gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(haproxy): Add End of Internet fallback page and http-request support

Browse Source 
- Create cyberpunk-style End of Internet page for unknown domains
- Add http-request UCI option support in haproxyctl generator
- Support path rewriting backends with http-request set-path
- Configure end_of_internet as default backend for both frontends
- Update docs with HAProxy enhancements (entry #59)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-07 05:37:39 +01:00
parent e25509cb90
commit 82fb9c7d42
4 changed files with 59 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.claude/HISTORY.md
View File

@ -1,6 +1,6 @@
# SecuBox UI & Theme History # SecuBox UI & Theme History
_Last updated: 2026-02-06_ _Last updated: 2026-02-07_
1. **Unified Dashboard Refresh (2025-12-20)** 1. **Unified Dashboard Refresh (2025-12-20)**
- Dashboard received the "sh-page-header" layout, hero stats, and SecuNav top tabs. - Dashboard received the "sh-page-header" layout, hero stats, and SecuNav top tabs.
@ -885,3 +885,22 @@ _Last updated: 2026-02-06_
- Integrated into secubox-core daemon startup (vhost init after 5s delay) - Integrated into secubox-core daemon startup (vhost init after 5s delay)
- Added to uci-defaults for firstboot initialization - Added to uci-defaults for firstboot initialization
- Updated Makefile to install `secubox-vhost` script - Updated Makefile to install `secubox-vhost` script
59. **HAProxy "End of Internet" Default Page & http-request Support (2026-02-07)**
- **End of Internet Page** (`/www/end-of-internet.html`):
- Cyberpunk-style fallback page for unknown/unmatched domains
- Animated matrix rain effect, glitch text, ASCII art logo
- Real-time packet counter animation
- Displays "REALITY NOT FOUND" error for unregistered domains
- Fetches live stats from `/secubox-status.json` if available
- **HAProxy Generator Enhancements** (`haproxyctl`):
- Added `http-request` UCI option support for backends
- Supports both single value and list of http-request directives
- Static backends (http-request return) skip server config
- Path-rewriting backends (http-request set-path) include servers
- Backend validation: rejects IP:port format in backend names
- **Default Backend Configuration**:
- Set `end_of_internet` as default_backend for both HTTP and HTTPS frontends
- Uses http-request set-path to serve /end-of-internet.html via uhttpd
- Deployed page to /srv/haproxy for container access
- **Commits**: e25509cb (backend validation), this session (http-request support)

2
.claude/TODO.md
View File

@ -185,7 +185,7 @@ All cloud providers are **opt-in**. Offline resilience: local tier always active
### v1.0.0 — Full Stack ### v1.0.0 — Full Stack
- [ ] Config Advisor (ANSSI prep) - [x] Config Advisor (ANSSI prep) — Done 2026-02-07
- [ ] P2P Mesh Intelligence - [ ] P2P Mesh Intelligence
- [ ] Factory auto-provisioning - [ ] Factory auto-provisioning
- [ ] VoIP integration - [ ] VoIP integration

9
.claude/settings.local.json
View File

@ -286,7 +286,14 @@
"Bash(recipient table\" errors because Postfix treated the domain as local\ninstead of virtual.\n\nChanges:\n- Remove $mydomain from mydestination in setup.sh\n- Update fix-postfix command to also fix this issue\n- Ensure vdomains file is properly created\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")", "Bash(recipient table\" errors because Postfix treated the domain as local\ninstead of virtual.\n\nChanges:\n- Remove $mydomain from mydestination in setup.sh\n- Update fix-postfix command to also fix this issue\n- Ensure vdomains file is properly created\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
"Bash(git -C /home/reepost/CyberMindStudio/secubox-openwrt commit -m \"$\\(cat <<''EOF''\ndocs: Document mail port hijacking fix\n\nFirewall DNAT rules were redirecting ALL port 993/587/465 traffic\nto local mailserver, blocking external mail server connections.\n\nFix: Add -i $WAN_IF to only redirect inbound WAN traffic.\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")", "Bash(git -C /home/reepost/CyberMindStudio/secubox-openwrt commit -m \"$\\(cat <<''EOF''\ndocs: Document mail port hijacking fix\n\nFirewall DNAT rules were redirecting ALL port 993/587/465 traffic\nto local mailserver, blocking external mail server connections.\n\nFix: Add -i $WAN_IF to only redirect inbound WAN traffic.\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
"Bash(git -C /home/reepost/CyberMindStudio/secubox-openwrt commit -m \"$\\(cat <<''EOF''\nfeat\\(vortex-dns\\): Add LuCI dashboard for mesh DNS management\n\nNew package: luci-app-vortex-dns\n- Dashboard showing mode, status, sync info\n- Master section with delegated zones table\n- Slave section with parent master info\n- Mesh peers section with online status\n- Actions: Initialize master, Join slave, Delegate zone, Mesh sync\n- RPCD handler with 8 methods\n\nAlso fixes:\n- Mail port hijacking: WAN-only DNAT rules\n- Threat-analyst LocalAI port: 8081 → 8091\n- Domoticz password reset\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")", "Bash(git -C /home/reepost/CyberMindStudio/secubox-openwrt commit -m \"$\\(cat <<''EOF''\nfeat\\(vortex-dns\\): Add LuCI dashboard for mesh DNS management\n\nNew package: luci-app-vortex-dns\n- Dashboard showing mode, status, sync info\n- Master section with delegated zones table\n- Slave section with parent master info\n- Mesh peers section with online status\n- Actions: Initialize master, Join slave, Delegate zone, Mesh sync\n- RPCD handler with 8 methods\n\nAlso fixes:\n- Mail port hijacking: WAN-only DNAT rules\n- Threat-analyst LocalAI port: 8081 → 8091\n- Domoticz password reset\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
"Bash(git -C /home/reepost/CyberMindStudio/secubox-openwrt commit -m \"$\\(cat <<''EOF''\nfeat\\(domoticz\\): Add password reset via RPCD\n\nNew RPCD method: reset_password\n- Resets Domoticz admin password via SQLite\n- Accessible from LuCI dashboard\n- MD5 hashes the password before storing\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")" "Bash(git -C /home/reepost/CyberMindStudio/secubox-openwrt commit -m \"$\\(cat <<''EOF''\nfeat\\(domoticz\\): Add password reset via RPCD\n\nNew RPCD method: reset_password\n- Resets Domoticz admin password via SQLite\n- Accessible from LuCI dashboard\n- MD5 hashes the password before storing\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
"Bash(git remote set-url:*)",
"Bash(git bundle:*)",
"Bash(TOKEN=\"df72316e404f77bc0cf8068ee4833892da13c1ced50d56a4f8bb19fc991c8674\")",
"WebFetch(domain:evolution.gk2.secubox.in)",
"WebFetch(domain:console.gk2.secubox.in)",
"Bash(SCRIPT)",
"Bash(tcpdump:*)"
] ]
} }
} }

31
package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
View File

@ -624,7 +624,7 @@ EOF
_generate_backend() { _generate_backend() {
local section="$1" local section="$1"
local enabled name mode balance health_check health_check_uri local enabled name mode balance health_check health_check_uri http_request
config_get enabled "$section" enabled "0" config_get enabled "$section" enabled "0"
[ "$enabled" = "1" ] || return [ "$enabled" = "1" ] || return
@ -641,6 +641,35 @@ _generate_backend() {
echo "" echo ""
echo "backend $name" echo "backend $name"
echo " mode $mode" echo " mode $mode"
# Check for http-request directives
# Support both single value and list
local http_request_val=""
config_get http_request_val "$section" http_request ""
if [ -n "$http_request_val" ]; then
# Single http-request option set
echo " http-request $http_request_val"
# If it's a "return" directive, this is a static backend - skip servers
case "$http_request_val" in
return*) return ;;
esac
fi
# Also check for list values (http_request as list)
local has_http_request_return=0
_emit_and_check_http_request() {
local val="$1"
echo " http-request $val"
case "$val" in
return*) has_http_request_return=1 ;;
esac
}
config_list_foreach "$section" http_request _emit_and_check_http_request
# If any http-request was a "return" directive, skip servers
[ "$has_http_request_return" = "1" ] && return
echo " balance $balance" echo " balance $balance"
# Health check configuration # Health check configuration