Commit Graph

847 Commits

Author SHA1 Message Date
Owen
e223a35a62 Reexec if the config changes
Former-commit-id: a7b028b154
2026-05-28 15:38:09 -07:00
Owen
71eb811829 Add sighup and block flag to block connections
Former-commit-id: 694a7986f5
2026-05-28 15:38:09 -07:00
Owen
34d2cad512 Add to cicd
Former-commit-id: 3d57d37c9e
2026-05-28 15:38:09 -07:00
Owen
7c22fe274a Add advantech package
Former-commit-id: 8955213aef
2026-05-28 15:38:09 -07:00
Owen
d2bd8cb97d Add advantech router app updates
Former-commit-id: ec89eb7d0f
2026-05-28 15:38:09 -07:00
Owen
24c4fbc0b0 Keep checking if we need to update
Former-commit-id: 535fd717be
2026-05-28 15:38:09 -07:00
Owen
e1b6fa9008 Add permissions check, shasum check, & build info
Former-commit-id: 357f718e00
2026-05-28 15:38:09 -07:00
Owen
c058500932 Auto update newt
Former-commit-id: 42cb8e7908
2026-05-28 15:38:08 -07:00
miloschwartz
3264aa0975 update issue template
Former-commit-id: 6ccfe96e69
2026-05-25 21:40:43 -07:00
Owen
c9ac8fc28f Remove test
Former-commit-id: efa1ecf61e
2026-05-11 18:04:51 -07:00
Owen
74acbad133 Update log message
Former-commit-id: d28c2aaa87
2026-05-11 10:34:30 -07:00
Owen
5541f92d07 Bump version
Former-commit-id: a1218ab67a
2026-05-08 11:05:24 -07:00
Owen
74b4b7d76d Merge branch 'main' into dev
Former-commit-id: bb84762b16
2026-05-08 11:05:07 -07:00
Owen
328b1aced3 Fix the redirect
Former-commit-id: 86155072de
2026-05-08 11:03:00 -07:00
Owen Schwartz
655cfa45fb Merge pull request #345 from LaurenceJJones/investigate/https-permanent-redirect-loop
fix(http): populate Request.TLS for private HTTPS via httpConnCtx

Former-commit-id: 4a9a4c4eec
2026-05-08 09:48:22 -07:00
Owen Schwartz
b3e4964e52 Merge pull request #344 from LaurenceJJones/investigate/private-http-redirect-500
fix(http): Set host header based on in

Former-commit-id: 21c744fe84
2026-05-08 09:47:09 -07:00
Laurence
f871b5e324 fix(http): populate Request.TLS for private HTTPS via httpConnCtx
net/http only sets Request.TLS for *tls.Conn or conns implementing ConnectionState(). Our listener wrapped tls.Server in httpConnCtx with an embedded net.Conn, so TLS was never surfaced and r.TLS stayed nil. That triggered the HTTP→HTTPS permanent redirect on every request for HTTPS rules.

Add ConnectionState() on httpConnCtx delegating to the underlying TLS conn.
Add tests for TLS forwarding and plain TCP.


Former-commit-id: 146e7835eb
2026-05-08 15:17:31 +01:00
Laurence
85d51a300e fix(http): Set host header based on in
fix https://github.com/fosrl/pangolin/issues/2952 issue by setting the incoming host header to the outgoing one by the reverse proxy, this was the default behaviour when using single proxy but now since we use more features it now rewrites the host header


Former-commit-id: 6aa94c0c2a
2026-05-08 13:45:50 +01:00
Owen Schwartz
cd9fb3d013 Merge pull request #342 from fosrl/dev
1.12.4

Former-commit-id: 542c70b326
1.12.4
2026-05-07 17:41:03 -07:00
Owen
6b42cac02d Retry interval while we are disconnected
Former-commit-id: 663e98af60
2026-05-07 17:27:01 -07:00
Owen
d5f48f782f Increase max attempts
Former-commit-id: 901ec71baf
2026-05-07 17:25:13 -07:00
Owen
cd5f5c079c Merge branch 'main' into dev
Former-commit-id: 9bc0204f57
2026-05-07 17:24:34 -07:00
Daniel Snider
1f2d40c793 fix(ping): decouple data-plane recovery trigger from backoff ramp
The trigger condition that decides whether to fire the data-plane
recovery flow in startPingCheck was AND-ed with `currentInterval <
maxInterval`. That clause was meant to throttle the *backoff ramp*
(don't widen the interval past 6s), but it also gated the recovery
trigger itself — a conflation that became invisibly load-bearing
once commit 8161fa6 (March 2026) bumped the default pingInterval
from 3s to 15s while leaving maxInterval at 6s. Under the new
defaults `currentInterval` starts at 15s and `15 < 6` is permanently
false, so the recovery branch never executed. Pings just kept
failing and the failure counter climbed forever, with no
"Connection to server lost" log line and no newt/ping/request
emitted on the websocket. Real-world recovery only happened when
the underlying network came back fast enough that a periodic ping
naturally succeeded again — which doesn't happen if the WireGuard
state on either end has rotated, so users were left stuck until
they restarted newt.

This is the proximate cause of the user reports in
fosrl/newt#284 (and dups #310, fosrl/pangolin#1004). Logs in
those issues all show ping-failure counters growing without ever
emitting "Connection to server lost", which is exactly the
fingerprint of this gate being false.

The fix is to extract the trigger decision into shouldFireRecovery
and remove currentInterval from it. Backoff is now computed in a
separate `if` in the caller, still gated by `currentInterval <
maxInterval` so the ramp is a no-op under default settings (which
is the existing behaviour, just no longer entangled with the
recovery trigger). Fixing the backoff ramp itself — making it
useful when pingInterval >= maxInterval — is a follow-up: the
priority is restoring recovery, not improving the dampening
schedule.

The new shouldFireRecovery helper is unit-tested. Its signature
intentionally omits currentInterval, so a future refactor that
re-introduces the interval-dependent gate would need to change
the function signature, which makes the historical bug harder
to reintroduce silently.


Former-commit-id: 1e77b09e3b
2026-05-07 16:57:31 -07:00
Owen
5e7cd9c0b9 Bump version
Former-commit-id: 74fd3f3aa3
2026-05-07 16:24:30 -07:00
Owen
a84bae3bc1 Attempt to fix nix issue
Former-commit-id: e8dc19a62b
2026-05-07 16:23:59 -07:00
Owen
34c5260e49 Fix not logging when rewriting nat
Former-commit-id: 9ff32b8a8b
2026-05-07 16:16:47 -07:00
dependabot[bot]
d16b856719 chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](57a97c7e78...ed142fd067)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Former-commit-id: 9edaac9c11
2026-05-05 18:11:26 -07:00
dependabot[bot]
f1bb6c663d chore(nix): fix hash for updated go dependencies
Former-commit-id: ced87b1d5e
2026-05-05 18:11:21 -07:00
dependabot[bot]
b09f67c377 chore(deps): bump the prod-minor-updates group across 1 directory with 4 updates
Bumps the prod-minor-updates group with 3 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0
- [Commits](https://github.com/golang/crypto/compare/v0.49.0...v0.50.0)

Updates `golang.org/x/net` from 0.52.0 to 0.53.0
- [Commits](https://github.com/golang/net/compare/v0.52.0...v0.53.0)

Updates `golang.org/x/sys` from 0.42.0 to 0.43.0
- [Commits](https://github.com/golang/sys/compare/v0.42.0...v0.43.0)

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: golang.org/x/net
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Former-commit-id: 3aaebe64fb
2026-05-05 18:11:21 -07:00
Owen
46d4d6539a Try to fix failover not working
Former-commit-id: 27f7ca6bb9
2026-05-05 11:40:39 -07:00
Owen
367e4b03fe Update status code
Former-commit-id: 5090907307
2026-04-30 15:55:52 -07:00
Owen
07613ebe05 Fix incorrect redirect logic
Former-commit-id: a6533b3fa0
2026-04-29 21:11:07 -07:00
Owen Schwartz
81b6daceba Merge pull request #336 from fosrl/dev
1.12.3

Former-commit-id: 57aa2e2e2c
1.12.3
2026-04-29 16:02:49 -07:00
Owen Schwartz
72a209c7ae Merge pull request #334 from LaurenceJJones/private-http-websocket
enhance(http): Support websocket upgrades

Former-commit-id: 5724c516dc
2026-04-29 15:58:30 -07:00
Owen
72c58c721b Add some test scripts for ws and move to testing/
Former-commit-id: b33c3b8849
2026-04-29 15:57:31 -07:00
Laurence
dd735555c4 Support websocket upgrades in private HTTP proxy
Preserve optional ResponseWriter interfaces through statusCapture so httputil.ReverseProxy can hijack upgraded websocket connections. Add a regression test covering websocket traffic through the HTTP handler path.


Former-commit-id: 8e19e475bf
2026-04-29 07:12:35 +01:00
Owen Schwartz
51d7558ec5 Merge pull request #333 from fosrl/dev
Dont block tcp for http unless there are targets

Former-commit-id: 9e92c42876
1.12.2 v1.12.2
2026-04-28 14:51:01 -07:00
Owen
ad8013ff77 Dont block tcp for http unless there are targets
Former-commit-id: 66c72bbe2e
2026-04-28 14:29:55 -07:00
Owen Schwartz
7315f381d7 Merge pull request #331 from fosrl/dev
Follow redirects by default for backward compat

Former-commit-id: ffd26f9a6d
1.12.1 v1.12.1
2026-04-28 10:13:49 -07:00
Owen
2038383393 Follow redirects by default for backward compat
Fixes #330


Former-commit-id: 7610aa40bf
2026-04-28 10:10:28 -07:00
Owen Schwartz
1ecf6efdf5 Merge pull request #328 from fosrl/dev
Quiet message

Former-commit-id: bf33a66043
1.12.0 v1.12.0
2026-04-27 20:11:01 -07:00
Owen
3a5ce705b8 Quiet message
Former-commit-id: 23caf57bf4
2026-04-27 20:10:35 -07:00
Owen Schwartz
809e6cff30 Merge pull request #327 from fosrl/dev
1.12.0

Former-commit-id: df3aa60cf5
2026-04-27 20:08:45 -07:00
Owen
96327034af Fix crashing when removing hc
Former-commit-id: 5c43db466a
2026-04-27 15:03:36 -07:00
Owen Schwartz
5564eaa02f Merge pull request #323 from fosrl/dev
1.12.0-rc.1

Former-commit-id: cc663f1636
v1.12.0-rc.1
2026-04-24 13:42:38 -07:00
Owen
9545854cb5 Hard code the ifconfig path
Former-commit-id: 1a67ff30c2
2026-04-24 10:39:44 -07:00
Owen
d28b9bbca3 Fix transport issue
Former-commit-id: bfd61ca511
2026-04-22 21:36:16 -07:00
Owen
232b3936de Try to add redirect
Former-commit-id: 294f99e024
2026-04-22 20:12:51 -07:00
Owen Schwartz
5914b3107a Merge pull request #322 from fosrl/dev
Revert nix in cicd

Former-commit-id: af2ecf486a
1.12.0-rc.0
2026-04-22 11:40:45 -07:00
Owen
015fe4b8db Revert nix version in cicd
Former-commit-id: efd6743ce4
2026-04-22 11:40:12 -07:00