From b6235df631424d5de54521e8bdf69b52894ec360 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Mon, 9 Feb 2026 06:38:03 +0100 Subject: [PATCH] docs(wip): Update HAProxy path ACL with sorting fix - Pattern length sorting ensures longest paths match first - Apex domain routing: secubox.in/gk2/** replaces *.gk2.secubox.in - Verified /gk2, /gk2/evolution, /gk2/control all routing correctly Co-Authored-By: Claude Opus 4.5 --- .claude/WIP.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.claude/WIP.md b/.claude/WIP.md index 8be2b6dc..83c9f729 100644 --- a/.claude/WIP.md +++ b/.claude/WIP.md @@ -1,6 +1,6 @@ # Work In Progress (Claude) -_Last updated: 2026-02-08 (night)_ +_Last updated: 2026-02-09 (early morning)_ > **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches @@ -83,13 +83,16 @@ _Last updated: 2026-02-08 (night)_ - 9 active backends documented - Wildcard certificate ready for mesh -- **HAProxy Path-Based ACL Routing** — DONE (2026-02-08) +- **HAProxy Path-Based ACL Routing** — DONE (2026-02-08/09) - Added `_add_path_acl()` function to haproxyctl for UCI `acl` sections - Support for path_beg, path_end, path, path_reg, path_dir match types - Path ACLs processed before vhost ACLs (higher priority) - Fixed http_request list handling to avoid duplicate output - - Enables `gk2.secubox.in/evolution` → `streamlit_evolution` routing - - Fixed stale HAProxy process using old config file + - **Pattern Length Sorting** (2026-02-09): ACLs now sorted by pattern length (longest first) + - Two-phase: `_collect_path_acl()` + `_emit_sorted_path_acls()` + - Ensures `/gk2/evolution` matches before `/gk2` + - Apex domain routing: `secubox.in/gk2/**` instead of `*.gk2.secubox.in` + - Tested: `/gk2`, `/gk2/evolution`, `/gk2/control` all routing correctly - **Gandi DNS Secondary Setup** — DONE (2026-02-08) - Configured BIND master to allow zone transfers to Gandi (217.70.177.40)