lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
414 Commits 4 Branches 109 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Dorian
022e7e484a feat: Phase 6 — nginx security headers, CSP hardening, rate limiting 
- CSP: removed unsafe-eval, tightened frame-src to self + host ports,
  added frame-ancestors, base-uri, form-action directives
- X-Frame-Options: SAMEORIGIN added after proxy_hide_header on all app proxies
- HSTS: max-age=31536000; includeSubDomains on all server blocks
- Rate limiting: 20r/s on /rpc/ with burst=40, 3r/s auth zone
- Added X-DNS-Prefetch-Control, Permissions-Policy payment=() header

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 00:57:16 +00:00
Dorian
30164fd12a feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements 
Bitcoin UI:
- Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts)
- Make all asset paths relative for nginx proxy compatibility
- Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely)
- Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332)

HTTPS mixed content fix:
- Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS,
  iframe loads through nginx proxy instead of direct HTTP port
- Prevents browser blocking HTTP iframes inside HTTPS pages
- All Tailscale servers use HTTPS, this was breaking all app iframes

Deploy & first-boot improvements:
- first-boot-containers.sh auto-detects disk size for pruning vs txindex
- first-boot-containers.sh checks fallback source path for UI containers
- Added mempool-electrs to APP_PORTS mapping
- ElectrumX container creation in first-boot
- Podman doctor/fix/uptime skills added

Also includes: session persistence, identity management, LND transactions,
ElectrumX status UI, nostr-provider improvements, Web5 enhancements

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 12:58:35 +00:00
Dorian
bd40fac0e6 bullshit 2026-03-15 00:40:55 +00:00
Dorian
b6f401e7f6 fix: indeedhub staging API, nginx caching, nostr identity and UI improvements 
Switch IndeedHub to staging API, add _next asset caching in nginx,
simplify NostrIdentityPicker component, and update Apps/Web5/Marketplace views.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-14 19:08:09 +00:00
Dorian
ee15fbc457 bug fixes from sxsw 2026-03-14 17:12:41 +00:00
Dorian
efdea936fa feat: inject NIP-07 nostr-provider.js into all nginx app proxy blocks 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 23:21:15 +00:00
Dorian
e3aa95a103 fix: prevent tokio runtime deadlock in credential issue/verify 
The credential issuance and verification handlers used
Handle::block_on() directly inside the tokio runtime, causing a
deadlock. Wrapped with block_in_place() to properly yield the
runtime thread.

Also completed full feature verification across all 25 test groups
(~175 checks) on live server.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-09 07:43:12 +00:00
Dorian
1b2021cece chore: sync ISO build configs with live server state 
- Add nginx snippets (PWA, HTTPS app proxies) to image-recipe/configs/
- Update build script Dockerfile to install openssl, generate self-signed
  SSL cert, copy nginx snippets, and create Cloud dummy directories
- Ensures fresh ISO installs have working HTTPS, PWA installability,
  and pre-created Cloud storage folders

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-05 08:34:53 +00:00