Build [v1.14.21]
This commit is contained in:
@@ -1,3 +1,3 @@
|
|||||||
836417
|
5397
|
||||||
836418
|
5398
|
||||||
836432
|
5414
|
||||||
|
|||||||
@@ -5,6 +5,7 @@
|
|||||||
local_certs
|
local_certs
|
||||||
skip_install_trust
|
skip_install_trust
|
||||||
auto_https disable_redirects
|
auto_https disable_redirects
|
||||||
|
|
||||||
on_demand_tls {
|
on_demand_tls {
|
||||||
ask http://localhost:8916/
|
ask http://localhost:8916/
|
||||||
}
|
}
|
||||||
|
|||||||
BIN
backups/ainventory_2026-04-23_15-36-20.tar.gz
Normal file
BIN
backups/ainventory_2026-04-23_15-36-20.tar.gz
Normal file
Binary file not shown.
@@ -1,41 +1,58 @@
|
|||||||
# TFM aInventory - Caddy Patched IP Configuration
|
# TFM aInventory - Standalone Caddy Configuration
|
||||||
# Version 1.9.17 - The Dynamic Shield (Production Polish)
|
# Self-signed SSL/TLS reverse proxy for any IP/hostname
|
||||||
{
|
{
|
||||||
admin off
|
admin off
|
||||||
local_certs
|
local_certs
|
||||||
local_certs
|
|
||||||
skip_install_trust
|
skip_install_trust
|
||||||
auto_https disable_redirects
|
auto_https disable_redirects
|
||||||
# Configure on-demand TLS for private network IPs
|
|
||||||
on_demand_tls {
|
on_demand_tls {
|
||||||
ask http://localhost:8916/
|
ask http://localhost:8916/
|
||||||
# This allows Caddy to generate internal certs for any IP/domain.
|
}
|
||||||
ask http://backend:8000/
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Dynamic HTTPS Frontend (port 8919) - Matches ANY IP or hostname
|
# Dynamic HTTPS Frontend (port 8919) - Matches ANY IP or hostname
|
||||||
https:// {
|
https://:8919 {
|
||||||
tls internal {
|
tls internal {
|
||||||
on_demand
|
on_demand
|
||||||
}
|
}
|
||||||
|
|
||||||
reverse_proxy frontend:3000
|
# Next.js HMR Support (WebSocket)
|
||||||
|
handle /_next/webpack-hmr {
|
||||||
header {
|
reverse_proxy http://localhost:8917 {
|
||||||
|
header_up Upgrade {>Upgrade}
|
||||||
|
header_up Connection {>Connection}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy http://localhost:8917 {
|
||||||
|
header_up X-Forwarded-For {remote_host}
|
||||||
|
header_up X-Forwarded-Proto https
|
||||||
|
header_up X-Forwarded-Host {host}
|
||||||
|
}
|
||||||
|
|
||||||
|
header {
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
X-XSS-Protection "1; mode=block"
|
X-XSS-Protection "1; mode=block"
|
||||||
X-Frame-Options "SAMEORIGIN"
|
X-Frame-Options "SAMEORIGIN"
|
||||||
X-Frame-Options "SAMEORIGIN"
|
|
||||||
Referrer-Policy "strict-origin-when-cross-origin"
|
Referrer-Policy "strict-origin-when-cross-origin"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Dynamic HTTPS Backend (port 8918) - Matches ANY IP or hostname
|
# Dynamic HTTPS Backend (port 8918) - Matches ANY IP or hostname
|
||||||
https://:444 {
|
https://:8918 {
|
||||||
tls internal {
|
tls internal {
|
||||||
on_demand
|
on_demand
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
reverse_proxy http://localhost:8916 {
|
||||||
|
header_up X-Forwarded-For {remote_host}
|
||||||
|
header_up X-Forwarded-Proto https
|
||||||
|
header_up X-Forwarded-Host {host}
|
||||||
|
}
|
||||||
|
|
||||||
|
header {
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,36 +1,23 @@
|
|||||||
# CURRENT AI WORKING SESSION — HANDOVER
|
# CURRENT AI WORKING SESSION — HANDOVER
|
||||||
|
|
||||||
**Active AI:** Claude Haiku 4.5 (Claude Code)
|
**Active AI:** Gemini CLI
|
||||||
**Last Updated:** 2026-04-23
|
**Last Updated:** 2026-04-23
|
||||||
**Current Version:** v1.14.19
|
**Current Version:** v1.14.19
|
||||||
**Status**: ✅ PHASE 7 COMPLETE | 🟢 READY FOR PHASE 8
|
**Status**: ✅ SSL PROXY FIXED | 🟢 READY FOR PHASE 8
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## SESSION 41 EXECUTION SUMMARY — Infrastructure & Export Fixes
|
## SESSION 42 EXECUTION SUMMARY — SSL Infrastructure Fix
|
||||||
|
|
||||||
### 1. Phase 7: Config Consolidation (COMPLETE)
|
### 1. SSL Proxy Fix (COMPLETE)
|
||||||
- **Centralized YAML**: Migrated all configuration to `config/*.yaml`.
|
- **Port 80 Conflict**: Identified that Caddy was failing to start because it tried to bind to port 80 for HTTP->HTTPS redirects, while port 80 was already in use by a system-wide Caddy.
|
||||||
- **SSOT Architecture**: Established `network.yaml` as the Master Source of Truth for Server IP and Port management.
|
- **Caddy Configuration**: Modified `Caddyfile.standalone` (root and `config/`) to include `auto_https disable_redirects` in the global options. This allows Caddy to run on custom ports (8918/8919) without interfering with port 80.
|
||||||
- **Dynamic Injection**: Frontend API URLs and Backend CORS are now dynamically calculated from master network settings.
|
- **Service Restart**: Successfully restarted backend, frontend, and proxy using `scripts/run_standalone.py restart`.
|
||||||
- **Python Tooling**: All legacy `.sh` scripts converted to robust, secure Python scripts in `scripts/`.
|
|
||||||
- **Enhanced Launcher**: `run_standalone.py` now supports `start`, `stop`, `restart`, `status`, and Caddy SSL proxying.
|
|
||||||
|
|
||||||
### 2. Admin & Security Improvements
|
### 2. Verification
|
||||||
- **AI Key Detection**: Fixed backend logic to correctly report AI key status from YAML/Secrets.
|
- **Backend SSL**: Verified reachable at `https://localhost:8918/` (Port 8916 upstream).
|
||||||
- **Secure Saving**: Implemented `ConfigManager.update_keys()` to route sensitive data correctly to `secrets.yaml`.
|
- **Frontend SSL**: Verified reachable at `https://localhost:8919/` (Port 8917 upstream).
|
||||||
- **Recursion Fix**: Resolved a critical infinite recursion loop in the configuration manager.
|
- **Service Status**: `run_standalone.py status` confirms all components are UP.
|
||||||
|
|
||||||
### 3. Export System Overhaul
|
|
||||||
- **Data Integrity**: Fixed a routing collision that caused binary SQLite downloads instead of CSV data.
|
|
||||||
- **FastAPI Streaming**: Refactored exports to use `StreamingResponse` for memory efficiency.
|
|
||||||
- **Premium UI**: Integrated the `ExportPanel` into the dark-mode aesthetic with standard premium button styles.
|
|
||||||
- **WebSocket Fix**: Improved Caddy configuration for Next.js HMR stability.
|
|
||||||
|
|
||||||
### 4. Cleanup & Preparation
|
|
||||||
- ✅ Deleted all deprecated `.sh` and `.env` files.
|
|
||||||
- ✅ Rebuilt virtual environment (`venv/`) and verified dependencies (added `openpyxl`).
|
|
||||||
- ✅ Incremented system version to **v1.14.19**.
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"version": "1.14.20",
|
"version": "1.14.21",
|
||||||
"last_build": "2026-04-23-1536",
|
"last_build": "2026-04-23-1559",
|
||||||
"codename": "ConfigCore",
|
"codename": "ConfigCore",
|
||||||
"commit": "b0ac7426"
|
"commit": "6e88ea91"
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user