fix(metablogizer): Add vhost creation for chunked upload methods
Both create_site_from_upload and upload_and_create_site were missing HAProxy vhost creation step (step 8 from create_site method). Changes: - Add vhost creation with backend=mitmproxy_inspector for WAF routing - Add mitmproxy route to /srv/mitmproxy-in/haproxy-routes.json - Apply same fix to original create_site method for consistency This ensures all MetaBlogizer uploaded sites are immediately accessible via HTTPS and all traffic passes through WAF inspection. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
011b59892a
commit
a0ac5e1a16
@ -3088,3 +3088,12 @@ git checkout HEAD -- index.html
|
||||
- Installed Node.js (20.20.0) for yt-dlp JavaScript runtime support
|
||||
- Verified end-to-end import flow: YouTube → download → subtitles → PeerTube upload
|
||||
|
||||
|
||||
32. **MetaBlogizer Vhost Auto-Creation Fix (2026-02-22)**
|
||||
- Fixed `create_site_from_upload` and `upload_and_create_site` methods missing HAProxy vhost creation.
|
||||
- All three site creation methods now:
|
||||
- Create HAProxy backend + server (direct to uhttpd port)
|
||||
- Create HAProxy vhost pointing to `mitmproxy_inspector` (WAF routing)
|
||||
- Add mitmproxy route in `/srv/mitmproxy-in/haproxy-routes.json`
|
||||
- Ensures all MetaBlogizer sites go through WAF inspection (security policy compliance).
|
||||
- Uploaded sites now immediately accessible via HTTPS domain.
|
||||
|
||||
@ -423,20 +423,34 @@ EOF
|
||||
uci set "haproxy.$server_name.check=1"
|
||||
uci set "haproxy.$server_name.enabled=1"
|
||||
|
||||
# 8. Create HAProxy vhost
|
||||
# 8. Create HAProxy vhost (route through mitmproxy WAF)
|
||||
local vhost_name=$(echo "$domain" | sed 's/[^a-zA-Z0-9]/_/g')
|
||||
local acme_val="0"
|
||||
[ "$ssl" = "1" ] && acme_val="1"
|
||||
|
||||
uci set "haproxy.$vhost_name=vhost"
|
||||
uci set "haproxy.$vhost_name.domain=$domain"
|
||||
uci set "haproxy.$vhost_name.backend=$backend_name"
|
||||
uci set "haproxy.$vhost_name.backend=mitmproxy_inspector"
|
||||
uci set "haproxy.$vhost_name.ssl=$ssl"
|
||||
uci set "haproxy.$vhost_name.ssl_redirect=$ssl"
|
||||
uci set "haproxy.$vhost_name.acme=$acme_val"
|
||||
uci set "haproxy.$vhost_name.enabled=1"
|
||||
uci commit haproxy
|
||||
|
||||
# Add mitmproxy route for WAF inspection
|
||||
local routes_file="/srv/mitmproxy-in/haproxy-routes.json"
|
||||
if [ -f "$routes_file" ]; then
|
||||
# Add route: domain -> [server_address, server_port]
|
||||
local tmp_routes="/tmp/routes_update_$$.json"
|
||||
jsonfilter -i "$routes_file" -e '@' 2>/dev/null | \
|
||||
sed "s/}$/,\"$domain\":[\"$server_address\",$server_port]}/" > "$tmp_routes" 2>/dev/null
|
||||
if [ -s "$tmp_routes" ]; then
|
||||
mv "$tmp_routes" "$routes_file"
|
||||
else
|
||||
rm -f "$tmp_routes"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Regenerate HAProxy config and reload
|
||||
reload_haproxy &
|
||||
haproxy_configured=1
|
||||
@ -1094,7 +1108,32 @@ EOF
|
||||
uci set "haproxy.$server_name.check=1"
|
||||
uci set "haproxy.$server_name.enabled=1"
|
||||
|
||||
# Create HAProxy vhost (route through mitmproxy WAF)
|
||||
local vhost_name=$(echo "$domain" | sed 's/[^a-zA-Z0-9]/_/g')
|
||||
uci set "haproxy.$vhost_name=vhost"
|
||||
uci set "haproxy.$vhost_name.domain=$domain"
|
||||
uci set "haproxy.$vhost_name.backend=mitmproxy_inspector"
|
||||
uci set "haproxy.$vhost_name.ssl=1"
|
||||
uci set "haproxy.$vhost_name.ssl_redirect=1"
|
||||
uci set "haproxy.$vhost_name.acme=1"
|
||||
uci set "haproxy.$vhost_name.enabled=1"
|
||||
|
||||
uci commit haproxy
|
||||
|
||||
# Add mitmproxy route for WAF inspection
|
||||
local routes_file="/srv/mitmproxy-in/haproxy-routes.json"
|
||||
if [ -f "$routes_file" ]; then
|
||||
# Add route: domain -> [server_address, port]
|
||||
local tmp_routes="/tmp/routes_update_$$.json"
|
||||
jsonfilter -i "$routes_file" -e '@' 2>/dev/null | \
|
||||
sed "s/}$/,\"$domain\":[\"$server_address\",$port]}/" > "$tmp_routes" 2>/dev/null
|
||||
if [ -s "$tmp_routes" ]; then
|
||||
mv "$tmp_routes" "$routes_file"
|
||||
else
|
||||
rm -f "$tmp_routes"
|
||||
fi
|
||||
fi
|
||||
|
||||
reload_haproxy &
|
||||
fi
|
||||
|
||||
@ -1866,7 +1905,32 @@ EOF
|
||||
uci set "haproxy.$server_name.check=1"
|
||||
uci set "haproxy.$server_name.enabled=1"
|
||||
|
||||
# Create HAProxy vhost (route through mitmproxy WAF)
|
||||
local vhost_name=$(echo "$domain" | sed 's/[^a-zA-Z0-9]/_/g')
|
||||
uci set "haproxy.$vhost_name=vhost"
|
||||
uci set "haproxy.$vhost_name.domain=$domain"
|
||||
uci set "haproxy.$vhost_name.backend=mitmproxy_inspector"
|
||||
uci set "haproxy.$vhost_name.ssl=1"
|
||||
uci set "haproxy.$vhost_name.ssl_redirect=1"
|
||||
uci set "haproxy.$vhost_name.acme=1"
|
||||
uci set "haproxy.$vhost_name.enabled=1"
|
||||
|
||||
uci commit haproxy
|
||||
|
||||
# Add mitmproxy route for WAF inspection
|
||||
local routes_file="/srv/mitmproxy-in/haproxy-routes.json"
|
||||
if [ -f "$routes_file" ]; then
|
||||
# Add route: domain -> [server_address, port]
|
||||
local tmp_routes="/tmp/routes_update_$$.json"
|
||||
jsonfilter -i "$routes_file" -e '@' 2>/dev/null | \
|
||||
sed "s/}$/,\"$domain\":[\"$server_address\",$port]}/" > "$tmp_routes" 2>/dev/null
|
||||
if [ -s "$tmp_routes" ]; then
|
||||
mv "$tmp_routes" "$routes_file"
|
||||
else
|
||||
rm -f "$tmp_routes"
|
||||
fi
|
||||
fi
|
||||
|
||||
reload_haproxy &
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user