feat(agent,server): v0.2.7 - mu-plugin WordPress robuste, réparation wp-config, proxy cookies/headers

- Agent: mu-plugin embarqué amélioré (HTTPS forcé, filtres URL, localhost:port)
- Agent: suppression des WP_HOME/WP_SITEURL hardcodés au démarrage des instances
- Server/proxy: envoi X-Forwarded-Port, réécriture headers/body élargie
- Server/proxy: sanitization des Set-Cookie (Secure, SameSite, Domain)
- Dashboard: version agent 0.2.7, action Supprimer complète
- Cleanup: binaires agent 0.2.3-0.2.6 remplacés par 0.2.7
This commit is contained in:
EduBox Dev
2026-06-17 18:23:06 +00:00
parent 2feea2d063
commit b383b11ae2
21 changed files with 396 additions and 46 deletions
+6 -28
View File
@@ -22,6 +22,12 @@ services:
context: ./server
dockerfile: Dockerfile
container_name: edubox-server
volumes:
- ./server/public:/app/public:ro
cap_add:
- NET_ADMIN
command: >
sh -c "ip route add 100.64.0.0/10 via $$(ip route | awk '/default/ {{print $$3}}') || true && exec node_modules/.bin/next start"
restart: unless-stopped
environment:
DATABASE_URL: ${DATABASE_URL}
@@ -40,33 +46,6 @@ services:
networks:
- edubox
tailscale:
image: tailscale/tailscale:latest
container_name: edubox-tailscale
restart: unless-stopped
network_mode: service:server
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- tailscale_data:/var/lib/tailscale
environment:
HEADSCALE_URL: ${HEADSCALE_URL}
HEADSCALE_AUTH_KEY: ${HEADSCALE_AUTH_KEY}
command: >
sh -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf &&
echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf &&
sysctl -p &&
mkdir -p /var/run/tailscale &&
tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/var/run/tailscale/tailscaled.sock &
sleep 5 &&
tailscale up --authkey=$${HEADSCALE_AUTH_KEY} --login-server=$${HEADSCALE_URL} --accept-routes --hostname=edubox-server --reset &&
tail -f /dev/null"
depends_on:
- server
caddy:
image: caddy:2-alpine
@@ -118,7 +97,6 @@ volumes:
caddy_config:
headscale_data:
gitea_data:
tailscale_data:
networks:
edubox: