From 74825b4373c7c8010cea849d1286875ea11947ea Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Sat, 7 Mar 2026 16:08:05 +0100 Subject: [PATCH] docs(WIP): Add HAProxy mitmproxy_inspector backend fix - Fixed missing server section in mitmproxy_inspector backend - Fixed lyrion vhost routing through WAF instead of direct backend - Fixed jellyfin route IP to container's veth address Co-Authored-By: Claude Opus 4.5 --- .claude/WIP.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.claude/WIP.md b/.claude/WIP.md index f8e117f8..f3ee20d7 100644 --- a/.claude/WIP.md +++ b/.claude/WIP.md @@ -1,6 +1,6 @@ # Work In Progress (Claude) -_Last updated: 2026-03-07 (lldh360 + cybaxe Vhosts Fix)_ +_Last updated: 2026-03-07 (HAProxy mitmproxy_inspector Fix)_ > **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches @@ -10,6 +10,20 @@ _Last updated: 2026-03-07 (lldh360 + cybaxe Vhosts Fix)_ ### 2026-03-07 +- **HAProxy mitmproxy_inspector Backend Fix** + - mitmproxy_inspector backend had NO server section (causing 503 for all WAF vhosts) + - Added UCI server section: `mitmproxy_inspector_srv` pointing to 192.168.255.1:8890 + - Fixed haproxyctl duplicate userlist warning and _emit_sorted_path_acls indentation + - All vhosts now correctly routing through WAF + +- **Lyrion Routing Fix** + - Changed lyrion vhost backend from `lyrion_web` to `mitmproxy_inspector` + - Was bypassing WAF, now properly routed through mitmproxy-in + +- **Jellyfin Route IP Fix** + - Fixed mitmproxy route: 192.168.255.1 → 192.168.255.31 (container's actual IP) + - Jellyfin container has dedicated veth interface on br-lan + - **lldh360.maegia.tv Routing Fix** - Fixed mitmproxy routes: 127.0.0.1 → 192.168.255.1 (all 187 routes updated) - Disabled SSL redirect (DNS record doesn't exist yet for ACME)