v4.8.8

changelog.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 2026-03-17 - 4.8.8 - fix(remoteingress-core)
+cancel stale edge connections when an edge reconnects
+
+- Remove any existing edge entry before registering a reconnected edge
+- Trigger the previous connection's cancellation token so stale sessions shut down immediately instead of waiting for TCP keepalive
+
+## 2026-03-17 - 4.8.7 - fix(remoteingress-core)
+perform graceful TLS shutdown on edge and hub tunnel streams
+
+- Send TLS close_notify before cleanup to avoid peer disconnect warnings on both tunnel endpoints
+- Wrap stream shutdown in a 2 second timeout so connection teardown does not block cleanup
+
 ## 2026-03-17 - 4.8.6 - fix(remoteingress-core)
 initialize disconnect reason only when set in hub loop break paths
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@serve.zone/remoteingress",
-  "version": "4.8.6",
+  "version": "4.8.8",
   "private": false,
   "description": "Edge ingress tunnel for DcRouter - accepts incoming TCP connections at network edge and tunnels them to DcRouter SmartProxy preserving client IP via PROXY protocol v1.",
   "main": "dist_ts/index.js",

rust/crates/remoteingress-core/src/edge.rs

@@ -587,6 +587,14 @@ async fn connect_to_hub_and_run(
         }
     };
 
+    // Graceful TLS shutdown: send close_notify so the hub sees a clean disconnect
+    // instead of "peer closed connection without sending TLS close_notify".
+    let mut tls_stream = tunnel_io.into_inner();
+    let _ = tokio::time::timeout(
+        Duration::from_secs(2),
+        tls_stream.shutdown(),
+    ).await;
+
     // Cleanup
     connection_token.cancel();
     stun_handle.abort();

rust/crates/remoteingress-core/src/hub.rs

@@ -136,7 +136,7 @@ struct ConnectedEdgeInfo {
     peer_addr: String,
     edge_stream_count: Arc<AtomicU32>,
     config_tx: mpsc::Sender<EdgeConfigUpdate>,
-    #[allow(dead_code)] // kept alive for Drop — cancels child tokens when edge is removed
+    /// Used to cancel the old connection when an edge reconnects.
     cancel_token: CancellationToken,
 }
 
@@ -677,6 +677,13 @@ async fn handle_edge_connection(
 
     {
         let mut edges = connected.lock().await;
+        // If this edge already has an active connection (reconnect scenario),
+        // cancel the old connection so it shuts down immediately instead of
+        // lingering until TCP keepalive detects the dead socket.
+        if let Some(old) = edges.remove(&edge_id) {
+            log::info!("Edge {} reconnected, cancelling old connection", edge_id);
+            old.cancel_token.cancel();
+        }
         edges.insert(
             edge_id.clone(),
             ConnectedEdgeInfo {
@@ -824,6 +831,14 @@ async fn handle_edge_connection(
         }
     }
 
+    // Graceful TLS shutdown: send close_notify so the edge sees a clean disconnect
+    // instead of "peer closed connection without sending TLS close_notify".
+    let mut tls_stream = tunnel_io.into_inner();
+    let _ = tokio::time::timeout(
+        Duration::from_secs(2),
+        tls_stream.shutdown(),
+    ).await;
+
     // Cleanup: cancel edge token to propagate to all child tasks
     edge_token.cancel();
     config_handle.abort();

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/remoteingress',
-  version: '4.8.6',
+  version: '4.8.8',
   description: 'Edge ingress tunnel for DcRouter - accepts incoming TCP connections at network edge and tunnels them to DcRouter SmartProxy preserving client IP via PROXY protocol v1.'
 }