v1.30.0

feat(admin-ui): add configurable Admin UI domain routing
v1.29.0
2026-05-24 14:46:51 +00:00 · 2026-05-24 14:46:35 +00:00 · 2026-05-24 11:50:10 +00:00 · 2026-05-24 11:49:43 +00:00
22 changed files with 1047 additions and 89 deletions
@@ -3,6 +3,32 @@
 ## Pending
 ## 2026-05-24 - 1.30.0
 ### Features
 - add configurable Onebox Admin UI domain
  - expose Admin UI domain in settings
  - sync the Admin UI route as a first-class dcrouter gateway route
  - keep Admin UI routing separate from app service routes
 - add configurable Admin UI domain routing (admin-ui)
  - Expose and validate the Admin UI domain in settings
  - Sync the Admin UI as a dedicated dcrouter gateway route and SmartProxy route
  - Preserve configured and legacy Admin UI routes during stale-route reconciliation
 ### Fixes
 - preserve Onebox Admin UI routes during external gateway stale-route reconciliation
 ## 2026-05-24 - 1.29.0
 ### Features
 - add Onebox runtime update prompts and admin-triggered self-upgrades
  - expose Onebox update status through system status
  - reuse the CLI upgrade logic for web-triggered detached upgrades
  - show an update banner and guided DeesUpdater flow in the dashboard
 ## 2026-05-24 - 1.28.0
 ### Features
@@ -1,6 +1,6 @@
 {
  "name": "@serve.zone/onebox",
-  "version": "1.28.0",
+  "version": "1.30.0",
  "exports": "./mod.ts",
  "tasks": {
    "test": "deno test --allow-all test/",
@@ -1,6 +1,6 @@
 {
  "name": "@serve.zone/onebox",
-  "version": "1.28.0",
+  "version": "1.30.0",
  "description": "Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers",
  "main": "mod.ts",
  "type": "module",
@@ -52,7 +52,7 @@
    "x64",
    "arm64"
  ],
-  "packageManager": "pnpm@10.18.1+sha512.77a884a165cbba2d8d1c19e3b4880eee6d2fcabd0d879121e282196b80042351d5eb3ca0935fa599da1dc51265cc68816ad2bddd2a2de5ea9fdf92adbec7cd34",
+  "packageManager": "pnpm@11.1.2",
  "dependencies": {
    "@api.global/typedrequest-interfaces": "^3.0.19",
    "@api.global/typedsocket": "^4.1.3",
@@ -65,8 +65,5 @@
    "@git.zone/tsdeno": "^1.3.2",
    "@git.zone/tswatch": "^3.3.5"
  },
-  "private": true,
+  "private": true
  "pnpm": {
    "overrides": {}
  }
 }
@@ -173,6 +173,47 @@ Deno.test('ExternalGatewayManager syncs service routes to dcrouter gatewayClient
  assertEquals(syncRequest.requestData.enabled, true);
 });
 Deno.test('ExternalGatewayManager syncs Admin UI route to dcrouter gatewayClient API', async () => {
  const oneboxRef = makeOneboxRef();
  oneboxRef.database.settings.set('adminUiDomain', 'Onebox.Example.com');
  oneboxRef.database.settings.set('serverIP', '203.0.113.10');
  oneboxRef.database.settings.set('httpPort', '8080');
  const requests: Array<{ method: string; requestData: Record<string, unknown> }> = [];
  const manager = new ExternalGatewayManager(oneboxRef as any);
  (manager as any).fireDcRouterRequest = async (
    method: string,
    requestData: Record<string, unknown>,
  ) => {
    if (method === 'getGatewayClientContext') {
      return {
        context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } },
      };
    }
    requests.push({ method, requestData });
    if (method === 'exportCertificate') {
      return { success: false };
    }
    return { success: true, action: 'created', routeId: 'admin-route' };
  };
  await manager.syncAdminUiRoute();
  const syncRequest = requests.find((request) => request.method === 'syncGatewayClientRoute')!;
  const route = syncRequest.requestData.route as any;
  const ownership = syncRequest.requestData.ownership as any;
  assertEquals(ownership, {
    gatewayClientType: 'onebox',
    gatewayClientId: 'onebox-token',
    appId: 'onebox-admin-ui',
    hostname: 'onebox.example.com',
  });
  assertEquals(route.match, { ports: [443], domains: ['onebox.example.com'] });
  assertEquals(route.action.targets, [{ host: '203.0.113.10', port: 8080 }]);
  assertEquals(syncRequest.requestData.enabled, true);
 });
 Deno.test('ExternalGatewayManager uses managed dcrouter local target in managed mode', async () => {
  const oneboxRef = makeOneboxRef();
  (oneboxRef as any).managedDcRouter = {
@@ -322,6 +363,206 @@ Deno.test('ExternalGatewayManager removes stale gateway routes during reconcilia
  assertEquals((deletes[0].ownership as any).hostname, 'stale.example.com');
 });
 Deno.test('ExternalGatewayManager preserves configured Admin UI route during reconciliation', async () => {
  const oneboxRef = makeOneboxRef();
  oneboxRef.database.settings.set('adminUiDomain', 'onebox.example.com');
  oneboxRef.database.settings.set('serverIP', '203.0.113.10');
  oneboxRef.database.services.push({
    id: 1,
    name: 'active',
    image: 'nginx:latest',
    envVars: {},
    port: 3000,
    domain: 'active.example.com',
    status: 'running',
    createdAt: 1,
    updatedAt: 1,
  });
  const deletes: Record<string, unknown>[] = [];
  const manager = new ExternalGatewayManager(oneboxRef as any);
  (manager as any).fireDcRouterRequest = async (method: string, requestData: Record<string, unknown>) => {
    if (method === 'getGatewayClientContext') {
      return { context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } } };
    }
    if (method === 'syncGatewayClientRoute') {
      if (requestData.delete) {
        deletes.push(requestData);
        return { success: true, action: 'deleted' };
      }
      return { success: true, action: 'updated' };
    }
    if (method === 'exportCertificate') {
      return { success: false };
    }
    if (method === 'getGatewayClientDnsRecords') {
      return {
        records: [
          {
            id: 'admin-record',
            domainId: 'domain-1',
            name: 'onebox',
            type: 'A',
            value: '203.0.113.10',
            ttl: 300,
            source: 'route',
            status: 'active',
            gatewayClientType: 'onebox',
            gatewayClientId: 'onebox-token',
            appId: 'onebox-admin-ui',
            hostname: 'onebox.example.com',
            routeId: 'admin-route',
          },
          {
            id: 'stale-record',
            domainId: 'domain-1',
            name: 'stale',
            type: 'A',
            value: '203.0.113.10',
            ttl: 300,
            source: 'route',
            status: 'active',
            gatewayClientType: 'onebox',
            gatewayClientId: 'onebox-token',
            appId: 'stale',
            hostname: 'stale.example.com',
            routeId: 'stale-route',
          },
        ],
      };
    }
    throw new Error(`Unexpected method: ${method}`);
  };
  await manager.syncServiceRoutes();
  assertEquals(deletes.length, 1);
  assertEquals((deletes[0].ownership as any).hostname, 'stale.example.com');
 });
 Deno.test('ExternalGatewayManager preserves legacy Admin UI route when setting is absent', async () => {
  const oneboxRef = makeOneboxRef();
  oneboxRef.database.settings.set('serverIP', '203.0.113.10');
  const deletes: Record<string, unknown>[] = [];
  const manager = new ExternalGatewayManager(oneboxRef as any);
  (manager as any).fireDcRouterRequest = async (
    method: string,
    requestData: Record<string, unknown>,
  ) => {
    if (method === 'getGatewayClientContext') {
      return {
        context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } },
      };
    }
    if (method === 'syncGatewayClientRoute') {
      if (requestData.delete) {
        deletes.push(requestData);
        return { success: true, action: 'deleted' };
      }
      return { success: true, action: 'updated' };
    }
    if (method === 'getGatewayClientDnsRecords') {
      return {
        records: [
          {
            id: 'legacy-admin-record',
            domainId: 'domain-1',
            name: 'onebox',
            type: 'A',
            value: '203.0.113.10',
            ttl: 300,
            source: 'route',
            status: 'active',
            gatewayClientType: 'onebox',
            gatewayClientId: 'onebox-token',
            appId: 'onebox',
            hostname: 'onebox.example.com',
            routeId: 'legacy-admin-route',
          },
          {
            id: 'stale-record',
            domainId: 'domain-1',
            name: 'stale',
            type: 'A',
            value: '203.0.113.10',
            ttl: 300,
            source: 'route',
            status: 'active',
            gatewayClientType: 'onebox',
            gatewayClientId: 'onebox-token',
            appId: 'stale',
            hostname: 'stale.example.com',
            routeId: 'stale-route',
          },
        ],
      };
    }
    throw new Error(`Unexpected method: ${method}`);
  };
  await manager.syncServiceRoutes();
  assertEquals(deletes.length, 1);
  assertEquals((deletes[0].ownership as any).hostname, 'stale.example.com');
 });
 Deno.test('ExternalGatewayManager deletes old Admin UI route after domain change', async () => {
  const oneboxRef = makeOneboxRef();
  oneboxRef.database.settings.set('adminUiDomain', 'new.example.com');
  oneboxRef.database.settings.set('serverIP', '203.0.113.10');
  const deletes: Record<string, unknown>[] = [];
  const manager = new ExternalGatewayManager(oneboxRef as any);
  (manager as any).fireDcRouterRequest = async (
    method: string,
    requestData: Record<string, unknown>,
  ) => {
    if (method === 'getGatewayClientContext') {
      return {
        context: { role: 'gatewayClient', gatewayClient: { type: 'onebox', id: 'onebox-token' } },
      };
    }
    if (method === 'syncGatewayClientRoute') {
      if (requestData.delete) {
        deletes.push(requestData);
        return { success: true, action: 'deleted' };
      }
      return { success: true, action: 'updated' };
    }
    if (method === 'exportCertificate') {
      return { success: false };
    }
    if (method === 'getGatewayClientDnsRecords') {
      return {
        records: [
          {
            id: 'old-admin-record',
            domainId: 'domain-1',
            name: 'onebox',
            type: 'A',
            value: '203.0.113.10',
            ttl: 300,
            source: 'route',
            status: 'active',
            gatewayClientType: 'onebox',
            gatewayClientId: 'onebox-token',
            appId: 'onebox-admin-ui',
            hostname: 'old.example.com',
            routeId: 'old-admin-route',
          },
        ],
      };
    }
    throw new Error(`Unexpected method: ${method}`);
  };
  await manager.syncServiceRoutes();
  assertEquals(deletes.length, 1);
  assertEquals((deletes[0].ownership as any).hostname, 'old.example.com');
 });
 Deno.test('ExternalGatewayManager imports exported dcrouter certificates into Onebox', async () => {
  const oneboxRef = makeOneboxRef();
  const manager = new ExternalGatewayManager(oneboxRef as any);
@@ -0,0 +1,50 @@
 import { assertEquals } from '@std/assert';
 import { OneboxReverseProxy } from '../ts/classes/reverseproxy.ts';
 import type { IService } from '../ts/types.ts';
 class FakeDatabase {
  public settings = new Map<string, string>();
  public services: IService[] = [];
  getSetting(key: string): string | null {
    return this.settings.get(key) ?? null;
  }
  getAllServices(): IService[] {
    return this.services;
  }
  getServiceByID(id: number): IService | null {
    return this.services.find((service) => service.id === id) ?? null;
  }
  getAllSSLCertificates(): [] {
    return [];
  }
 }
 Deno.test('OneboxReverseProxy loads Admin UI domain as local SmartProxy route', async () => {
  const database = new FakeDatabase();
  database.settings.set('adminUiDomain', 'onebox.example.com');
  database.settings.set('serverIP', '203.0.113.10');
  const reverseProxy = new OneboxReverseProxy({ database } as any);
  const routes: Array<{ domain: string; upstream: string }> = [];
  (reverseProxy as any).smartProxy = {
    clear: () => routes.splice(0, routes.length),
    addRoute: async (domain: string, upstream: string) => {
      routes.push({ domain, upstream });
    },
    getCertificates: () => [],
  };
  await reverseProxy.reloadRoutes();
  assertEquals(routes, [
    {
      domain: 'onebox.example.com',
      upstream: '203.0.113.10:3000',
    },
  ]);
 });
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/onebox',
-  version: '1.28.0',
+  version: '1.30.0',
  description: 'Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers'
 }
@@ -1,11 +1,17 @@
 import * as plugins from '../plugins.ts';
 import { logger } from '../logging.ts';
 import { getErrorMessage } from '../utils/error.ts';
 import { normalizeHostname } from '../utils/domain.ts';
 import { OneboxDatabase } from './database.ts';
 import type { IDomain, IService } from '../types.ts';
 import type { TDcRouterMode } from './managed-dcrouter.ts';
 const adminUiRouteName = 'onebox-admin-ui';
 type TWorkHosterType = 'onebox';
 type TExternalGatewayRoute = Pick<IService, 'id' | 'name' | 'domain' | 'status'> & {
  domain: string;
 };
 interface IExternalGatewayConfig {
  url: string;
@@ -137,15 +143,34 @@ export class ExternalGatewayManager {
  }
  public async syncServiceRoutes(): Promise<void> {
    const adminUiRoute = this.getAdminUiRoute();
    const adminUiDomain = adminUiRoute?.domain;
    const services = this.database.getAllServices()
-      .filter((service) => service.domain && service.status === 'running');
+      .filter((service) =>
        service.domain && service.status === 'running' && service.domain !== adminUiDomain
      );
    const activeHostnames = new Set(services.map((service) => service.domain!));
    if (adminUiRoute) {
      activeHostnames.add(adminUiRoute.domain);
      try {
        await this.syncGatewayRoute(adminUiRoute);
      } catch (error) {
        logger.warn(
          `Failed to sync external gateway route for ${adminUiRoute.domain}: ${
            getErrorMessage(error)
          }`,
        );
      }
    }
    for (const service of services) {
      try {
        await this.syncServiceRoute(service);
      } catch (error) {
-        logger.warn(`Failed to sync external gateway route for ${service.domain}: ${getErrorMessage(error)}`);
+        logger.warn(
          `Failed to sync external gateway route for ${service.domain}: ${getErrorMessage(error)}`,
        );
      }
    }
@@ -158,6 +183,7 @@ export class ExternalGatewayManager {
    for (const record of records) {
      if (!record.hostname || activeHostnamesArg.has(record.hostname)) continue;
      if (this.shouldPreserveUnconfiguredAdminUiRecord(record)) continue;
      if (!record.routeId && !record.appId && !record.serviceName) continue;
      staleRecordsByHostname.set(record.hostname, record);
    }
@@ -169,7 +195,11 @@ export class ExternalGatewayManager {
          domain: record.hostname,
        });
      } catch (error) {
-        logger.warn(`Failed to delete stale external gateway route for ${record.hostname}: ${getErrorMessage(error)}`);
+        logger.warn(
          `Failed to delete stale external gateway route for ${record.hostname}: ${
            getErrorMessage(error)
          }`,
        );
      }
    }
  }
@@ -289,40 +319,72 @@ export class ExternalGatewayManager {
  public async syncServiceRoute(service: IService): Promise<void> {
    if (!service.domain) return;
    await this.syncGatewayRoute({
      id: service.id,
      name: service.name,
      domain: service.domain,
      status: service.status,
    });
  }
  public async syncAdminUiRoute(): Promise<void> {
    const route = this.getAdminUiRoute();
    if (!route) return;
    await this.syncGatewayRoute(route);
  }
  public async deleteAdminUiRoute(domain: string): Promise<void> {
    const normalizedDomain = normalizeHostname(domain);
    if (!normalizedDomain) return;
    await this.deleteServiceRoute({
      name: adminUiRouteName,
      domain: normalizedDomain,
    });
  }
  private async syncGatewayRoute(route: TExternalGatewayRoute): Promise<void> {
    if (!route.domain) return;
    const config = await this.getConfig({ requireTarget: true });
    if (!config) return;
    const result = await this.fireDcRouterRequest<IWorkAppRouteSyncResult>(
      'syncGatewayClientRoute',
      {
-        ownership: this.buildGatewayClientOwnership(service, service.domain, config),
+        ownership: this.buildGatewayClientOwnership(route, route.domain, config),
-        route: this.buildRoute(service, config),
+        route: this.buildRoute(route, config),
-        enabled: service.status === 'running',
+        enabled: route.status === 'running',
      },
      config,
    ).catch(async () => {
      return await this.fireDcRouterRequest<IWorkAppRouteSyncResult>(
        'syncWorkAppRoute',
        {
-          ownership: this.buildOwnership(service, service.domain!, config),
+          ownership: this.buildOwnership(route, route.domain, config),
-          route: this.buildRoute(service, config),
+          route: this.buildRoute(route, config),
-          enabled: service.status === 'running',
+          enabled: route.status === 'running',
        },
        config,
      );
    });
    if (!result.success) {
-      throw new Error(result.message || `dcrouter route sync failed for ${service.domain}`);
+      throw new Error(result.message || `dcrouter route sync failed for ${route.domain}`);
    }
-    logger.success(`External gateway route ${result.action || 'synced'} for ${service.domain}`);
+    logger.success(`External gateway route ${result.action || 'synced'} for ${route.domain}`);
-    await this.importCertificateForDomain(service.domain).catch((error) => {
+    await this.importCertificateForDomain(route.domain).catch((error) => {
-      logger.debug(`External gateway certificate import skipped for ${service.domain}: ${getErrorMessage(error)}`);
+      logger.debug(
        `External gateway certificate import skipped for ${route.domain}: ${
          getErrorMessage(error)
        }`,
      );
    });
  }
-  public async deleteServiceRoute(service: Pick<IService, 'id' | 'name' | 'domain'>): Promise<void> {
+  public async deleteServiceRoute(
    service: Pick<IService, 'id' | 'name' | 'domain'>,
  ): Promise<void> {
    if (!service.domain) return;
    const config = await this.getConfig({ requireTarget: false });
@@ -536,12 +598,35 @@ export class ExternalGatewayManager {
    return ownership;
  }
-  private buildRoute(service: IService, config: IExternalGatewayConfig): IDcRouterRouteConfig {
+  private getAdminUiRoute(): TExternalGatewayRoute | null {
    const domain = normalizeHostname(this.database.getSetting('adminUiDomain') || '');
    if (!domain) return null;
    return {
-      name: this.routeName(service.domain!),
+      id: 0,
      name: adminUiRouteName,
      domain,
      status: 'running',
    };
  }
  private isAdminUiRecord(record: IGatewayDnsRecord): boolean {
    const ownerName = record.serviceName || record.appId;
    return ownerName === adminUiRouteName || ownerName === 'onebox';
  }
  private shouldPreserveUnconfiguredAdminUiRecord(record: IGatewayDnsRecord): boolean {
    return this.database.getSetting('adminUiDomain') === null && this.isAdminUiRecord(record);
  }
  private buildRoute(
    route: TExternalGatewayRoute,
    config: IExternalGatewayConfig,
  ): IDcRouterRouteConfig {
    return {
      name: this.routeName(route.domain),
      match: {
        ports: [443],
-        domains: [service.domain!],
+        domains: [route.domain],
      },
      action: {
        type: 'forward',
@@ -5,6 +5,7 @@
 */
 import { logger } from '../logging.ts';
 import { projectInfo } from '../info.ts';
 import { getErrorMessage } from '../utils/error.ts';
 import { hashPassword } from '../utils/auth.ts';
 import { OneboxDatabase } from './database.ts';
@@ -26,6 +27,7 @@ import { BackupManager } from './backup-manager.ts';
 import { BackupScheduler } from './backup-scheduler.ts';
 import { ExternalGatewayManager } from './external-gateway.ts';
 import { ManagedDcRouterManager } from './managed-dcrouter.ts';
 import { OneboxUpdateManager } from './update-manager.ts';
 import { OpsServer } from '../opsserver/index.ts';
 export class Onebox {
@@ -48,6 +50,7 @@ export class Onebox {
  public backupScheduler: BackupScheduler;
  public managedDcRouter: ManagedDcRouterManager;
  public externalGateway: ExternalGatewayManager;
  public updateManager: OneboxUpdateManager;
  public opsServer: OpsServer;
  private initialized = false;
@@ -93,6 +96,7 @@ export class Onebox {
    // Initialize optional dcrouter gateway integration
    this.managedDcRouter = new ManagedDcRouterManager(this);
    this.externalGateway = new ExternalGatewayManager(this);
    this.updateManager = new OneboxUpdateManager();
    // Initialize OpsServer (TypedRequest-based server)
    this.opsServer = new OpsServer(this);
@@ -305,6 +309,7 @@ export class Onebox {
      const proxyStatus = this.reverseProxy.getStatus();
      const dnsConfigured = this.dns.isConfigured();
      const sslConfigured = this.ssl.isConfigured();
      const oneboxUpdate = await this.updateManager.getUpdateStatus();
      const services = this.services.listServices();
      const runningServices = services.filter((s) => s.status === 'running').length;
@@ -407,6 +412,10 @@ export class Onebox {
      }
      return {
        onebox: {
          version: projectInfo.version,
          update: oneboxUpdate,
        },
        docker: {
          running: dockerRunning,
          version: dockerRunning ? await this.docker.getDockerVersion() : null,
@@ -10,15 +10,20 @@
 import { logger } from '../logging.ts';
 import { getErrorMessage } from '../utils/error.ts';
 import { normalizeHostname } from '../utils/domain.ts';
 import { OneboxDatabase } from './database.ts';
 import { SmartProxyManager } from './smartproxy.ts';
 const adminUiRouteName = 'onebox-admin-ui';
 const adminUiPort = 3000;
 interface IProxyRoute {
  domain: string;
  targetHost: string;
  targetPort: number;
-  serviceId: number;
+  serviceId?: number;
  serviceName?: string;
  routeType: 'service' | 'admin-ui';
 }
 export class OneboxReverseProxy {
@@ -112,6 +117,7 @@ export class OneboxReverseProxy {
        targetPort,
        serviceId,
        serviceName,
        routeType: 'service',
      };
      this.routes.set(domain, route);
@@ -127,6 +133,25 @@ export class OneboxReverseProxy {
    }
  }
  async addAdminUiRoute(domain: string): Promise<void> {
    const normalizedDomain = normalizeHostname(domain);
    if (!normalizedDomain) return;
    const targetHost = this.getAdminUiTargetHost();
    const route: IProxyRoute = {
      domain: normalizedDomain,
      targetHost,
      targetPort: adminUiPort,
      serviceName: adminUiRouteName,
      routeType: 'admin-ui',
    };
    this.routes.set(normalizedDomain, route);
    const upstream = `${targetHost}:${adminUiPort}`;
    await this.smartProxy.addRoute(normalizedDomain, upstream);
    logger.success(`Added Admin UI proxy route: ${normalizedDomain} -> ${upstream}`);
  }
  /**
   * Remove a route
   */
@@ -166,6 +191,11 @@ export class OneboxReverseProxy {
        }
      }
      const adminUiDomain = this.getAdminUiDomain();
      if (adminUiDomain) {
        await this.addAdminUiRoute(adminUiDomain);
      }
      logger.success(`Loaded ${this.routes.size} proxy routes`);
    } catch (error) {
      logger.error(`Failed to reload routes: ${getErrorMessage(error)}`);
@@ -173,6 +203,18 @@ export class OneboxReverseProxy {
    }
  }
  private getAdminUiDomain(): string {
    return normalizeHostname(this.database.getSetting('adminUiDomain') || '');
  }
  private getAdminUiTargetHost(): string {
    const serverIP = this.database.getSetting('serverIP');
    if (!serverIP) {
      logger.warn('serverIP is not configured; Admin UI proxy route will use host.docker.internal');
    }
    return serverIP || 'host.docker.internal';
  }
  /**
   * Add TLS certificate for a domain
   * Sends PEM content to SmartProxy via Admin API
@@ -0,0 +1,214 @@
 import { logger } from '../logging.ts';
 import { projectInfo } from '../info.ts';
 import { getErrorMessage } from '../utils/error.ts';
 import * as interfaces from '../../ts_interfaces/index.ts';
 const ONEBOX_REPOSITORY_URL = 'https://code.foss.global/serve.zone/onebox';
 const ONEBOX_LATEST_RELEASE_API_URL =
  'https://code.foss.global/api/v1/repos/serve.zone/onebox/releases/latest';
 const ONEBOX_INSTALL_SCRIPT_URL = `${ONEBOX_REPOSITORY_URL}/raw/branch/main/install.sh`;
 const ONEBOX_CHANGELOG_URL = `${ONEBOX_REPOSITORY_URL}/src/branch/main/changelog.md`;
 const UPGRADE_LOG_PATH = '/var/log/onebox-upgrade.log';
 interface IGiteaReleaseResponse {
  tag_name?: unknown;
  html_url?: unknown;
 }
 interface IParsedRelease {
  tagName: string;
  releaseUrl: string;
 }
 export class OneboxUpdateManager {
  private cachedStatus: interfaces.data.IOneboxUpdateStatus | null = null;
  private cachedStatusExpiresAt = 0;
  private upgradeStartedAt = 0;
  private readonly statusCacheTtlMs = 5 * 60 * 1000;
  public async getUpdateStatus(
    optionsArg: { force?: boolean } = {},
  ): Promise<interfaces.data.IOneboxUpdateStatus> {
    const now = Date.now();
    if (!optionsArg.force && this.cachedStatus && this.cachedStatusExpiresAt > now) {
      return this.cachedStatus;
    }
    const status = await this.fetchUpdateStatus();
    this.cachedStatus = status;
    this.cachedStatusExpiresAt = now + this.statusCacheTtlMs;
    return status;
  }
  public async startDetachedUpgrade(): Promise<interfaces.data.IOneboxUpgradeStartResult> {
    this.assertRoot();
    const status = await this.getUpdateStatus({ force: true });
    this.assertUpdateCheckSucceeded(status);
    const targetVersion = status.latestVersion || status.currentVersion;
    if (!status.updateAvailable) {
      return {
        accepted: false,
        currentVersion: status.currentVersion,
        targetVersion,
        message: 'Onebox is already up to date.',
      };
    }
    if (this.upgradeStartedAt && Date.now() - this.upgradeStartedAt < 10 * 60 * 1000) {
      return {
        accepted: false,
        currentVersion: status.currentVersion,
        targetVersion,
        message: 'A Onebox upgrade has already been started.',
        logPath: UPGRADE_LOG_PATH,
      };
    }
    const command = new Deno.Command('bash', {
      args: ['-c', this.createDetachedUpgradeScript()],
      stdin: 'null',
      stdout: 'null',
      stderr: 'null',
      detached: true,
    });
    const child = command.spawn();
    child.unref();
    this.upgradeStartedAt = Date.now();
    logger.info(`Started detached Onebox upgrade process ${child.pid}`);
    return {
      accepted: true,
      currentVersion: status.currentVersion,
      targetVersion,
      message: 'Onebox upgrade started. The service will restart automatically.',
      pid: child.pid,
      logPath: UPGRADE_LOG_PATH,
    };
  }
  public async runUpgradeForeground(
    statusArg?: interfaces.data.IOneboxUpdateStatus,
  ): Promise<interfaces.data.IOneboxUpgradeStartResult> {
    this.assertRoot();
    const status = statusArg || (await this.getUpdateStatus({ force: true }));
    this.assertUpdateCheckSucceeded(status);
    const targetVersion = status.latestVersion || status.currentVersion;
    if (!status.updateAvailable) {
      return {
        accepted: false,
        currentVersion: status.currentVersion,
        targetVersion,
        message: 'Onebox is already up to date.',
      };
    }
    const installCommand = new Deno.Command('bash', {
      args: ['-c', `curl -sSL ${ONEBOX_INSTALL_SCRIPT_URL} | bash`],
      stdin: 'inherit',
      stdout: 'inherit',
      stderr: 'inherit',
    });
    const installResult = await installCommand.output();
    if (!installResult.success) {
      throw new Error('Upgrade failed');
    }
    return {
      accepted: true,
      currentVersion: status.currentVersion,
      targetVersion,
      message: `Upgraded to ${targetVersion}`,
    };
  }
  private async fetchUpdateStatus(): Promise<interfaces.data.IOneboxUpdateStatus> {
    const currentVersion = this.normalizeVersion(projectInfo.version);
    const checkedAt = Date.now();
    try {
      const release = await this.fetchLatestRelease();
      const latestVersion = this.normalizeVersion(release.tagName);
      return {
        currentVersion,
        latestVersion,
        updateAvailable: currentVersion !== latestVersion,
        checkedAt,
        releaseUrl: release.releaseUrl,
        changelogUrl: ONEBOX_CHANGELOG_URL,
      };
    } catch (error) {
      return {
        currentVersion,
        latestVersion: null,
        updateAvailable: false,
        checkedAt,
        releaseUrl: `${ONEBOX_REPOSITORY_URL}/releases`,
        changelogUrl: ONEBOX_CHANGELOG_URL,
        error: getErrorMessage(error),
      };
    }
  }
  private async fetchLatestRelease(): Promise<IParsedRelease> {
    const abortController = new AbortController();
    const timeoutId = setTimeout(() => abortController.abort(), 5000);
    try {
      const response = await fetch(ONEBOX_LATEST_RELEASE_API_URL, {
        headers: { accept: 'application/json' },
        signal: abortController.signal,
      });
      if (!response.ok) {
        throw new Error(`Failed to fetch latest release: HTTP ${response.status}`);
      }
      const release = await response.json() as IGiteaReleaseResponse;
      if (typeof release.tag_name !== 'string' || !release.tag_name) {
        throw new Error('Latest release response does not include a tag name');
      }
      const tagName = release.tag_name;
      const releaseUrl = typeof release.html_url === 'string' && release.html_url
        ? release.html_url
        : `${ONEBOX_REPOSITORY_URL}/releases/tag/${this.normalizeVersion(tagName)}`;
      return { tagName, releaseUrl };
    } finally {
      clearTimeout(timeoutId);
    }
  }
  private assertRoot(): void {
    if (Deno.uid() !== 0) {
      throw new Error('Onebox upgrades must be started as root. Try: sudo onebox upgrade');
    }
  }
  private assertUpdateCheckSucceeded(statusArg: interfaces.data.IOneboxUpdateStatus): void {
    if (statusArg.error) {
      throw new Error(`Cannot determine latest Onebox release: ${statusArg.error}`);
    }
  }
  private normalizeVersion(versionArg: string): string {
    const trimmedVersion = versionArg.trim();
    return trimmedVersion.startsWith('v') ? trimmedVersion : `v${trimmedVersion}`;
  }
  private createDetachedUpgradeScript(): string {
    return `
 set -e
 mkdir -p /var/log
 {
  echo "==== Onebox upgrade started $(date -Is) ===="
  sleep 2
  curl -sSL ${ONEBOX_INSTALL_SCRIPT_URL} | bash
  echo "==== Onebox upgrade finished $(date -Is) ===="
 } >> ${UPGRADE_LOG_PATH} 2>&1
 `;
  }
 }
@@ -8,6 +8,7 @@ import { getErrorMessage } from './utils/error.ts';
 import { Onebox } from './classes/onebox.ts';
 import { OneboxDaemon } from './classes/daemon.ts';
 import { OneboxSystemd } from './classes/systemd.ts';
 import { OneboxUpdateManager } from './classes/update-manager.ts';
 import type { IAppVersionConfig } from './classes/appstore-types.ts';
 export async function runCli(): Promise<void> {
@@ -500,60 +501,29 @@ async function handleUpgradeCommand(): Promise<void> {
  logger.info('Checking for updates...');
  try {
-    // Get current version
+    const updateManager = new OneboxUpdateManager();
-    const currentVersion = projectInfo.version;
+    const status = await updateManager.getUpdateStatus({ force: true });
    if (status.error) {
      throw new Error(status.error);
    }
-    // Fetch latest version from Gitea API
+    console.log(`  Current version: ${status.currentVersion}`);
-    const apiUrl = 'https://code.foss.global/api/v1/repos/serve.zone/onebox/releases/latest';
+    console.log(`  Latest version:  ${status.latestVersion}`);
    const curlCmd = new Deno.Command('curl', {
      args: ['-sSL', apiUrl],
      stdout: 'piped',
      stderr: 'piped',
    });
    const curlResult = await curlCmd.output();
    const response = new TextDecoder().decode(curlResult.stdout);
    const release = JSON.parse(response);
    const latestVersion = release.tag_name as string; // e.g., "v1.11.0"
    // Normalize versions for comparison (ensure both have "v" prefix)
    const normalizedCurrent = currentVersion.startsWith('v')
      ? currentVersion
      : `v${currentVersion}`;
    const normalizedLatest = latestVersion.startsWith('v')
      ? latestVersion
      : `v${latestVersion}`;
    console.log(`  Current version: ${normalizedCurrent}`);
    console.log(`  Latest version:  ${normalizedLatest}`);
    console.log('');
-    // Compare normalized versions
+    if (!status.updateAvailable) {
    if (normalizedCurrent === normalizedLatest) {
      logger.success('Already up to date!');
      return;
    }
-    logger.info(`New version available: ${latestVersion}`);
+    logger.info(`New version available: ${status.latestVersion}`);
    logger.info('Downloading and installing...');
    console.log('');
-    // Download and run the install script
+    const upgrade = await updateManager.runUpgradeForeground(status);
    const installUrl = 'https://code.foss.global/serve.zone/onebox/raw/branch/main/install.sh';
    const installCmd = new Deno.Command('bash', {
      args: ['-c', `curl -sSL ${installUrl} | bash`],
      stdin: 'inherit',
      stdout: 'inherit',
      stderr: 'inherit',
    });
    const installResult = await installCmd.output();
    if (!installResult.success) {
      logger.error('Upgrade failed');
      Deno.exit(1);
    }
    console.log('');
-    logger.success(`Upgraded to ${latestVersion}`);
+    logger.success(upgrade.message);
  } catch (error) {
    logger.error(`Upgrade failed: ${getErrorMessage(error)}`);
    Deno.exit(1);
@@ -4,6 +4,7 @@ import * as interfaces from '../../../ts_interfaces/index.ts';
 import { requireAdminIdentity } from '../helpers/guards.ts';
 import { logger } from '../../logging.ts';
 import { getErrorMessage } from '../../utils/error.ts';
 import { isValidHostname, normalizeHostname } from '../../utils/domain.ts';
 export class SettingsHandler {
  public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -23,6 +24,7 @@ export class SettingsHandler {
    return {
      cloudflareToken: cloudflareToken || '',
      cloudflareZoneId: settingsMap['cloudflareZoneId'] || '',
      adminUiDomain: settingsMap['adminUiDomain'] || '',
      dcrouterMode: managedDcRouter.getMode(),
      dcrouterManagedImage: managedDcRouter.getImage(),
      dcrouterManagedOpsPort: managedDcRouter.getOpsPort(),
@@ -64,8 +66,10 @@ export class SettingsHandler {
          const db = this.opsServerRef.oneboxRef.database;
          const updates = dataArg.settings;
          const normalizedUpdates = this.normalizeUpdates(updates);
          // Store each setting as key-value pair
-          for (const [key, value] of Object.entries(updates)) {
+          for (const [key, value] of Object.entries(normalizedUpdates)) {
            if (value !== undefined) {
              if (db.isSecretSettingKey(key)) {
                await db.setSecretSetting(key, String(value));
@@ -75,8 +79,8 @@ export class SettingsHandler {
            }
          }
-          if (this.hasExternalGatewaySetting(updates)) {
+          if (this.hasRouteSyncSetting(normalizedUpdates)) {
-            this.refreshDcRouterGateway().catch((error) => {
+            this.refreshGatewayRoutes(normalizedUpdates).catch((error) => {
              logger.warn(`dcrouter gateway settings refresh failed: ${getErrorMessage(error)}`);
            });
          }
@@ -110,8 +114,23 @@ export class SettingsHandler {
    );
  }
-  private hasExternalGatewaySetting(settings: Partial<interfaces.data.ISettings>): boolean {
+  private normalizeUpdates(
    settings: Partial<interfaces.data.ISettings>,
  ): Partial<interfaces.data.ISettings> {
    const normalizedUpdates = { ...settings };
    if (Object.prototype.hasOwnProperty.call(normalizedUpdates, 'adminUiDomain')) {
      const normalizedDomain = normalizeHostname(String(normalizedUpdates.adminUiDomain || ''));
      if (!isValidHostname(normalizedDomain)) {
        throw new plugins.typedrequest.TypedResponseError('Invalid Admin UI domain');
      }
      normalizedUpdates.adminUiDomain = normalizedDomain;
    }
    return normalizedUpdates;
  }
  private hasRouteSyncSetting(settings: Partial<interfaces.data.ISettings>): boolean {
    return [
      'adminUiDomain',
      'dcrouterMode',
      'dcrouterManagedImage',
      'dcrouterManagedOpsPort',
@@ -127,23 +146,29 @@ export class SettingsHandler {
    ].some((key) => Object.prototype.hasOwnProperty.call(settings, key));
  }
-  private async refreshDcRouterGateway(): Promise<void> {
+  private hasManagedDcRouterRuntimeSetting(settings: Partial<interfaces.data.ISettings>): boolean {
    return [
      'dcrouterMode',
      'dcrouterManagedImage',
      'dcrouterManagedOpsPort',
      'dcrouterManagedHttpPort',
      'dcrouterManagedHttpsPort',
      'dcrouterManagedDataDir',
    ].some((key) => Object.prototype.hasOwnProperty.call(settings, key));
  }
  private async refreshGatewayRoutes(settings: Partial<interfaces.data.ISettings>): Promise<void> {
    const onebox = this.opsServerRef.oneboxRef;
-    if (onebox.managedDcRouter.getMode() === 'managed') {
+    if (this.hasManagedDcRouterRuntimeSetting(settings)) {
-      await onebox.managedDcRouter.restart();
+      if (onebox.managedDcRouter.getMode() === 'managed') {
-    } else {
+        await onebox.managedDcRouter.restart();
-      await onebox.managedDcRouter.stop();
+      } else {
        await onebox.managedDcRouter.stop();
      }
    }
    await onebox.reverseProxy.reloadRoutes();
    await onebox.externalGateway.syncDomains();
-
+    await onebox.externalGateway.syncServiceRoutes();
    const services = onebox.database.getAllServices().filter((service) => service.domain);
    await Promise.all(services.map(async (service) => {
      try {
        await onebox.externalGateway.syncServiceRoute(service);
      } catch (error) {
        logger.warn(`Failed to sync external gateway route for ${service.domain}: ${getErrorMessage(error)}`);
      }
    }));
  }
 }
@@ -2,6 +2,7 @@ import * as plugins from '../../plugins.ts';
 import type { OpsServer } from '../classes.opsserver.ts';
 import * as interfaces from '../../../ts_interfaces/index.ts';
 import { requireAdminIdentity } from '../helpers/guards.ts';
 import { getErrorMessage } from '../../utils/error.ts';
 export class StatusHandler {
  public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -22,5 +23,20 @@ export class StatusHandler {
        },
      ),
    );
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_StartOneboxUpgrade>(
        'startOneboxUpgrade',
        async (dataArg) => {
          await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
          try {
            const upgrade = await this.opsServerRef.oneboxRef.updateManager.startDetachedUpgrade();
            return { upgrade };
          } catch (error) {
            throw new plugins.typedrequest.TypedResponseError(getErrorMessage(error));
          }
        },
      ),
    );
  }
 }
@@ -280,6 +280,7 @@ export interface ISetting {
 // Application settings
 export interface IAppSettings {
  serverIP?: string;
  adminUiDomain?: string;
  cloudflareToken?: string;
  cloudflareZoneId?: string;
  dcrouterMode?: 'managed' | 'external' | 'disabled';
@@ -0,0 +1,17 @@
 export function normalizeHostname(valueArg: string): string {
  const trimmedValue = valueArg.trim().toLowerCase();
  if (!trimmedValue) return '';
  const withoutProtocol = trimmedValue.replace(/^[a-z][a-z0-9+.-]*:\/\//, '');
  const withoutPath = withoutProtocol.split('/')[0].split('?')[0].split('#')[0];
  return withoutPath.replace(/:\d+$/, '').replace(/\.$/, '');
 }
 export function isValidHostname(hostnameArg: string): boolean {
  if (!hostnameArg) return true;
  if (hostnameArg.length > 253) return false;
  return hostnameArg.split('.').every((label) => {
    if (!label || label.length > 63) return false;
    return /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/.test(label);
  });
 }
@@ -21,6 +21,7 @@ export interface IManagedDcRouterStatus {
 export interface ISettings {
  cloudflareToken: string;
  cloudflareZoneId: string;
  adminUiDomain: string;
  dcrouterMode: TDcRouterMode;
  dcrouterManagedImage: string;
  dcrouterManagedOpsPort: number;
@@ -4,7 +4,30 @@
 import type { TPlatformServiceType, TPlatformServiceStatus } from './platform.ts';
 export interface IOneboxUpdateStatus {
  currentVersion: string;
  latestVersion: string | null;
  updateAvailable: boolean;
  checkedAt: number;
  releaseUrl: string;
  changelogUrl: string;
  error?: string;
 }
 export interface IOneboxUpgradeStartResult {
  accepted: boolean;
  currentVersion: string;
  targetVersion: string;
  message: string;
  pid?: number;
  logPath?: string;
 }
 export interface ISystemStatus {
  onebox: {
    version: string;
    update: IOneboxUpdateStatus;
  };
  docker: {
    running: boolean;
    version: unknown;
@@ -13,3 +13,16 @@ export interface IReq_GetSystemStatus extends plugins.typedrequestInterfaces.imp
    status: data.ISystemStatus;
  };
 }
 export interface IReq_StartOneboxUpgrade extends plugins.typedrequestInterfaces.implementsTR<
  plugins.typedrequestInterfaces.ITypedRequest,
  IReq_StartOneboxUpgrade
 > {
  method: 'startOneboxUpgrade';
  request: {
    identity: data.IIdentity;
  };
  response: {
    upgrade: data.IOneboxUpgradeStartResult;
  };
 }
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/onebox',
-  version: '1.28.0',
+  version: '1.30.0',
  description: 'Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers'
 }
@@ -41,6 +41,14 @@ export class ObAppShell extends DeesElement {
    refreshInterval: 30000,
  };
  @state()
  accessor systemState: appstate.ISystemState = {
    status: null,
  };
  @state()
  accessor globalMessages: plugins.deesCatalog.IGlobalMessage[] = [];
  @state()
  accessor loginLoading: boolean = false;
@@ -126,6 +134,8 @@ export class ObAppShell extends DeesElement {
  ];
  private resolvedViewTabs: IResolvedView[] = [];
  private suppressedUpdateVersion = '';
  private upgradeFlowRunning = false;
  constructor() {
    super();
@@ -135,12 +145,21 @@ export class ObAppShell extends DeesElement {
      .select((stateArg: appstate.ILoginState) => stateArg)
      .subscribe((loginState: appstate.ILoginState) => {
        this.loginState = loginState;
        this.updateGlobalMessages();
        if (loginState.isLoggedIn) {
          appstate.systemStatePart.dispatchAction(appstate.fetchSystemStatusAction, null);
        }
      });
    this.rxSubscriptions.push(loginSubscription);
    const systemSubscription = appstate.systemStatePart
      .select((stateArg: appstate.ISystemState) => stateArg)
      .subscribe((systemState: appstate.ISystemState) => {
        this.systemState = systemState;
        this.updateGlobalMessages();
      });
    this.rxSubscriptions.push(systemSubscription);
    const uiSubscription = appstate.uiStatePart
      .select((stateArg: appstate.IUiState) => stateArg)
      .subscribe((uiState: appstate.IUiState) => {
@@ -214,6 +233,7 @@ export class ObAppShell extends DeesElement {
            name="Onebox"
            .viewTabs=${this.resolvedViewTabs}
            .selectedView=${this.currentViewTab}
            .globalMessages=${this.globalMessages}
          >
          </dees-simple-appdash>
        </dees-simple-login>
@@ -324,6 +344,177 @@ export class ObAppShell extends DeesElement {
    }
  }
  private updateGlobalMessages(): void {
    const updateStatus = this.systemState.status?.onebox.update;
    if (
      !this.loginState.isLoggedIn ||
      !updateStatus?.updateAvailable ||
      !updateStatus.latestVersion ||
      updateStatus.latestVersion === this.suppressedUpdateVersion
    ) {
      this.globalMessages = [];
      return;
    }
    this.globalMessages = [
      {
        id: `onebox-update-${updateStatus.latestVersion}`,
        type: 'info',
        icon: 'lucide:download',
        message: `Onebox ${updateStatus.latestVersion} is available. Current version: ${updateStatus.currentVersion}.`,
        dismissible: false,
        actions: [
          {
            name: 'Update Now',
            iconName: 'lucide:download',
            action: () => this.startOneboxUpgradeFlow(),
          },
          {
            name: 'Release Notes',
            iconName: 'lucide:fileText',
            action: () => this.openUpdateUrl(updateStatus.changelogUrl || updateStatus.releaseUrl),
          },
          {
            name: 'Later',
            iconName: 'lucide:clock',
            action: () => {
              this.suppressedUpdateVersion = updateStatus.latestVersion || '';
              this.updateGlobalMessages();
            },
          },
        ],
      },
    ];
  }
  private async startOneboxUpgradeFlow(): Promise<void> {
    if (this.upgradeFlowRunning) {
      return;
    }
    const identity = appstate.loginStatePart.getState().identity;
    const updateStatus = this.systemState.status?.onebox.update;
    if (!identity || !updateStatus?.latestVersion) {
      return;
    }
    this.upgradeFlowRunning = true;
    const updater = await plugins.deesCatalog.DeesUpdater.createAndShow({
      currentVersion: updateStatus.currentVersion,
      updatedVersion: updateStatus.latestVersion,
      moreInfoUrl: updateStatus.releaseUrl,
      changelogUrl: updateStatus.changelogUrl,
      successAction: 'reload',
      successDelayMs: 30000,
      successActionLabel: 'Reloading Onebox UI',
    });
    try {
      updater.updateProgress({
        percentage: 10,
        indeterminate: true,
        statusText: 'Requesting upgrade...',
        terminalLines: ['Requesting Onebox upgrade'],
      });
      const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
        interfaces.requests.IReq_StartOneboxUpgrade
      >('/typedrequest', 'startOneboxUpgrade');
      const response = await typedRequest.fire({ identity });
      if (!response.upgrade.accepted) {
        updater.markUpdateError(response.upgrade.message);
        await this.delay(5000);
        await updater.destroy();
        return;
      }
      updater.appendProgressLine(response.upgrade.message);
      if (response.upgrade.pid) {
        updater.appendProgressLine(`Upgrade process PID: ${response.upgrade.pid}`);
      }
      if (response.upgrade.logPath) {
        updater.appendProgressLine(`Upgrade log: ${response.upgrade.logPath}`);
      }
      updater.updateProgress({
        percentage: 45,
        indeterminate: true,
        statusText: 'Installer started...',
      });
      await this.waitForOneboxUpgrade(updater, response.upgrade.targetVersion, identity);
      await updater.markUpdateReady();
    } catch (error) {
      updater.markUpdateError(this.getErrorMessage(error));
      await this.delay(5000);
      await updater.destroy();
    } finally {
      this.upgradeFlowRunning = false;
    }
  }
  private async waitForOneboxUpgrade(
    updaterArg: plugins.deesCatalog.DeesUpdater,
    targetVersionArg: string,
    identityArg: interfaces.data.IIdentity,
  ): Promise<void> {
    const normalizedTargetVersion = this.normalizeVersion(targetVersionArg);
    const timeoutAt = Date.now() + 90000;
    let attempt = 0;
    updaterArg.appendProgressLine('Waiting for Onebox to restart with the new version');
    while (Date.now() < timeoutAt) {
      await this.delay(5000);
      attempt++;
      try {
        const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
          interfaces.requests.IReq_GetSystemStatus
        >('/typedrequest', 'getSystemStatus');
        const response = await typedRequest.fire({ identity: identityArg });
        const onlineVersion = this.normalizeVersion(response.status.onebox.version);
        updaterArg.appendProgressLine(`Onebox API answered with ${onlineVersion}`);
        if (onlineVersion === normalizedTargetVersion) {
          updaterArg.updateProgress({
            percentage: 100,
            indeterminate: false,
            statusText: `Onebox ${normalizedTargetVersion} is online.`,
          });
          return;
        }
      } catch {
        updaterArg.appendProgressLine('Onebox API is restarting...');
      }
      updaterArg.updateProgress({
        percentage: Math.min(95, 45 + attempt * 5),
        indeterminate: true,
        statusText: `Waiting for Onebox ${normalizedTargetVersion}...`,
      });
    }
    updaterArg.appendProgressLine('Timed out waiting for the version check; reloading the UI anyway');
  }
  private openUpdateUrl(urlArg: string): void {
    window.open(urlArg, '_blank', 'noopener,noreferrer');
  }
  private async delay(millisecondsArg: number): Promise<void> {
    const domtools = await this.domtoolsPromise;
    await domtools.convenience.smartdelay.delayFor(millisecondsArg);
  }
  private getErrorMessage(errorArg: unknown): string {
    return errorArg instanceof Error ? errorArg.message : String(errorArg);
  }
  private normalizeVersion(versionArg: string): string {
    const trimmedVersion = versionArg.trim();
    return trimmedVersion.startsWith('v') ? trimmedVersion : `v${trimmedVersion}`;
  }
  private syncAppdashView(viewName: string, subviewName: string | null): void {
    const appDash = this.shadowRoot?.querySelector('dees-simple-appdash') as any;
    if (!appDash || this.resolvedViewTabs.length === 0) return;
@@ -201,12 +201,14 @@ export class ObViewSettings extends DeesElement {
  public render(): TemplateResult {
    return html`
      <ob-sectionheading>Settings</ob-sectionheading>
      ${this.renderAdminUiSettings()}
      ${this.renderExternalGatewaySettings()}
      <sz-settings-view
        .settings=${this.settingsState.settings || {
          darkMode: true,
          cloudflareToken: '',
          cloudflareZoneId: '',
          adminUiDomain: '',
          dcrouterMode: 'managed',
          dcrouterManagedImage: 'code.foss.global/serve.zone/dcrouter:latest',
          dcrouterManagedOpsPort: 3300,
@@ -244,6 +246,30 @@ export class ObViewSettings extends DeesElement {
    `;
  }
  private renderAdminUiSettings(): TemplateResult {
    const settings = this.settingsState.settings;
    return html`
      <section class="gateway-card">
        <div class="gateway-header">
          <div class="gateway-title">Onebox Admin UI</div>
          <div class="gateway-subtitle">Configure the public hostname for this Onebox dashboard. Onebox keeps this route separate from app service domains.</div>
        </div>
        <div class="gateway-content">
          ${this.renderGatewayInput('adminUiDomain', 'Admin UI Domain', settings?.adminUiDomain || '', 'Example: onebox.example.com. Leave empty to disable the public Admin UI route.')}
          ${this.renderGatewayReadonly('Local Target', 'Onebox OpsServer on port 3000', 'The external gateway forwards to SmartProxy, which forwards this hostname to the Onebox Admin UI.')}
        </div>
        <div class="gateway-footer">
          <dees-button
            .text=${'Save Admin UI Domain'}
            .type=${'default'}
            .icon=${'lucide:Save'}
            @click=${() => this.saveAdminUiSettings()}
          ></dees-button>
        </div>
      </section>
    `;
  }
  private renderExternalGatewaySettings(): TemplateResult {
    const settings = this.settingsState.settings;
    const mode = settings?.dcrouterMode || 'managed';
@@ -329,7 +355,7 @@ export class ObViewSettings extends DeesElement {
    isPassword = false,
  ): TemplateResult {
    return html`
-      <div class="gateway-field ${key === 'dcrouterGatewayUrl' ? 'full' : ''}">
+      <div class="gateway-field ${key === 'dcrouterGatewayUrl' || key === 'adminUiDomain' ? 'full' : ''}">
        <dees-input-text
          .key=${key}
          .label=${label}
@@ -393,4 +419,15 @@ export class ObViewSettings extends DeesElement {
    });
    await appstate.settingsStatePart.dispatchAction(appstate.fetchManagedDcRouterStatusAction, null);
  }
  private async saveAdminUiSettings(): Promise<void> {
    const settings = this.settingsState.settings;
    if (!settings) return;
    await appstate.settingsStatePart.dispatchAction(appstate.updateSettingsAction, {
      settings: {
        adminUiDomain: settings.adminUiDomain || '',
      },
    });
  }
 }
Author	SHA1	Message	Date
jkunz	4b48f0056e	v1.30.0 Release / build-and-release (push) Successful in 2m29s Details	2026-05-24 14:46:51 +00:00
jkunz	d91fda084b	feat(admin-ui): add configurable Admin UI domain routing	2026-05-24 14:46:35 +00:00
jkunz	a86d83f835	v1.29.0 Release / build-and-release (push) Successful in 2m33s Details	2026-05-24 11:50:10 +00:00
jkunz	05235ec284	feat(update): add Onebox self-upgrade flow	2026-05-24 11:49:43 +00:00