fix: UEFI ESP partition type, WebSocket cookie, password UX

UEFI boot: - xorriso now uses -append_partition with ESP type GUID (C12A7328-F81F-11D2-BA4B-00A0C93EC93B) instead of -isohybrid-gpt-basdat which only creates "basic data" partitions. Strict UEFI firmware requires the correct ESP type to find BOOTX64.EFI. - Uses Arch Linux ISO approach: -append_partition + appended_part_as_gpt WebSocket/login from LAN browser: - HTTPS nginx /ws block was missing proxy_set_header Cookie $http_cookie Session cookie wasn't forwarded → backend returned 401 → WS failed Password UX: - Renamed "Change Password" → "Set Password" with description explaining default password is password123 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 12:44:13 +01:00 · 2026-03-29 12:44:13 +01:00 · cb1f252e4d
commit cb1f252e4d
parent 39d7bd07b9
3 changed files with 12 additions and 5 deletions
--- a/image-recipe/build-auto-installer-iso.sh
+++ b/image-recipe/build-auto-installer-iso.sh
@ -2786,6 +2786,10 @@ if [ ! -f "$EFI_IMG" ]; then
        -partition_offset 16 \
        "$INSTALLER_ISO"
 else
+    # UEFI fix: append efi.img as a real EFI System Partition (ESP) in GPT
+    # instead of embedding it as "basic data". Strict UEFI firmware requires
+    # the correct ESP type GUID (C12A7328-F81F-11D2-BA4B-00A0C93EC93B).
+    # This is the same approach used by Arch Linux ISOs.
    xorriso -as mkisofs -o "$OUTPUT_ISO" \
        -volid "ARCHIPELAGO" \
        -iso-level 3 \
@ -2795,9 +2799,10 @@ else
        -b isolinux/isolinux.bin \
        -no-emul-boot -boot-load-size 4 -boot-info-table \
        -eltorito-alt-boot \
-        -e boot/grub/efi.img \
+        -e --interval:appended_partition_2:all:: \
        -no-emul-boot \
-        -isohybrid-gpt-basdat \
+        -appended_part_as_gpt \
+        -append_partition 2 C12A7328-F81F-11D2-BA4B-00A0C93EC93B "$WORK_DIR/efi.img" \
        -partition_offset 16 \
        "$INSTALLER_ISO"
 fi
--- a/image-recipe/configs/nginx-archipelago.conf
+++ b/image-recipe/configs/nginx-archipelago.conf
@ -1076,6 +1076,8 @@ server {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Cookie $http_cookie;
        proxy_read_timeout 86400s;
    }
 }
--- a/neode-ui/src/locales/en.json
+++ b/neode-ui/src/locales/en.json
@ -177,15 +177,15 @@
    "loggedIn": "Currently logged in",
    "didHelper": "Decentralized identifier for passwordless auth",
    "onionHelper": "Onion address for node interface and peer discovery over Tor",
-    "changePassword": "Change Password",
+    "changePassword": "Set Password",
    "enable2fa": "Enable 2FA",
    "disable2fa": "Disable 2FA",
    "logout": "Logout",
    "loggingOut": "Logging out...",
    "twoFactorAuth": "Two-Factor Authentication",
    "twoFaProtect": "Protect your account with an authenticator app",
-    "changePasswordTitle": "Change Password",
-    "changePasswordDesc": "Updates both web login and SSH access. Use a strong password (12+ chars, upper, lower, digit, special).",
+    "changePasswordTitle": "Set Password",
+    "changePasswordDesc": "Set a new password for web login and SSH access. Default password is 'password123'. Use a strong password (12+ chars, upper, lower, digit, special).",
    "currentPassword": "Current Password",
    "newPassword": "New Password",
    "confirmNewPassword": "Confirm New Password",