Skip to content

ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, Quick links, DNSMasq improvements, bug fixes#202

Merged
runleveldev merged 29 commits intomainfrom
rgingras/sprint-2026-02-20
Feb 23, 2026
Merged

ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, Quick links, DNSMasq improvements, bug fixes#202
runleveldev merged 29 commits intomainfrom
rgingras/sprint-2026-02-20

Conversation

@runleveldev
Copy link
Collaborator

@runleveldev runleveldev commented Feb 16, 2026
edited
Loading

Replace Lego with Acme.sh

Do before updating the Nginx template.

curl -fsSL https://get.acme.sh | sh
/root/.acme.sh/acme.sh --upgrade --auto-upgrade
export CF_Token="...."
export CF_Account_ID="..."
/root/.acme.sh/acme.sh --register-account -m devops@mieweb.com
/root/.acme.sh/acme.sh --issue --dns dns_cf -d example.com -d *.example.com
/root/.acme.sh/acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/certs/example.com.crt --key-file /etc/ssl/private/example.com.key --reloadcmd "nginx -s reload"

DNSMasq Improvements

DNSMasq config split into several files to minimize restarts. pull-config needs reinstalled and the monolithic dnsmasq config removed.

ModSecurity WAF

Installation to existing manager

rm /etc/apt/sources.list.d/nginx.list /usr/share/keyrings/nginx-archive-keyring.gpg /etc/apt/preferences.d/99nginx
apt-get update -qq
apt-get install --download-only --allow-downgrades -y \
  nginx=1.26.3-3+deb13u2 \
  libnginx-mod-stream \
  libnginx-mod-http-modsecurity
DEBIAN_FRONTEND=noninteractive apt-get install --allow-downgrades -o Dpkg::Options::="--force-confold" -y \
  nginx=1.26.3-3+deb13u2 \
  libnginx-mod-stream \
  libnginx-mod-http-modsecurity
sed -i '/^pid/a\\ninclude /etc/nginx/modules-enabled/*.conf;' /etc/nginx/nginx.conf
ln -sf /usr/share/nginx/modules-available/mod-stream.conf \
  /etc/nginx/modules-enabled/
systemctl start nginx

Images

image

Descriptive error pages

image image

Container quick links

image

@runleveldev runleveldev linked an issue Feb 16, 2026 that may be closed by this pull request
[Bug]: Docker images made in local-lvm hardcoded #198
Closed
@runleveldev runleveldev force-pushed the rgingras/sprint-2026-02-20 branch 2 times, most recently from 8eea076 to 3d12d8d Compare February 16, 2026 20:22
This was linked to issues Feb 16, 2026
Add descriptive 404/502 pages #194
Closed
Enable basic Modsecurity WAF for the load balancer #197
Closed
[Bug]: Unregistered 2FA users are being given generic error message #190
Closed
@runleveldev runleveldev force-pushed the rgingras/sprint-2026-02-20 branch 9 times, most recently from a7a5bd2 to 989e7a8 Compare February 17, 2026 21:11
@runleveldev runleveldev linked an issue Feb 17, 2026 that may be closed by this pull request
Many-to-many external domain/site association #195
Closed
@runleveldev runleveldev force-pushed the rgingras/sprint-2026-02-20 branch from a8e6bbc to d94e767 Compare February 18, 2026 19:07
@runleveldev
fix: remove standard template code path to fix template name handling
75f2e57
@runleveldev
feat: implement defaultStorage per #198
a4867fb
@runleveldev
fix: increase default rootfs size to 50G
93bd9af
@runleveldev
fix: remove nginx default.conf to force http -> https redirect
7ecbdb5
@runleveldev
feat: implement helpful error pages per #194
11d9fd7
@runleveldev
feat: rollback to nginx stable from debian and convert manager to der…
2959b0d 
…ived build
@runleveldev
feat: add ModSecurity WAF support per #197
1f324f3
@runleveldev
feat: add descriptive error page for ModSecurity blocks
8ae4663
@runleveldev
fix: handle additional error case per #190
5b1b82d
@runleveldev
feat: seperate out agent components and derive manager from agent for…
9ddfc42 
… embeded behavior
@runleveldev
fix: enable TLS connections from the LDAP servers from the default in…
5a34ae2 
…stall
@runleveldev
feat: enable remote agent management via environment variables and AP…
9b3d764 
…I keys
@runleveldev
fix: docs and init service
42a3e01
@runleveldev runleveldev force-pushed the rgingras/sprint-2026-02-20 branch from 55310ee to 76c7ee6 Compare February 18, 2026 21:34
@runleveldev runleveldev force-pushed the rgingras/sprint-2026-02-20 branch 4 times, most recently from e2329f2 to b893fc8 Compare February 19, 2026 15:02
@runleveldev runleveldev force-pushed the rgingras/sprint-2026-02-20 branch from b893fc8 to e2e82f0 Compare February 19, 2026 15:04
@runleveldev runleveldev linked an issue Feb 20, 2026 that may be closed by this pull request
Make containers clickable to vscode and iterm2 #179
Closed
5 tasks
@runleveldev runleveldev marked this pull request as ready for review February 20, 2026 19:28
@runleveldev runleveldev changed the title Rgingras/sprint 2026 02 20 ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, bug fixes Feb 20, 2026
@runleveldev runleveldev linked an issue Feb 20, 2026 that may be closed by this pull request
[Bug]: Failed to create container: Template "ghcr.io/mieweb/opensource-server/base:latest" not found on any node in this site #200
Closed
@runleveldev runleveldev changed the title ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, bug fixes ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, Quick links, bug fixes Feb 20, 2026
@runleveldev runleveldev changed the title ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, Quick links, bug fixes ACME improvements, WAF, DNS integrations, descriptive LB errors, Proxmox storage selection, Quick links, DNSMasq improvements, bug fixes Feb 20, 2026
cmyers-mieweb
cmyers-mieweb approved these changes Feb 20, 2026
View reviewed changes
Copy link
Collaborator

@cmyers-mieweb cmyers-mieweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will merge this on Monday to the new cluster

Bobzemob
Bobzemob approved these changes Feb 20, 2026
View reviewed changes
Copy link
Contributor

@Bobzemob Bobzemob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@runleveldev runleveldev merged commit a2bd601 into main Feb 23, 2026
4 checks passed
@runleveldev runleveldev deleted the rgingras/sprint-2026-02-20 branch February 23, 2026 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Bobzemob Bobzemob Bobzemob approved these changes

@cmyers-mieweb cmyers-mieweb cmyers-mieweb approved these changes

@tgparis tgparis Awaiting requested review from tgparis

@mie-jcrandal mie-jcrandal Awaiting requested review from mie-jcrandal

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

3 participants

@runleveldev @Bobzemob @cmyers-mieweb