From 6290cde45f2836cfcea513184e356ef96d062673 Mon Sep 17 00:00:00 2001 From: Debian Date: Sun, 10 May 2026 23:50:38 +0200 Subject: [PATCH] =?UTF-8?q?fix(haproxy):=20backend.scheme=20auswerten=20(h?= =?UTF-8?q?ttps=20=E2=86=92=20ssl=20verify=20none=20alpn=20h2,h1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: backends.scheme war im Datenmodell + UI vorhanden, aber der HAProxy-Renderer hat das Feld komplett ignoriert. Jeder Backend wurde als plain HTTP angesprochen — wenn das Upstream (nginx etc.) HTTPS erwartet, kam '400 The plain HTTP request was sent to HTTPS port' zurück, was im Browser als 404/Fehler erschien. Fix im Template: server-Zeile bekommt 'ssl verify none alpn h2,http/1.1' wenn .Scheme == "https". 'verify none' weil interne Backends meist self-signed; ALPN deckt H1 + H2 via Aushandlung ab (also funktioniert sowohl proxy_protocol=https als auch =h2 aus dem alten EdgeGuard). Version 1.0.19. Co-Authored-By: Claude Opus 4.7 (1M context) --- VERSION | 2 +- cmd/edgeguard-api/main.go | 2 +- cmd/edgeguard-ctl/main.go | 2 +- cmd/edgeguard-scheduler/main.go | 2 +- internal/haproxy/haproxy.cfg.tpl | 2 +- management-ui/package.json | 2 +- management-ui/src/components/Layout/Sidebar.tsx | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/VERSION b/VERSION index f8f3c08..140333f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.18 +1.0.19 diff --git a/cmd/edgeguard-api/main.go b/cmd/edgeguard-api/main.go index 2015d49..d07f9a9 100644 --- a/cmd/edgeguard-api/main.go +++ b/cmd/edgeguard-api/main.go @@ -39,7 +39,7 @@ import ( wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard" ) -var version = "1.0.18" +var version = "1.0.19" func main() { addr := os.Getenv("EDGEGUARD_API_ADDR") diff --git a/cmd/edgeguard-ctl/main.go b/cmd/edgeguard-ctl/main.go index 70daf2c..c80ed88 100644 --- a/cmd/edgeguard-ctl/main.go +++ b/cmd/edgeguard-ctl/main.go @@ -9,7 +9,7 @@ import ( "os" ) -var version = "1.0.18" +var version = "1.0.19" const usage = `edgeguard-ctl — EdgeGuard CLI diff --git a/cmd/edgeguard-scheduler/main.go b/cmd/edgeguard-scheduler/main.go index 29898c3..f161ac6 100644 --- a/cmd/edgeguard-scheduler/main.go +++ b/cmd/edgeguard-scheduler/main.go @@ -21,7 +21,7 @@ import ( "git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts" ) -var version = "1.0.18" +var version = "1.0.19" const ( // renewTickInterval — how often we re-evaluate expiring certs. diff --git a/internal/haproxy/haproxy.cfg.tpl b/internal/haproxy/haproxy.cfg.tpl index 321503a..8cf8e7c 100644 --- a/internal/haproxy/haproxy.cfg.tpl +++ b/internal/haproxy/haproxy.cfg.tpl @@ -86,5 +86,5 @@ backend api_backend {{- range .Backends}} backend eg_backend_{{.ID}} - server {{.Name | safeID}} {{.Address}}:{{.Port}}{{if .HealthCheckPath}} check inter 5s{{end}} + server {{.Name | safeID}} {{.Address}}:{{.Port}}{{if eq .Scheme "https"}} ssl verify none alpn h2,http/1.1{{end}}{{if .HealthCheckPath}} check inter 5s{{end}} {{- end}} diff --git a/management-ui/package.json b/management-ui/package.json index 806a407..f174cb6 100644 --- a/management-ui/package.json +++ b/management-ui/package.json @@ -1,7 +1,7 @@ { "name": "edgeguard-management-ui", "private": true, - "version": "1.0.18", + "version": "1.0.19", "type": "module", "scripts": { "dev": "vite", diff --git a/management-ui/src/components/Layout/Sidebar.tsx b/management-ui/src/components/Layout/Sidebar.tsx index 05fb79e..0074c54 100644 --- a/management-ui/src/components/Layout/Sidebar.tsx +++ b/management-ui/src/components/Layout/Sidebar.tsx @@ -70,7 +70,7 @@ const NAV: NavSection[] = [ }, ] -const VERSION = '1.0.18' +const VERSION = '1.0.19' export default function Sidebar({ isOpen, onClose }: SidebarProps) { const { t } = useTranslation()