feat: proxy admin panel via nginx port 80 to avoid exposing 8444

Route the panel through a secret subpath on port 80, remove the separate
8444 listener, and document common troubleshooting in docs.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-06-16 09:45:26 +08:00
parent 30e43cc9ce
commit f0a3317e8b
9 changed files with 204 additions and 51 deletions
+6
View File
@@ -17,6 +17,7 @@ from flask import (
session,
url_for,
)
from werkzeug.middleware.proxy_fix import ProxyFix
from db import add_node, delete_node, list_nodes, node_count, verify_admin
from links import build_links, load_env
@@ -44,6 +45,11 @@ app.config.update(
PERMANENT_SESSION_LIFETIME=86400 * 7,
)
_panel_path = os.environ.get("PANEL_PATH", "").strip().strip("/")
if _panel_path:
app.config["SESSION_COOKIE_PATH"] = f"/{_panel_path}/"
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
def login_required(view):
@wraps(view)