From cb1f252e4d0cb31fa1e10095b11fbf4d6fe52af2 Mon Sep 17 00:00:00 2001 From: Dorian Date: Sun, 29 Mar 2026 12:44:13 +0100 Subject: [PATCH] fix: UEFI ESP partition type, WebSocket cookie, password UX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit UEFI boot: - xorriso now uses -append_partition with ESP type GUID (C12A7328-F81F-11D2-BA4B-00A0C93EC93B) instead of -isohybrid-gpt-basdat which only creates "basic data" partitions. Strict UEFI firmware requires the correct ESP type to find BOOTX64.EFI. - Uses Arch Linux ISO approach: -append_partition + appended_part_as_gpt WebSocket/login from LAN browser: - HTTPS nginx /ws block was missing proxy_set_header Cookie $http_cookie Session cookie wasn't forwarded → backend returned 401 → WS failed Password UX: - Renamed "Change Password" → "Set Password" with description explaining default password is password123 Co-Authored-By: Claude Opus 4.6 (1M context) --- image-recipe/build-auto-installer-iso.sh | 9 +++++++-- image-recipe/configs/nginx-archipelago.conf | 2 ++ neode-ui/src/locales/en.json | 6 +++--- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index e2682a33..ea06a3c5 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -2786,6 +2786,10 @@ if [ ! -f "$EFI_IMG" ]; then -partition_offset 16 \ "$INSTALLER_ISO" else + # UEFI fix: append efi.img as a real EFI System Partition (ESP) in GPT + # instead of embedding it as "basic data". Strict UEFI firmware requires + # the correct ESP type GUID (C12A7328-F81F-11D2-BA4B-00A0C93EC93B). + # This is the same approach used by Arch Linux ISOs. xorriso -as mkisofs -o "$OUTPUT_ISO" \ -volid "ARCHIPELAGO" \ -iso-level 3 \ @@ -2795,9 +2799,10 @@ else -b isolinux/isolinux.bin \ -no-emul-boot -boot-load-size 4 -boot-info-table \ -eltorito-alt-boot \ - -e boot/grub/efi.img \ + -e --interval:appended_partition_2:all:: \ -no-emul-boot \ - -isohybrid-gpt-basdat \ + -appended_part_as_gpt \ + -append_partition 2 C12A7328-F81F-11D2-BA4B-00A0C93EC93B "$WORK_DIR/efi.img" \ -partition_offset 16 \ "$INSTALLER_ISO" fi diff --git a/image-recipe/configs/nginx-archipelago.conf b/image-recipe/configs/nginx-archipelago.conf index f2eabebe..66edc82c 100644 --- a/image-recipe/configs/nginx-archipelago.conf +++ b/image-recipe/configs/nginx-archipelago.conf @@ -1076,6 +1076,8 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Cookie $http_cookie; proxy_read_timeout 86400s; } } diff --git a/neode-ui/src/locales/en.json b/neode-ui/src/locales/en.json index eb3c6a78..ae5cef50 100644 --- a/neode-ui/src/locales/en.json +++ b/neode-ui/src/locales/en.json @@ -177,15 +177,15 @@ "loggedIn": "Currently logged in", "didHelper": "Decentralized identifier for passwordless auth", "onionHelper": "Onion address for node interface and peer discovery over Tor", - "changePassword": "Change Password", + "changePassword": "Set Password", "enable2fa": "Enable 2FA", "disable2fa": "Disable 2FA", "logout": "Logout", "loggingOut": "Logging out...", "twoFactorAuth": "Two-Factor Authentication", "twoFaProtect": "Protect your account with an authenticator app", - "changePasswordTitle": "Change Password", - "changePasswordDesc": "Updates both web login and SSH access. Use a strong password (12+ chars, upper, lower, digit, special).", + "changePasswordTitle": "Set Password", + "changePasswordDesc": "Set a new password for web login and SSH access. Default password is 'password123'. Use a strong password (12+ chars, upper, lower, digit, special).", "currentPassword": "Current Password", "newPassword": "New Password", "confirmNewPassword": "Confirm New Password",