fix(publish): Ensure uhttpd instances created on publish/emancipate

Streamlit RPCD:
- Fix backend address: 127.0.0.1 -> 192.168.255.1 (host network)
- Remove waf_bypass=1 (all traffic through mitmproxy)
- Add mitmproxy sync-routes call
- Use wildcard cert for *.gk2.secubox.in domains
- Restart HAProxy instead of just reload

MetaBlogizer:
- Add uhttpd instance creation check in cmd_publish()
- Add uhttpd instance creation check in _emancipate_haproxy()
- Sites now auto-start on publish/emancipate

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/luci-app-streamlit/root/usr/libexec/rpcd/luci.streamlit

@@ -1625,24 +1625,23 @@ emancipate_instance() {
 	uci set "haproxy.${backend_name}.balance=roundrobin"
 	uci set "haproxy.${backend_name}.enabled=1"
 
-	# Add server
+	# Add server - use 192.168.255.1 (host network, not loopback)
 	uci set "haproxy.${backend_name}_srv=server"
 	uci set "haproxy.${backend_name}_srv.backend=${backend_name}"
 	uci set "haproxy.${backend_name}_srv.name=streamlit"
-	uci set "haproxy.${backend_name}_srv.address=127.0.0.1"
+	uci set "haproxy.${backend_name}_srv.address=192.168.255.1"
 	uci set "haproxy.${backend_name}_srv.port=${port}"
 	uci set "haproxy.${backend_name}_srv.weight=100"
 	uci set "haproxy.${backend_name}_srv.check=1"
 	uci set "haproxy.${backend_name}_srv.enabled=1"
 
-	# Create vhost
+	# Create vhost - NO waf_bypass (all traffic through mitmproxy)
 	uci set "haproxy.${vhost_section}=vhost"
 	uci set "haproxy.${vhost_section}.domain=${domain}"
 	uci set "haproxy.${vhost_section}.backend=${backend_name}"
 	uci set "haproxy.${vhost_section}.ssl=1"
 	uci set "haproxy.${vhost_section}.ssl_redirect=1"
 	uci set "haproxy.${vhost_section}.acme=1"
-	uci set "haproxy.${vhost_section}.waf_bypass=1"
 	uci set "haproxy.${vhost_section}.enabled=1"
 
 	# Create certificate entry
@@ -1653,12 +1652,24 @@ emancipate_instance() {
 
 	uci commit haproxy
 
-	# Regenerate and reload HAProxy
+	# Sync mitmproxy routes from HAProxy config
-	haproxyctl generate >/dev/null 2>&1
+	if command -v mitmproxyctl >/dev/null 2>&1; then
-	haproxyctl reload >/dev/null 2>&1
+		mitmproxyctl sync-routes >/dev/null 2>&1
+	fi
 
-	# Request certificate via ACME
+	# Regenerate and restart HAProxy for clean state
-	acmectl issue "$domain" >/dev/null 2>&1 &
+	haproxyctl generate >/dev/null 2>&1
+	/etc/init.d/haproxy restart >/dev/null 2>&1
+
+	# Request certificate via ACME (wildcard covers *.gk2.secubox.in)
+	case "$domain" in
+		*.gk2.secubox.in)
+			# Wildcard covers this domain
+			;;
+		*)
+			haproxyctl cert add "$domain" >/dev/null 2>&1 &
+			;;
+	esac
 
 	# Update instance UCI
 	uci set "${CONFIG}.${id}.emancipated=1"

package/secubox/secubox-app-metablogizer/files/usr/sbin/metablogizerctl

@@ -330,6 +330,13 @@ cmd_publish() {
 
 	log_info "Publishing $name to $domain"
 
+	# Ensure uhttpd instance exists
+	local existing_uhttpd=$(uci -q get uhttpd.metablogizer_${name})
+	if [ -z "$existing_uhttpd" ]; then
+		log_info "Creating uhttpd instance for $name on port $port"
+		_create_uhttpd_site "$name" "$port"
+	fi
+
 	# Create HAProxy backend
 	local backend_name="metablog_${name}"
 	uci set haproxy.${backend_name}=backend
@@ -803,6 +810,13 @@ _emancipate_haproxy() {
 
 	log_info "[HAPROXY] Creating vhost for $domain"
 
+	# Ensure uhttpd instance exists
+	local existing_uhttpd=$(uci -q get uhttpd.metablogizer_${name})
+	if [ -z "$existing_uhttpd" ]; then
+		log_info "[HAPROXY] Creating uhttpd instance for $name on port $port"
+		_create_uhttpd_site "$name" "$port"
+	fi
+
 	# Create backend
 	local backend_name="metablog_${name}"
 	uci set haproxy.${backend_name}=backend