release: alle hardcodierten IPs entfernt, Konfiguration via Env-Variablen und Auto-Discovery

This commit is contained in:
cynfo3000 2026-03-07 14:31:24 +01:00
parent c76868e806
commit 5fc46a8148
8 changed files with 57 additions and 22 deletions

View File

@ -145,7 +145,7 @@ func ensureTLS(certPath, keyPath string) error {
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("192.168.85.13")},
IPAddresses: localIPs(),
DNSNames: []string{"localhost", "rmm-backend"},
}
@ -176,3 +176,28 @@ func ensureTLS(certPath, keyPath string) error {
log.Printf("TLS-Zertifikat generiert: %s, %s", certPath, keyPath)
return nil
}
// localIPs sammelt alle lokalen IP-Adressen des Hosts für das TLS-Zertifikat
func localIPs() []net.IP {
ips := []net.IP{net.ParseIP("127.0.0.1")}
ifaces, err := net.Interfaces()
if err != nil {
return ips
}
for _, iface := range ifaces {
addrs, _ := iface.Addrs()
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
ip = v.IP
case *net.IPAddr:
ip = v.IP
}
if ip != nil && !ip.IsLoopback() && ip.To4() != nil {
ips = append(ips, ip)
}
}
}
return ips
}

View File

@ -1,14 +1,24 @@
#!/bin/bash
# Frontend Build & Deploy
# Umgebungsvariablen setzen:
# REMOTE=root@<FRONTEND-SERVER>
# VITE_BACKEND_HOST=<BACKEND-IP-ODER-HOSTNAME>
# VITE_BACKEND_PORT=8443 (optional, default: 8443)
# VITE_API_KEY=<API-KEY> (optional)
set -e
FRONTEND_DIR="$(dirname "$0")/frontend"
REMOTE="root@192.168.85.20"
WEB_ROOT="/var/www/html"
echo "Building..."
cd "$FRONTEND_DIR" && npm run build
REMOTE="${REMOTE:-root@localhost}"
WEBROOT="${WEBROOT:-/var/www/html}"
echo "Deploying..."
ssh "$REMOTE" "rm -rf ${WEB_ROOT}/assets/*"
scp -r dist/* "$REMOTE:${WEB_ROOT}/"
ssh "$REMOTE" "chmod -R 755 ${WEB_ROOT}/assets && chmod 644 ${WEB_ROOT}/assets/* ${WEB_ROOT}/index.html ${WEB_ROOT}/vite.svg 2>/dev/null; nginx -s reload"
echo "Done."
echo "==> Baue Frontend..."
VITE_BACKEND_HOST="${VITE_BACKEND_HOST}" \
VITE_BACKEND_PORT="${VITE_BACKEND_PORT:-8443}" \
VITE_API_KEY="${VITE_API_KEY}" \
npm run build
echo "==> Deploye nach $REMOTE:$WEBROOT ..."
ssh "$REMOTE" "rm -rf ${WEBROOT}/assets/*"
scp -r dist/assets dist/index.html "$REMOTE:${WEBROOT}/"
ssh "$REMOTE" "chown -R www-data:www-data ${WEBROOT}/ && chmod -R 755 ${WEBROOT}/"
echo "==> Fertig"

View File

@ -291,7 +291,7 @@ Siehe [FIRMWARE.md](FIRMWARE.md) fuer Details.
# Peer anlegen
curl -sk -H "X-API-Key: YOUR_API_KEY" -X POST \
https://your-backend:8443/api/v1/agents/6beb8dfd38ecf03eab6c0f21b4ac7bee/wireguard/peers \
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"10.172.100.210"}'
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"<DNS-SERVER>"}'
# Peer mit eigenem Endpoint
curl -sk -H "X-API-Key: YOUR_API_KEY" -X POST \

View File

@ -620,7 +620,7 @@ Peer-Anlage: Keypair generiert auf Firewall, naechste freie IP automatisch, Endp
# Peer anlegen
curl -sk -H "X-API-Key: YOUR_API_KEY" -X POST \
https://your-backend:8443/api/v1/agents/6beb8dfd38ecf03eab6c0f21b4ac7bee/wireguard/peers \
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"10.172.100.210"}'
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"<DNS-SERVER>"}'
# Alle Peers
curl -sk -H "X-API-Key: YOUR_API_KEY" \

View File

@ -51,7 +51,7 @@ Dann `config.js` anpassen:
```js
// frontend/src/config.js
export const BACKEND_HOST = '192.168.85.13' // IP des Backend-Servers (für direkte Links, z.B. Tunnel-Ports)
export const BACKEND_HOST = '<BACKEND-IP>' // IP des Backend-Servers (für direkte Links, z.B. Tunnel-Ports)
export const BACKEND_URL = `https://${BACKEND_HOST}:8443`
export const API_KEY = 'DEIN_API_KEY' // aus backend/config.yaml → api_keys[0]
```
@ -66,7 +66,7 @@ Für die **lokale Entwicklung** (`npm run dev`) muss zusätzlich `vite.config.js
// vite.config.js → server.proxy
proxy: {
'/api': {
target: 'https://192.168.85.13:8443', // Backend-IP anpassen
target: 'https://<BACKEND-IP>:8443', // Backend-IP anpassen
changeOrigin: true,
secure: false,
ws: true, // WebSocket-Proxy aktivieren (Web Terminal, Agent-WS)
@ -127,7 +127,7 @@ server {
location /api/ {
client_max_body_size 50m;
proxy_pass https://192.168.85.13:8443;
proxy_pass https://<BACKEND-IP>:8443;
proxy_ssl_verify off;
proxy_set_header Host $host;
@ -166,7 +166,7 @@ rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx
```
> **Backend-IP anpassen:** `192.168.85.13:8443` durch die tatsächliche Backend-Adresse ersetzen.
> **Backend-IP anpassen:** `<BACKEND-IP>:8443` durch die tatsächliche Backend-Adresse ersetzen.
---
@ -228,7 +228,7 @@ API-Calls werden per Proxy an das Backend weitergeleitet — `vite.config.js` an
// vite.config.js
proxy: {
'/api': {
target: 'https://192.168.85.13:8443', // Backend-IP anpassen
target: 'https://<BACKEND-IP>:8443', // Backend-IP anpassen
changeOrigin: true,
secure: false,
ws: true, // WebSocket-Proxy (Web Terminal, Agent-WS)

View File

@ -265,7 +265,7 @@ DELETE /api/v1/agents/{id}/wireguard/peers/{uuid} Peer loeschen
# Peer anlegen (Auto: Keypair, naechste freie IP, Endpoint)
curl -sk -H "Authorization: Bearer <TOKEN>" -X POST \
https://your-backend:8443/api/v1/agents/6beb8dfd.../wireguard/peers \
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"10.172.100.210"}'
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"<DNS-SERVER>"}'
# → {peer_config: "[Interface]\nPrivateKey=...\n[Peer]\n...", ...}
# Alle Peers

View File

@ -1166,7 +1166,7 @@ function WireGuardTab({ agentId, sys }) {
const [peers, setPeers] = useState([])
const [loading, setLoading] = useState(true)
const [adding, setAdding] = useState(false)
const [newPeer, setNewPeer] = useState({ name: '', dns: '10.172.100.210, 10.172.100.220' })
const [newPeer, setNewPeer] = useState({ name: '', dns: '' })
const [result, setResult] = useState(null)
const [copied, setCopied] = useState(false)
const [error, setError] = useState('')
@ -1201,7 +1201,7 @@ function WireGuardTab({ agentId, sys }) {
})
setResult(resp?.data || resp)
setAdding(false)
setNewPeer({ name: '', dns: '10.172.100.210, 10.172.100.220' })
setNewPeer({ name: '', dns: '' })
loadPeers()
} catch (e) {
setError(e.message)

View File

@ -415,7 +415,7 @@ function SystemSettingsSection() {
type="text"
value={form.backend_url_internal || ''}
onChange={(e) => setForm({ ...form, backend_url_internal: e.target.value })}
placeholder="https://192.168.85.13:8443"
placeholder="https://<BACKEND-IP>:8443"
className="w-full bg-gray-800 border border-gray-700 rounded px-3 py-2 text-white text-sm focus:outline-none focus:border-orange-500 mt-1"
/>
<div className="text-[10px] text-gray-600 mt-0.5">Fuer Tunnel-Zugriff und lokale Verbindungen</div>