haproxy-manager-base

cloud-hosting-platform/haproxy-manager-base

Fork 0

Commit Graph

Author	SHA1	Message	Date
Josh Knapp	1ff51da6f0	sanitize public mirror: drop personal IP and infra/customer hostnames All checks were successful Build and push coraza-spoa / Build-and-Push (push) Successful in 1m49s Details HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m55s Details - trusted_ips.{list,map}: replace home IP with 127.0.0.1 + usage notes - skill: resolve deploy host from gitignored target-host.local, ask if unset (no hardcoded server FQDN); customer host in WAF test -> <live-vhost> - README / coraza README: registry FQDN in run examples -> placeholder - 403 block page: drop hardcoded support link -> contact provider support - CLAUDE.md: note whitelist files ship without real IPs - .gitignore: ignore target-host.local and *.local Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-04 06:32:15 -07:00
Josh Knapp	eb3658b68e	docs: add haproxy-manager-deploy skill Procedural discipline for shipping haproxy-manager-base changes. The flow differs from WHP's (Gitea Actions auto-build vs. build-release.sh, docker pull + recreate vs. update.sh) and has its own foot-guns worth codifying: - /etc/haproxy is a named volume → baked-in image files under that path are shadowed on existing deployments; use /haproxy/ instead - HAProxy lf-file expansion eats single % → literal CSS percentages must be doubled (100%%) - WAF-block synthetic test ACL must be injected AFTER send-spoe-group or the SPOE call overwrites the forced action - coraza-spoa is distroless (no sh); peek inside with docker create + docker cp rather than docker exec sh Both build paths (build-push.yaml for haproxy-manager-base, build- push-coraza.yaml for coraza-spoa) are surfaced so a contributor knows which CI run to watch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 06:02:56 -07:00

Author

SHA1

Message

Date

Josh Knapp

1ff51da6f0

sanitize public mirror: drop personal IP and infra/customer hostnames

Build and push coraza-spoa / Build-and-Push (push) Successful in 1m49s

Details

HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m55s

Details

- trusted_ips.{list,map}: replace home IP with 127.0.0.1 + usage notes
- skill: resolve deploy host from gitignored target-host.local, ask if unset
  (no hardcoded server FQDN); customer host in WAF test -> <live-vhost>
- README / coraza README: registry FQDN in run examples -> placeholder
- 403 block page: drop hardcoded support link -> contact provider support
- CLAUDE.md: note whitelist files ship without real IPs
- .gitignore: ignore target-host.local and *.local

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-04 06:32:15 -07:00

Josh Knapp

eb3658b68e

docs: add haproxy-manager-deploy skill

Procedural discipline for shipping haproxy-manager-base changes.
The flow differs from WHP's (Gitea Actions auto-build vs.
build-release.sh, docker pull + recreate vs. update.sh) and has
its own foot-guns worth codifying:

- /etc/haproxy is a named volume → baked-in image files under that
  path are shadowed on existing deployments; use /haproxy/ instead
- HAProxy lf-file expansion eats single % → literal CSS percentages
  must be doubled (100%%)
- WAF-block synthetic test ACL must be injected AFTER send-spoe-group
  or the SPOE call overwrites the forced action
- coraza-spoa is distroless (no sh); peek inside with docker create
  + docker cp rather than docker exec sh

Both build paths (build-push.yaml for haproxy-manager-base, build-
push-coraza.yaml for coraza-spoa) are surfaced so a contributor
knows which CI run to watch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 06:02:56 -07:00

2 Commits