projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(haproxy): Admin-UI auf eigenem Port :3443 (mailgateway-Pattern)

Browse Source 
* HAProxy neues Frontend mgmt_https :3443 → api_backend (Mgmt-UI).
  Selbe TLS-Cert-Strecke wie :443 (gleicher /etc/edgeguard/tls/-Pool).
* :443 verliert default_backend → unbekannte Hosts kriegen 503,
  nicht mehr versehentlich die Admin-UI. Plus default-Route auf
  primary_backend pro Domain (catch-all-Routing dort, wo gewollt).
* Anti-Lockout in nft-Template um tcp dport 3443 erweitert
  (zusätzlich zu 22 + 443).
* SystemRulesCard zeigt 3443 als 3. Anti-Lockout-Eintrag.

Erreichbarkeit:
* Public Backends: https://<domain>:443 (mit eigenem Cert oder LE)
* Admin-UI: https://<host>:3443 (jeder Hostname, default_backend)
* SSH: :22 (rate-limited 10/min)

Version 1.0.13.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Debian
2026-05-10 21:37:53 +02:00
parent fd294a273e
commit 0d51b26170
9 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
management-ui/src/components/Layout/Sidebar.tsx
View File

@@ -70,7 +70,7 @@ const NAV: NavSection[] = [
},
]
const VERSION = '1.0.12'
const VERSION = '1.0.13'
export default function Sidebar({ isOpen, onClose }: SidebarProps) {
const { t } = useTranslation()

3
management-ui/src/pages/Firewall/SystemRules.tsx
View File

@@ -20,7 +20,8 @@ interface SystemRule {
const ROWS: SystemRule[] = [
{ key: 'a1', chain: 'input', match: 'tcp dport 22 (rate-limit 10/min)', action: 'accept', note: 'anti-lockout: SSH' },
{ key: 'a2', chain: 'input', match: 'tcp dport 443', action: 'accept', note: 'anti-lockout: Management-UI' },
{ key: 'a2', chain: 'input', match: 'tcp dport 443', action: 'accept', note: 'anti-lockout: HAProxy public HTTPS' },
{ key: 'a3', chain: 'input', match: 'tcp dport 3443', action: 'accept', note: 'anti-lockout: Management-UI (admin HTTPS)' },
{ key: 'b1', chain: 'input', match: 'ct state established,related', action: 'accept', note: 'stateful baseline' },
{ key: 'b2', chain: 'input', match: 'ct state invalid', action: 'drop', note: 'stateful baseline' },
{ key: 'b3', chain: 'input', match: 'iif lo', action: 'accept', note: 'loopback' },