gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(mitmproxy): Change WAF proxy port from 8889 to 8890

Browse Source 
Port 8889 conflicts with avatar-tap Streamlit service.
Updated mitmproxy-in instance to use port 8890 for HAProxy WAF routing.

Changes:
- UCI config: proxy_port and listen_port now default to 8890
- mitmproxyctl: Updated fallback defaults and documentation
- README: Updated architecture diagrams with correct port

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-07 11:13:42 +01:00
parent ee49126530
commit 640ceafa43
4 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/secubox/luci-app-mitmproxy/README.md
View File

@ -134,7 +134,7 @@ Route all HAProxy vhost traffic through mitmproxy for threat detection.
### Architecture
```
Internet → HAProxy (SSL termination) → mitmproxy :8889 → Actual Backends
Internet → HAProxy (SSL termination) → mitmproxy :8890 → Actual Backends
Threat Detection

6
package/secubox/secubox-app-mitmproxy/README.md
View File

@ -143,13 +143,13 @@ curl -sL "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.m
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Backend: mitmproxy_inspector (127.0.0.1:8889) │ │
│ │ Backend: mitmproxy_inspector (127.0.0.1:8890) │ │
│ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ mitmproxy LXC Container (port 8889) │
│ mitmproxy LXC Container (port 8890) │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ haproxy_router.py: Routes by Host header │ │
│ │ secubox_analytics.py: Threat detection │ │
@ -202,7 +202,7 @@ This generates `/srv/mitmproxy/haproxy-routes.json`:
mitmproxyctl haproxy-enable
# This will:
# 1. Create mitmproxy_inspector backend (127.0.0.1:8889)
# 1. Create mitmproxy_inspector backend (127.0.0.1:8890)
# 2. Store original backends in UCI (haproxy.$vhost.original_backend)
# 3. Redirect all vhosts through mitmproxy
# 4. Sync route mappings

4
package/secubox/secubox-app-mitmproxy/files/etc/config/mitmproxy
View File

@ -33,7 +33,7 @@ config instance 'in'
option enabled '1'
option description 'WAF/Reverse Proxy'
option container_name 'mitmproxy-in'
option proxy_port '8889'
option proxy_port '8890'
option web_port '8090'
option web_host '0.0.0.0'
option data_path '/srv/mitmproxy-in'
@ -154,7 +154,7 @@ config whitelist 'whitelist'
config haproxy_router 'haproxy_router'
option enabled '0'
# Port HAProxy sends traffic to
option listen_port '8889'
option listen_port '8890'
# Enable threat detection on HAProxy traffic
option threat_detection '1'
# Routes file (auto-generated from HAProxy UCI)

6
package/secubox/secubox-app-mitmproxy/files/usr/sbin/mitmproxyctl
View File

@ -64,7 +64,7 @@ Modes (configure per-instance):
Instance Ports (default):
out: proxy=8888, web=8089 (LAN->Internet)
in: proxy=8889, web=8090 (WAF/HAProxy backend)
in: proxy=8890, web=8090 (WAF/HAProxy backend)
Examples:
mitmproxyctl status out # Status of 'out' instance
@ -247,7 +247,7 @@ load_config() {
else
haproxy_router_enabled="$(uci_get haproxy_router.enabled || echo 0)"
fi
haproxy_listen_port="$(uci_get haproxy_router.listen_port || echo 8889)"
haproxy_listen_port="$(uci_get haproxy_router.listen_port || echo 8890)"
haproxy_threat_detection="$(uci_get haproxy_router.threat_detection || echo 1)"
haproxy_routes_file="$(uci_get haproxy_router.routes_file || echo /srv/mitmproxy/haproxy-routes.json)"
}
@ -669,7 +669,7 @@ FILTERING_ENABLED="${MITMPROXY_FILTERING_ENABLED:-0}"
# HAProxy router mode
HAPROXY_ROUTER_ENABLED="${MITMPROXY_HAPROXY_ROUTER_ENABLED:-0}"
HAPROXY_LISTEN_PORT="${MITMPROXY_HAPROXY_LISTEN_PORT:-8889}"
HAPROXY_LISTEN_PORT="${MITMPROXY_HAPROXY_LISTEN_PORT:-8890}"
HAPROXY_ROUTES_FILE="${MITMPROXY_HAPROXY_ROUTES_FILE:-/data/haproxy-routes.json}"
# Build args