diff --git a/changelog.md b/changelog.md index dd44e2c..63b48d3 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,13 @@ # Changelog +## 2026-02-27 - 10.0.0 - BREAKING CHANGE(remote-ingress) +replace tlsConfigured boolean with tlsMode ('custom' | 'acme' | 'self-signed') and compute TLS mode server-side + +- Server: compute remoteIngress.tlsMode = 'custom' when custom certPath/keyPath provided; else attempt to detect ACME by checking stored certs for hubDomain; default to 'self-signed' as fallback. +- API: replaced remoteIngress.tlsConfigured:boolean with tlsMode:'custom'|'acme'|'self-signed' — this is a breaking change for consumers of the config API. +- UI: ops view updated to display TLS Mode as a badge instead of a boolean "TLS Configured" field. +- Action required: update clients and integrations to read remoteIngress.tlsMode instead of tlsConfigured. + ## 2026-02-26 - 9.3.0 - feat(remoteingress) add TLS certificate resolution and passthrough for RemoteIngress tunnel diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index 1514241..ebce8d5 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@serve.zone/dcrouter', - version: '9.3.0', + version: '10.0.0', description: 'A multifaceted routing service handling mail and SMS delivery functions.' } diff --git a/ts/opsserver/handlers/config.handler.ts b/ts/opsserver/handlers/config.handler.ts index a0aa12f..7829a2f 100644 --- a/ts/opsserver/handlers/config.handler.ts +++ b/ts/opsserver/handlers/config.handler.ts @@ -179,11 +179,25 @@ export class ConfigHandler { // --- Remote Ingress --- const riCfg = opts.remoteIngressConfig; const connectedEdgeIps = dcRouter.tunnelManager?.getConnectedEdgeIps() || []; + + // Determine TLS mode: custom certs > ACME from cert store > self-signed fallback + let tlsMode: 'custom' | 'acme' | 'self-signed' = 'self-signed'; + if (riCfg?.tls?.certPath && riCfg?.tls?.keyPath) { + tlsMode = 'custom'; + } else if (riCfg?.hubDomain) { + try { + const stored = await dcRouter.storageManager.getJSON(`/proxy-certs/${riCfg.hubDomain}`); + if (stored?.publicKey && stored?.privateKey) { + tlsMode = 'acme'; + } + } catch { /* no stored cert */ } + } + const remoteIngress: interfaces.requests.IConfigData['remoteIngress'] = { enabled: !!dcRouter.remoteIngressManager, tunnelPort: riCfg?.tunnelPort || null, hubDomain: riCfg?.hubDomain || null, - tlsConfigured: !!(riCfg?.tls?.certPath && riCfg?.tls?.keyPath), + tlsMode, connectedEdgeIps, }; diff --git a/ts_interfaces/requests/config.ts b/ts_interfaces/requests/config.ts index 493d71c..002bcc6 100644 --- a/ts_interfaces/requests/config.ts +++ b/ts_interfaces/requests/config.ts @@ -69,7 +69,7 @@ export interface IConfigData { enabled: boolean; tunnelPort: number | null; hubDomain: string | null; - tlsConfigured: boolean; + tlsMode: 'custom' | 'acme' | 'self-signed'; connectedEdgeIps: string[]; }; } diff --git a/ts_web/00_commitinfo_data.ts b/ts_web/00_commitinfo_data.ts index 1514241..ebce8d5 100644 --- a/ts_web/00_commitinfo_data.ts +++ b/ts_web/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@serve.zone/dcrouter', - version: '9.3.0', + version: '10.0.0', description: 'A multifaceted routing service handling mail and SMS delivery functions.' } diff --git a/ts_web/elements/ops-view-config.ts b/ts_web/elements/ops-view-config.ts index eecdaf9..238f51d 100644 --- a/ts_web/elements/ops-view-config.ts +++ b/ts_web/elements/ops-view-config.ts @@ -300,7 +300,7 @@ export class OpsViewConfig extends DeesElement { const fields: IConfigField[] = [ { key: 'Tunnel Port', value: ri.tunnelPort }, { key: 'Hub Domain', value: ri.hubDomain }, - { key: 'TLS Configured', value: ri.tlsConfigured, type: 'boolean' }, + { key: 'TLS Mode', value: ri.tlsMode, type: 'badge' }, { key: 'Connected Edge IPs', value: ri.connectedEdgeIps?.length > 0 ? ri.connectedEdgeIps : null, type: 'pills' }, ];