errors caused by multiple HAProxy instances + - Root cause: Both host and container HAProxy were listening on ports 80/443 + - Fix: Disabled host HAProxy service, container HAProxy is now sole handler + - Added auto-republish on upload for emancipated sites + - All sites (rfg, form, facb, plainte) now consistently return HTTP 200 + - **Factory Dashboard LuCI** — DONE (2026-02-25) - Added Factory tab to Cloning Station (`luci-app-cloner/overview.js`) - Discovery Mode Toggle with visual status (🟢 ON / 🔴 OFF) diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 633f98a6..05b86f29 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -432,7 +432,11 @@ "Bash(__NEW_LINE_a9089175728efc91__ echo \"\")", "WebFetch(domain:pent.gk2.secubox.in)", "Bash(__NEW_LINE_84a971cd6a876509__ echo \"Done deploying to clone\")", - "Bash(# Remove build artifacts from staging git reset HEAD -- package/secubox/zkp-hamiltonian/build-musl/ package/secubox/zkp-hamiltonian/build-static/ package/secubox/zkp-hamiltonian/build-x86/ # Add to gitignore echo \"\"package/secubox/zkp-hamiltonian/build-*/\"\" # Check status git status --short)" + "Bash(# Remove build artifacts from staging git reset HEAD -- package/secubox/zkp-hamiltonian/build-musl/ package/secubox/zkp-hamiltonian/build-static/ package/secubox/zkp-hamiltonian/build-x86/ # Add to gitignore echo \"\"package/secubox/zkp-hamiltonian/build-*/\"\" # Check status git status --short)", + "Bash(do if ping -c 1 -W 2 192.168.255.156)", + "Bash(break)", + "Bash(if ping -c 1 -W 3 192.168.255.156)", + "Bash(else)" ] } } diff --git a/package/secubox/luci-app-metablogizer/htdocs/luci-static/resources/view/metablogizer/dashboard.js b/package/secubox/luci-app-metablogizer/htdocs/luci-static/resources/view/metablogizer/dashboard.js index db0535f9..a9e52b70 100644 --- a/package/secubox/luci-app-metablogizer/htdocs/luci-static/resources/view/metablogizer/dashboard.js +++ b/package/secubox/luci-app-metablogizer/htdocs/luci-static/resources/view/metablogizer/dashboard.js @@ -136,6 +136,15 @@ return view.extend({ }, 'Auth'); } + // WAF badge (from site.waf_enabled returned by list_sites) + var wafBadge = ''; + if (site.waf_enabled) { + wafBadge = E('span', { + 'style': 'display:inline-block; padding:2px 6px; border-radius:4px; font-size:0.85em; background:#d1ecf1; color:#0c5460; margin-left:4px', + 'title': _('Traffic inspected by WAF (mitmproxy)') + }, 'WAF'); + } + // Domain link var domainEl; if (site.domain) { @@ -166,7 +175,8 @@ return view.extend({ // Exposure column E('td', { 'class': 'td' }, [ exposureBadge, - authBadge + authBadge, + wafBadge ]), // Actions column E('td', { 'class': 'td', 'style': 'text-align:center; white-space:nowrap' }, [ diff --git a/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer b/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer index 49557711..e54ff8b4 100755 --- a/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer +++ b/package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer @@ -312,6 +312,18 @@ _add_site() { fi fi + # Check WAF status (is site routed through mitmproxy_inspector?) + local waf_enabled="0" + local vhost_name=$(echo "$domain" | sed 's/[^a-zA-Z0-9]/_/g') + local vhost_backend=$(uci -q get "haproxy.${vhost_name}.backend" 2>/dev/null) + if [ "$vhost_backend" = "mitmproxy_inspector" ]; then + waf_enabled="1" + fi + + # Check emancipated status + local emancipated=$(uci -q get "${UCI_CONFIG}.${section}.emancipated" 2>/dev/null) + [ -z "$emancipated" ] && emancipated="0" + json_add_object json_add_string "id" "$section" json_add_string "name" "$name" @@ -326,6 +338,8 @@ _add_site() { [ -n "$port" ] && json_add_int "port" "$port" [ -n "$runtime" ] && json_add_string "runtime" "$runtime" json_add_boolean "backend_running" "$backend_running" + json_add_boolean "waf_enabled" "$waf_enabled" + json_add_boolean "emancipated" "$emancipated" # Tor hidden service info json_add_boolean "tor_enabled" "$(has_tor_service "$name" && echo 1 || echo 0)" @@ -1065,6 +1079,11 @@ method_upload_finalize() { fix_permissions "$site_path" # Auto-push to Gitea if configured (background, use site name not UCI section id) metablogizerctl gitea push "$name" >/dev/null 2>&1 & + # Auto-republish if site is emancipated (ensures HAProxy routing works after upload) + local is_emancipated=$(get_uci "$site_id" emancipated "0") + if [ "$is_emancipated" = "1" ]; then + metablogizerctl publish "$name" >/dev/null 2>&1 & + fi json_init json_add_boolean "success" 1 json_add_string "filename" "$filename"