gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(mitmproxy): Change WAF proxy port from 8889 to 8890

Browse Source 
Port 8889 conflicts with avatar-tap Streamlit service.
Updated mitmproxy-in instance to use port 8890 for HAProxy WAF routing.

Changes:
- UCI config: proxy_port and listen_port now default to 8890
- mitmproxyctl: Updated fallback defaults and documentation
- README: Updated architecture diagrams with correct port

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-07 11:13:42 +01:00
parent ee49126530
commit 640ceafa43
4 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/secubox/luci-app-mitmproxy/README.md
View File

@ -134,7 +134,7 @@ Route all HAProxy vhost traffic through mitmproxy for threat detection.
### Architecture ### Architecture
``` ```
Internet → HAProxy (SSL termination) → mitmproxy :8889 → Actual Backends Internet → HAProxy (SSL termination) → mitmproxy :8890 → Actual Backends
Threat Detection Threat Detection

6
package/secubox/secubox-app-mitmproxy/README.md
View File

@ -143,13 +143,13 @@ curl -sL "https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.m
│ │ │ │ │ │
│ ▼ │ │ ▼ │
│ ┌─────────────────────────────────────────────────────────┐ │ │ ┌─────────────────────────────────────────────────────────┐ │
│ │ Backend: mitmproxy_inspector (127.0.0.1:8889) │ │ │ │ Backend: mitmproxy_inspector (127.0.0.1:8890) │ │
│ └─────────────────────────────────────────────────────────┘ │ │ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘ └─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐ ┌─────────────────────────────────────────────────────────────────┐
│ mitmproxy LXC Container (port 8889) │ │ mitmproxy LXC Container (port 8890) │
│ ┌─────────────────────────────────────────────────────────┐ │ │ ┌─────────────────────────────────────────────────────────┐ │
│ │ haproxy_router.py: Routes by Host header │ │ │ │ haproxy_router.py: Routes by Host header │ │
│ │ secubox_analytics.py: Threat detection │ │ │ │ secubox_analytics.py: Threat detection │ │
@ -202,7 +202,7 @@ This generates `/srv/mitmproxy/haproxy-routes.json`:
mitmproxyctl haproxy-enable mitmproxyctl haproxy-enable
# This will: # This will:
# 1. Create mitmproxy_inspector backend (127.0.0.1:8889) # 1. Create mitmproxy_inspector backend (127.0.0.1:8890)
# 2. Store original backends in UCI (haproxy.$vhost.original_backend) # 2. Store original backends in UCI (haproxy.$vhost.original_backend)
# 3. Redirect all vhosts through mitmproxy # 3. Redirect all vhosts through mitmproxy
# 4. Sync route mappings # 4. Sync route mappings

4
package/secubox/secubox-app-mitmproxy/files/etc/config/mitmproxy
View File

@ -33,7 +33,7 @@ config instance 'in'
option enabled '1' option enabled '1'
option description 'WAF/Reverse Proxy' option description 'WAF/Reverse Proxy'
option container_name 'mitmproxy-in' option container_name 'mitmproxy-in'
option proxy_port '8889' option proxy_port '8890'
option web_port '8090' option web_port '8090'
option web_host '0.0.0.0' option web_host '0.0.0.0'
option data_path '/srv/mitmproxy-in' option data_path '/srv/mitmproxy-in'
@ -154,7 +154,7 @@ config whitelist 'whitelist'
config haproxy_router 'haproxy_router' config haproxy_router 'haproxy_router'
option enabled '0' option enabled '0'
# Port HAProxy sends traffic to # Port HAProxy sends traffic to
option listen_port '8889' option listen_port '8890'
# Enable threat detection on HAProxy traffic # Enable threat detection on HAProxy traffic
option threat_detection '1' option threat_detection '1'
# Routes file (auto-generated from HAProxy UCI) # Routes file (auto-generated from HAProxy UCI)

6
package/secubox/secubox-app-mitmproxy/files/usr/sbin/mitmproxyctl
View File

@ -64,7 +64,7 @@ Modes (configure per-instance):
Instance Ports (default): Instance Ports (default):
out: proxy=8888, web=8089 (LAN->Internet) out: proxy=8888, web=8089 (LAN->Internet)
in: proxy=8889, web=8090 (WAF/HAProxy backend) in: proxy=8890, web=8090 (WAF/HAProxy backend)
Examples: Examples:
mitmproxyctl status out # Status of 'out' instance mitmproxyctl status out # Status of 'out' instance
@ -247,7 +247,7 @@ load_config() {
else else
haproxy_router_enabled="$(uci_get haproxy_router.enabled || echo 0)" haproxy_router_enabled="$(uci_get haproxy_router.enabled || echo 0)"
fi fi
haproxy_listen_port="$(uci_get haproxy_router.listen_port || echo 8889)" haproxy_listen_port="$(uci_get haproxy_router.listen_port || echo 8890)"
haproxy_threat_detection="$(uci_get haproxy_router.threat_detection || echo 1)" haproxy_threat_detection="$(uci_get haproxy_router.threat_detection || echo 1)"
haproxy_routes_file="$(uci_get haproxy_router.routes_file || echo /srv/mitmproxy/haproxy-routes.json)" haproxy_routes_file="$(uci_get haproxy_router.routes_file || echo /srv/mitmproxy/haproxy-routes.json)"
} }
@ -669,7 +669,7 @@ FILTERING_ENABLED="${MITMPROXY_FILTERING_ENABLED:-0}"
# HAProxy router mode # HAProxy router mode
HAPROXY_ROUTER_ENABLED="${MITMPROXY_HAPROXY_ROUTER_ENABLED:-0}" HAPROXY_ROUTER_ENABLED="${MITMPROXY_HAPROXY_ROUTER_ENABLED:-0}"
HAPROXY_LISTEN_PORT="${MITMPROXY_HAPROXY_LISTEN_PORT:-8889}" HAPROXY_LISTEN_PORT="${MITMPROXY_HAPROXY_LISTEN_PORT:-8890}"
HAPROXY_ROUTES_FILE="${MITMPROXY_HAPROXY_ROUTES_FILE:-/data/haproxy-routes.json}" HAPROXY_ROUTES_FILE="${MITMPROXY_HAPROXY_ROUTES_FILE:-/data/haproxy-routes.json}"
# Build args # Build args