From b731feab127b83c98a9f2b71890dc69cb6a02db8 Mon Sep 17 00:00:00 2001
From: Josh Knapp <jknapp85@gmail.com>
Date: Thu, 30 Apr 2026 10:02:16 -0700
Subject: [PATCH] Self-heal trusted IP whitelist files at startup

Volume-mounted /etc/haproxy can shadow the image-baked
trusted_ips.list/trusted_ips.map, causing HAProxy to fail
config validation with "failed to open pattern file" on
non-WHP deployments. Touch empty files if they don't exist
so the ACLs always parse.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 scripts/start-up.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/start-up.sh b/scripts/start-up.sh
index f39a986..b6f0456 100644
--- a/scripts/start-up.sh
+++ b/scripts/start-up.sh
@@ -2,5 +2,11 @@
 
 # Exit on error
 set -eo pipefail
+
+# Ensure trusted IP whitelist files exist (volume-mounted /etc/haproxy may shadow image defaults)
+mkdir -p /etc/haproxy
+[ -f /etc/haproxy/trusted_ips.list ] || : > /etc/haproxy/trusted_ips.list
+[ -f /etc/haproxy/trusted_ips.map ]  || : > /etc/haproxy/trusted_ips.map
+
 cron &
 python /haproxy/haproxy_manager.py