diff --git a/package/secubox/luci-app-haproxy/root/usr/libexec/rpcd/luci.haproxy b/package/secubox/luci-app-haproxy/root/usr/libexec/rpcd/luci.haproxy index c1f91509..b01c2016 100755 --- a/package/secubox/luci-app-haproxy/root/usr/libexec/rpcd/luci.haproxy +++ b/package/secubox/luci-app-haproxy/root/usr/libexec/rpcd/luci.haproxy @@ -1507,6 +1507,10 @@ method_list_exposed_services() { json_init json_add_array "services" + # Clear temp file for tracking known service ports + rm -f /tmp/.known_service_ports + touch /tmp/.known_service_ports + # Load known services from exposure config if uci -q show secubox-exposure >/dev/null 2>&1; then config_load "secubox-exposure" @@ -1515,16 +1519,21 @@ method_list_exposed_services() { # Also scan listening ports for dynamic discovery if command -v netstat >/dev/null 2>&1; then - netstat -tlnp 2>/dev/null | grep LISTEN | while read line; do + # Save netstat output to temp file to avoid subshell issues + netstat -tlnp 2>/dev/null | grep LISTEN > /tmp/.netstat_listen + while read line; do local addr_port=$(echo "$line" | awk '{print $4}') local port=$(echo "$addr_port" | awk -F: '{print $NF}') local proc=$(echo "$line" | awk '{print $7}' | cut -d'/' -f2) - # Skip if already added from known services or common system ports + # Skip common system ports case "$port" in 22|53|80|443|8404) continue ;; esac + # Skip if already added from known services + grep -q "^${port}$" /tmp/.known_service_ports 2>/dev/null && continue + # Only add if process name is useful if [ -n "$proc" ] && [ "$proc" != "-" ] && [ "$proc" != "unknown" ]; then json_add_object @@ -1534,22 +1543,30 @@ method_list_exposed_services() { json_add_string "address" "127.0.0.1" json_add_string "category" "detected" json_add_boolean "dynamic" 1 + json_add_boolean "running" 1 json_close_object fi - done + done < /tmp/.netstat_listen + rm -f /tmp/.netstat_listen fi + # Cleanup + rm -f /tmp/.known_service_ports + json_close_array json_dump } _add_exposed_service() { local section="$1" - local default_port config_path category actual_port + local default_port config_path config_file category process_name description actual_port running config_get default_port "$section" default_port "" config_get config_path "$section" config_path "" + config_get config_file "$section" config_file "" config_get category "$section" category "app" + config_get process_name "$section" process_name "" + config_get description "$section" description "" [ -z "$default_port" ] && return @@ -1560,6 +1577,21 @@ _add_exposed_service() { [ -n "$configured_port" ] && actual_port="$configured_port" fi + # For YAML config files, try to extract port (e.g., AdGuardHome) + if [ -n "$config_file" ] && [ -f "$config_file" ]; then + local yaml_port=$(grep -E "^\s*port:\s*[0-9]+" "$config_file" 2>/dev/null | head -1 | awk '{print $2}') + [ -n "$yaml_port" ] && actual_port="$yaml_port" + fi + + # Check if service is running by process name + running=0 + if [ -n "$process_name" ]; then + pgrep -f "$process_name" >/dev/null 2>&1 && running=1 + fi + + # Track known service ports for dedup (stored in temp file) + echo "$actual_port" >> /tmp/.known_service_ports + json_add_object json_add_string "id" "$section" json_add_string "name" "$section" @@ -1567,6 +1599,9 @@ _add_exposed_service() { json_add_string "address" "127.0.0.1" json_add_string "category" "$category" json_add_boolean "dynamic" 0 + json_add_boolean "running" "$running" + [ -n "$description" ] && json_add_string "description" "$description" + [ -n "$process_name" ] && json_add_string "process" "$process_name" json_close_object } diff --git a/package/secubox/secubox-app-exposure/files/etc/config/secubox-exposure b/package/secubox/secubox-app-exposure/files/etc/config/secubox-exposure index 7912cebf..2a59750b 100644 --- a/package/secubox/secubox-app-exposure/files/etc/config/secubox-exposure +++ b/package/secubox/secubox-app-exposure/files/etc/config/secubox-exposure @@ -52,6 +52,13 @@ config known 'domoticz' option config_type 'docker' option category 'app' +config known 'adguardhome' + option default_port '3000' + option config_file '/etc/adguardhome.yaml' + option process_name 'AdGuardHome' + option category 'security' + option description 'DNS filtering and ad blocking' + # Service exposure entries (dynamically managed) # Example: # config service 'gitea'