secubox-openwrt

gandalf/secubox-openwrt

Fork 0

Commit Graph

Author	SHA1	Message	Date
CyberMind-FR	684673d714	fix(emancipate): Direct mitmproxy route registration on emancipation Previously, emancipation relied on secubox-route or mitmproxyctl sync-routes which didn't reliably add routes to haproxy-routes.json. This caused newly emancipated services to return 404 from mitmproxy. Changes: - streamlitctl: Direct JSON write as primary method for route registration - metablogizerctl: Direct JSON write as primary method - peertubectl: Direct JSON write as primary method - pinaforectl: Direct JSON write + route through mitmproxy_inspector for WAF All emancipation flows now directly write to /srv/mitmproxy-in/haproxy-routes.json using Python, with secubox-route and mitmproxyctl as fallbacks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-03 16:38:30 +01:00
CyberMind-FR	19632e38e0	feat(routing): Centralize mitmproxy route management in secubox-core Add centralized route registry (`secubox-route`) in secubox-core to eliminate route management duplication across metablogizerctl, streamlitctl, and mitmproxyctl. New features: - `/etc/config/secubox-routes` - UCI config for central route registry - `/usr/sbin/secubox-route` - CLI for route management (add, remove, sync) - Import routes from HAProxy, MetaBlogizer, Streamlit with source tracking - Auto-sync to all mitmproxy instances on route changes - Skip wildcard domains and LuCI (port 8081) routes Updated services to use centralized registry: - metablogizerctl: Use secubox-route add instead of mitmproxyctl sync - streamlitctl: Use secubox-route add with domain/port params - peertubectl: Use secubox-route add for emancipation - vhost-manager/mitmproxy.sh: Prefer secubox-route when available - mitmproxyctl: Delegate to secubox-route import-all for sync-routes This prevents route mixups between services and provides a single source of truth for all WAF routing configuration. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-28 08:56:04 +01:00
CyberMind-FR	dcc34c8bf6	feat(peertube): Add PeerTube video platform package New secubox-app-peertube package for self-hosted video streaming: - LXC Debian container with PostgreSQL, Redis, Node.js, FFmpeg - peertubectl control script with install/update/emancipate commands - UCI configuration for server, transcoding, live streaming, storage - procd init script with respawn support - HAProxy integration with WebSocket and extended timeouts - RTMP live streaming support (optional) - S3/object storage support (configurable) - Admin commands for user management - Backup/restore functionality Commands: peertubectl install - Create LXC container with full stack peertubectl emancipate <domain> - Full exposure with HAProxy + ACME peertubectl admin create-user - Create user accounts peertubectl live enable - Enable RTMP live streaming peertubectl backup/restore - Database backup Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-15 05:43:22 +01:00

Author

SHA1

Message

Date

CyberMind-FR

684673d714

fix(emancipate): Direct mitmproxy route registration on emancipation

Previously, emancipation relied on secubox-route or mitmproxyctl sync-routes
which didn't reliably add routes to haproxy-routes.json. This caused newly
emancipated services to return 404 from mitmproxy.

Changes:
- streamlitctl: Direct JSON write as primary method for route registration
- metablogizerctl: Direct JSON write as primary method
- peertubectl: Direct JSON write as primary method
- pinaforectl: Direct JSON write + route through mitmproxy_inspector for WAF

All emancipation flows now directly write to /srv/mitmproxy-in/haproxy-routes.json
using Python, with secubox-route and mitmproxyctl as fallbacks.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-03-03 16:38:30 +01:00

CyberMind-FR

19632e38e0

feat(routing): Centralize mitmproxy route management in secubox-core

Add centralized route registry (`secubox-route`) in secubox-core to eliminate
route management duplication across metablogizerctl, streamlitctl, and
mitmproxyctl.

New features:
- `/etc/config/secubox-routes` - UCI config for central route registry
- `/usr/sbin/secubox-route` - CLI for route management (add, remove, sync)
- Import routes from HAProxy, MetaBlogizer, Streamlit with source tracking
- Auto-sync to all mitmproxy instances on route changes
- Skip wildcard domains and LuCI (port 8081) routes

Updated services to use centralized registry:
- metablogizerctl: Use secubox-route add instead of mitmproxyctl sync
- streamlitctl: Use secubox-route add with domain/port params
- peertubectl: Use secubox-route add for emancipation
- vhost-manager/mitmproxy.sh: Prefer secubox-route when available
- mitmproxyctl: Delegate to secubox-route import-all for sync-routes

This prevents route mixups between services and provides a single
source of truth for all WAF routing configuration.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-28 08:56:04 +01:00

CyberMind-FR

dcc34c8bf6

feat(peertube): Add PeerTube video platform package

New secubox-app-peertube package for self-hosted video streaming:

- LXC Debian container with PostgreSQL, Redis, Node.js, FFmpeg
- peertubectl control script with install/update/emancipate commands
- UCI configuration for server, transcoding, live streaming, storage
- procd init script with respawn support
- HAProxy integration with WebSocket and extended timeouts
- RTMP live streaming support (optional)
- S3/object storage support (configurable)
- Admin commands for user management
- Backup/restore functionality

Commands:
  peertubectl install              - Create LXC container with full stack
  peertubectl emancipate <domain>  - Full exposure with HAProxy + ACME
  peertubectl admin create-user    - Create user accounts
  peertubectl live enable          - Enable RTMP live streaming
  peertubectl backup/restore       - Database backup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-15 05:43:22 +01:00

3 Commits