fix(streamlit): CLI emancipate sets waf_enabled and uses container reload

- streamlitctl emancipate now sets waf_enabled="1" in instance UCI - _emancipate_reload() uses haproxyctl reload (container) instead of deprecated /etc/init.d/haproxy restart (host init script) - Properly verifies LXC container status after reload - Tested: test2.gk2.secubox.in emancipation successful with WAF Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 11:31:21 +01:00 · 2026-02-25 11:31:21 +01:00 · 41d5fadf3f
commit 41d5fadf3f
parent 80c496b57e
2 changed files with 21 additions and 10 deletions
--- a/.claude/HISTORY.md
+++ b/.claude/HISTORY.md
@ -3592,3 +3592,15 @@ git checkout HEAD -- index.html
    - **Files Modified:**
      - `luci-app-streamlit/root/usr/libexec/rpcd/luci.streamlit`: emancipate_instance, rename_app, rename_instance, get_exposure_status
      - `luci-app-streamlit/htdocs/luci-static/resources/view/streamlit/dashboard.js`: WAF badge display
+
+33. **Streamlit CLI Emancipate Fix & Container Reload (2026-02-25)**
+    - **CLI Emancipate UCI Fix:**
+      - `streamlitctl emancipate` now sets `waf_enabled="1"` in instance UCI
+      - Previously only set `emancipated` and `domain`
+    - **Container-Aware Reload:**
+      - `_emancipate_reload()` now uses `haproxyctl reload` (container reload)
+      - Previously used deprecated `/etc/init.d/haproxy restart` (host init script)
+      - Properly verifies LXC container status after reload
+    - **Verified:** test2.gk2.secubox.in emancipation successful with WAF enabled
+    - **Files Modified:**
+      - `secubox-app-streamlit/files/usr/sbin/streamlitctl`: Added waf_enabled UCI field, use haproxyctl reload
--- a/package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl
+++ b/package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl
@ -1372,17 +1372,15 @@ _emancipate_mitmproxy() {

 _emancipate_reload() {
 	log_info "[RELOAD] Applying HAProxy configuration"
-	# Generate fresh config
+	# Generate fresh config and reload container
 	haproxyctl generate 2>/dev/null
-	# Restart for clean state with new vhosts/certs
-	log_info "[RELOAD] Restarting HAProxy for clean state..."
-	/etc/init.d/haproxy restart 2>/dev/null
-	sleep 1
-	# Verify HAProxy is running
-	if pgrep haproxy >/dev/null 2>&1; then
-		log_info "[RELOAD] HAProxy restarted successfully"
+	log_info "[RELOAD] Reloading HAProxy container..."
+	haproxyctl reload 2>/dev/null
+	# Verify HAProxy container is running
+	if lxc-info -n haproxy -s 2>/dev/null | grep -q RUNNING; then
+		log_info "[RELOAD] HAProxy container reloaded successfully"
 	else
-		log_warn "[RELOAD] HAProxy may not have started properly"
+		log_warn "[RELOAD] HAProxy container may not be running properly"
 	fi

 	# Regenerate GK2 Hub landing page if generator exists
@ -1594,10 +1592,11 @@ cmd_emancipate() {
 	# Step 8: Reload HAProxy
 	_emancipate_reload

-	# Mark app as emancipated
+	# Mark instance as emancipated with WAF enabled
 	uci set ${CONFIG}.${name}.emancipated="1"
 	uci set ${CONFIG}.${name}.emancipated_at="$(date -Iseconds)"
 	uci set ${CONFIG}.${name}.domain="$domain"
+	uci set ${CONFIG}.${name}.waf_enabled="1"
 	uci commit ${CONFIG}

 	echo ""