gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(streamlit): CLI emancipate sets waf_enabled and uses container reload

Browse Source 
- streamlitctl emancipate now sets waf_enabled="1" in instance UCI
- _emancipate_reload() uses haproxyctl reload (container) instead of
  deprecated /etc/init.d/haproxy restart (host init script)
- Properly verifies LXC container status after reload
- Tested: test2.gk2.secubox.in emancipation successful with WAF

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-25 11:31:21 +01:00
parent 80c496b57e
commit 41d5fadf3f
2 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.claude/HISTORY.md
View File

@ -3592,3 +3592,15 @@ git checkout HEAD -- index.html
- **Files Modified:** - **Files Modified:**
- `luci-app-streamlit/root/usr/libexec/rpcd/luci.streamlit`: emancipate_instance, rename_app, rename_instance, get_exposure_status - `luci-app-streamlit/root/usr/libexec/rpcd/luci.streamlit`: emancipate_instance, rename_app, rename_instance, get_exposure_status
- `luci-app-streamlit/htdocs/luci-static/resources/view/streamlit/dashboard.js`: WAF badge display - `luci-app-streamlit/htdocs/luci-static/resources/view/streamlit/dashboard.js`: WAF badge display
33. **Streamlit CLI Emancipate Fix & Container Reload (2026-02-25)**
- **CLI Emancipate UCI Fix:**
- `streamlitctl emancipate` now sets `waf_enabled="1"` in instance UCI
- Previously only set `emancipated` and `domain`
- **Container-Aware Reload:**
- `_emancipate_reload()` now uses `haproxyctl reload` (container reload)
- Previously used deprecated `/etc/init.d/haproxy restart` (host init script)
- Properly verifies LXC container status after reload
- **Verified:** test2.gk2.secubox.in emancipation successful with WAF enabled
- **Files Modified:**
- `secubox-app-streamlit/files/usr/sbin/streamlitctl`: Added waf_enabled UCI field, use haproxyctl reload

19
package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl
View File

@ -1372,17 +1372,15 @@ _emancipate_mitmproxy() {
_emancipate_reload() { _emancipate_reload() {
log_info "[RELOAD] Applying HAProxy configuration" log_info "[RELOAD] Applying HAProxy configuration"
# Generate fresh config # Generate fresh config and reload container
haproxyctl generate 2>/dev/null haproxyctl generate 2>/dev/null
# Restart for clean state with new vhosts/certs log_info "[RELOAD] Reloading HAProxy container..."
log_info "[RELOAD] Restarting HAProxy for clean state..." haproxyctl reload 2>/dev/null
/etc/init.d/haproxy restart 2>/dev/null # Verify HAProxy container is running
sleep 1 if lxc-info -n haproxy -s 2>/dev/null | grep -q RUNNING; then
# Verify HAProxy is running log_info "[RELOAD] HAProxy container reloaded successfully"
if pgrep haproxy >/dev/null 2>&1; then
log_info "[RELOAD] HAProxy restarted successfully"
else else
log_warn "[RELOAD] HAProxy may not have started properly" log_warn "[RELOAD] HAProxy container may not be running properly"
fi fi
# Regenerate GK2 Hub landing page if generator exists # Regenerate GK2 Hub landing page if generator exists
@ -1594,10 +1592,11 @@ cmd_emancipate() {
# Step 8: Reload HAProxy # Step 8: Reload HAProxy
_emancipate_reload _emancipate_reload
# Mark app as emancipated # Mark instance as emancipated with WAF enabled
uci set ${CONFIG}.${name}.emancipated="1" uci set ${CONFIG}.${name}.emancipated="1"
uci set ${CONFIG}.${name}.emancipated_at="$(date -Iseconds)" uci set ${CONFIG}.${name}.emancipated_at="$(date -Iseconds)"
uci set ${CONFIG}.${name}.domain="$domain" uci set ${CONFIG}.${name}.domain="$domain"
uci set ${CONFIG}.${name}.waf_enabled="1"
uci commit ${CONFIG} uci commit ${CONFIG}
echo "" echo ""