Improved settings, add server name in proxy headers

Author: arjunkomath

agent/internal/agent/drift.go

@@ -171,7 +171,7 @@ func (a *Agent) detectChanges(expected *agenthttp.ExpectedState, actual *ActualS
 
 	if a.IsProxy {
 		expectedHttpRoutes := ConvertToHttpRoutes(expected.Traefik.HttpRoutes)
-		expectedTraefikHash := traefik.HashRoutes(expectedHttpRoutes)
+		expectedTraefikHash := traefik.HashRoutesWithServerName(expectedHttpRoutes, expected.ServerName)
 		if expectedTraefikHash != actual.TraefikConfigHash {
 			changes = append(changes, fmt.Sprintf("UPDATE Traefik HTTP (%d routes)", len(expected.Traefik.HttpRoutes)))
 		}
@@ -228,7 +228,7 @@ func (a *Agent) hasDrift(expected *agenthttp.ExpectedState, actual *ActualState)
 
 	if a.IsProxy {
 		expectedHttpRoutes := ConvertToHttpRoutes(expected.Traefik.HttpRoutes)
-		if traefik.HashRoutes(expectedHttpRoutes) != actual.TraefikConfigHash {
+		if traefik.HashRoutesWithServerName(expectedHttpRoutes, expected.ServerName) != actual.TraefikConfigHash {
 			return true
 		}
 
@@ -435,7 +435,7 @@ func (a *Agent) reconcileOne(actual *ActualState) error {
 		tcpRoutes := ConvertToTCPRoutes(a.expectedState.Traefik.TCPRoutes)
 		udpRoutes := ConvertToUDPRoutes(a.expectedState.Traefik.UDPRoutes)
 
-		httpDrift := traefik.HashRoutes(expectedHttpRoutes) != actual.TraefikConfigHash
+		httpDrift := traefik.HashRoutesWithServerName(expectedHttpRoutes, a.expectedState.ServerName) != actual.TraefikConfigHash
 		expectedL4Hash := traefik.HashTCPRoutes(tcpRoutes) + traefik.HashUDPRoutes(udpRoutes)
 		l4Drift := expectedL4Hash != actual.L4ConfigHash
 
@@ -459,7 +459,7 @@ func (a *Agent) reconcileOne(actual *ActualState) error {
 			}
 
 			log.Printf("[reconcile] updating Traefik routes (HTTP: %d, TCP: %d, UDP: %d)", len(expectedHttpRoutes), len(tcpRoutes), len(udpRoutes))
-			if err := traefik.UpdateHttpRoutesWithL4(expectedHttpRoutes, tcpRoutes, udpRoutes); err != nil {
+			if err := traefik.UpdateHttpRoutesWithL4(expectedHttpRoutes, tcpRoutes, udpRoutes, a.expectedState.ServerName); err != nil {
 				return fmt.Errorf("failed to update Traefik: %w", err)
 			}
 

agent/internal/http/client.go

@@ -126,6 +126,7 @@ type WireGuardPeer struct {
 }
 
 type ExpectedState struct {
+	ServerName string              `json:"serverName"`
 	Containers []ExpectedContainer `json:"containers"`
 	Dns        struct {
 		Records []DnsRecord `json:"records"`

agent/internal/traefik/l4.go

@@ -41,15 +41,16 @@ func ValidateL4Routes(tcpRoutes []TraefikTCPRoute, udpRoutes []TraefikUDPRoute)
 	return nil
 }
 
-func UpdateHttpRoutesWithL4(httpRoutes []TraefikRoute, tcpRoutes []TraefikTCPRoute, udpRoutes []TraefikUDPRoute) error {
+func UpdateHttpRoutesWithL4(httpRoutes []TraefikRoute, tcpRoutes []TraefikTCPRoute, udpRoutes []TraefikUDPRoute, serverName string) error {
 	if err := ValidateL4Routes(tcpRoutes, udpRoutes); err != nil {
 		return fmt.Errorf("port validation failed: %w", err)
 	}
 
-	config := traefikFullConfig{
-		HTTP: httpConfig{
-			Routers:  make(map[string]router),
-			Services: make(map[string]service),
+	config := traefikFullConfigWithMiddlewares{
+		HTTP: httpConfigWithMiddlewares{
+			Routers:     make(map[string]routerWithMiddleware),
+			Services:    make(map[string]service),
+			Middlewares: make(map[string]middleware),
 		},
 		TCP: tcpConfig{
 			Routers:  make(map[string]tcpRouter),
@@ -61,16 +62,29 @@ func UpdateHttpRoutesWithL4(httpRoutes []TraefikRoute, tcpRoutes []TraefikTCPRou
 		},
 	}
 
+	var middlewareNames []string
+	if serverName != "" {
+		config.HTTP.Middlewares["forwarded_server"] = middleware{
+			Headers: &headersMiddleware{
+				CustomRequestHeaders: map[string]string{
+					"X-Forwarded-Server": serverName,
+				},
+			},
+		}
+		middlewareNames = []string{"forwarded_server@file"}
+	}
+
 	for _, route := range httpRoutes {
 		if len(route.Upstreams) == 0 {
 			continue
 		}
 
-		config.HTTP.Routers[route.ServiceId] = router{
+		config.HTTP.Routers[route.ServiceId] = routerWithMiddleware{
 			Rule:        fmt.Sprintf("Host(`%s`)", route.Domain),
 			EntryPoints: []string{"websecure"},
 			Service:     route.ServiceId,
 			TLS:         &tlsConfig{},
+			Middlewares: middlewareNames,
 		}
 
 		servers := make([]server, len(route.Upstreams))
@@ -238,6 +252,7 @@ func GetCurrentL4ConfigHash() string {
 	for routerName, rtr := range config.TCP.Routers {
 		var externalPort int
 		var serviceId string
+
 		fmt.Sscanf(routerName, "tcp_%s_%d", &serviceId, &externalPort)
 
 		for _, ep := range rtr.EntryPoints {
@@ -302,15 +317,16 @@ func GetCurrentL4ConfigHash() string {
 	return HashTCPRoutes(tcpRoutes) + HashUDPRoutes(udpRoutes)
 }
 
-func readCurrentFullConfig() (*traefikFullConfig, error) {
+func readCurrentFullConfig() (*traefikFullConfigWithMiddlewares, error) {
 	routesPath := filepath.Join(traefikDynamicDir, routesFileName)
 	data, err := os.ReadFile(routesPath)
 	if err != nil {
 		if os.IsNotExist(err) {
-			return &traefikFullConfig{
-				HTTP: httpConfig{
-					Routers:  make(map[string]router),
-					Services: make(map[string]service),
+			return &traefikFullConfigWithMiddlewares{
+				HTTP: httpConfigWithMiddlewares{
+					Routers:     make(map[string]routerWithMiddleware),
+					Services:    make(map[string]service),
+					Middlewares: make(map[string]middleware),
 				},
 				TCP: tcpConfig{
 					Routers:  make(map[string]tcpRouter),
@@ -325,17 +341,20 @@ func readCurrentFullConfig() (*traefikFullConfig, error) {
 		return nil, err
 	}
 
-	var config traefikFullConfig
+	var config traefikFullConfigWithMiddlewares
 	if err := yaml.Unmarshal(data, &config); err != nil {
 		return nil, err
 	}
 
 	if config.HTTP.Routers == nil {
-		config.HTTP.Routers = make(map[string]router)
+		config.HTTP.Routers = make(map[string]routerWithMiddleware)
 	}
 	if config.HTTP.Services == nil {
 		config.HTTP.Services = make(map[string]service)
 	}
+	if config.HTTP.Middlewares == nil {
+		config.HTTP.Middlewares = make(map[string]middleware)
+	}
 	if config.TCP.Routers == nil {
 		config.TCP.Routers = make(map[string]tcpRouter)
 	}

agent/internal/traefik/routes.go

@@ -151,8 +151,14 @@ func HashRoutes(routes []TraefikRoute) string {
 	return hex.EncodeToString(hash[:])
 }
 
+func HashRoutesWithServerName(routes []TraefikRoute, serverName string) string {
+	base := HashRoutes(routes)
+	hash := sha256.Sum256([]byte(base + "|server:" + serverName))
+	return hex.EncodeToString(hash[:])
+}
+
 func GetCurrentConfigHash() string {
-	config, err := readCurrentConfig()
+	config, err := readCurrentFullConfig()
 	if err != nil {
 		log.Printf("[traefik:hash] failed to read config: %v", err)
 		return ""
@@ -185,7 +191,18 @@ func GetCurrentConfigHash() string {
 		})
 	}
 
-	return HashRoutes(routes)
+	serverName := extractForwardedServerName(config.HTTP.Middlewares)
+
+	return HashRoutesWithServerName(routes, serverName)
+}
+
+func extractForwardedServerName(middlewares map[string]middleware) string {
+	if mw, exists := middlewares["forwarded_server"]; exists && mw.Headers != nil {
+		if value, ok := mw.Headers.CustomRequestHeaders["X-Forwarded-Server"]; ok {
+			return value
+		}
+	}
+	return ""
 }
 
 func extractDomainFromRule(rule string) string {

agent/internal/traefik/types.go

@@ -114,11 +114,12 @@ type httpConfigWithMiddlewares struct {
 }
 
 type routerWithMiddleware struct {
-	Rule        string   `yaml:"rule"`
-	EntryPoints []string `yaml:"entryPoints"`
-	Service     string   `yaml:"service,omitempty"`
-	Priority    int      `yaml:"priority,omitempty"`
-	Middlewares []string `yaml:"middlewares,omitempty"`
+	Rule        string     `yaml:"rule"`
+	EntryPoints []string   `yaml:"entryPoints"`
+	Service     string     `yaml:"service,omitempty"`
+	TLS         *tlsConfig `yaml:"tls,omitempty"`
+	Priority    int        `yaml:"priority,omitempty"`
+	Middlewares []string   `yaml:"middlewares,omitempty"`
 }
 
 type challengeConfig struct {
@@ -181,6 +182,12 @@ type traefikFullConfig struct {
 	UDP  udpConfig  `yaml:"udp,omitempty"`
 }
 
+type traefikFullConfigWithMiddlewares struct {
+	HTTP httpConfigWithMiddlewares `yaml:"http,omitempty"`
+	TCP  tcpConfig                 `yaml:"tcp,omitempty"`
+	UDP  udpConfig                 `yaml:"udp,omitempty"`
+}
+
 type staticConfig struct {
 	EntryPoints map[string]entryPoint `yaml:"entryPoints"`
 }

web/app/(dashboard)/dashboard/projects/[slug]/[env]/services/[serviceId]/page.tsx

@@ -80,7 +80,7 @@ export default function ArchitecturePage() {
 	return (
 		<div className="relative space-y-4">
 			{service.deployments.length > 0 && (
-				<div className="absolute top-4 left-4 z-10">
+				<div className="fixed bottom-4 right-4 z-10 md:absolute md:bottom-auto md:top-4 md:left-4 md:right-auto">
 					{hasRunningDeployments && (
 						<ButtonGroup>
 							<Button

web/app/(dashboard)/dashboard/settings/page.tsx

@@ -2,12 +2,19 @@ import { SetBreadcrumbs } from "@/components/core/breadcrumb-data";
 import { GlobalSettings } from "@/components/global-settings";
 import { listServers, getGlobalSettings } from "@/db/queries";
 
-export default async function SettingsPage() {
-	const [servers, settings] = await Promise.all([
+type Props = {
+	searchParams: Promise<{ tab?: string }>;
+};
+
+export default async function SettingsPage({ searchParams }: Props) {
+	const [servers, settings, params] = await Promise.all([
 		listServers(),
 		getGlobalSettings(),
+		searchParams,
 	]);
 
+	const initialTab = params.tab || "build";
+
 	return (
 		<>
 			<SetBreadcrumbs
@@ -24,7 +31,11 @@ export default async function SettingsPage() {
 					</p>
 				</div>
 
-				<GlobalSettings servers={servers} initialSettings={settings} />
+				<GlobalSettings
+					servers={servers}
+					initialSettings={settings}
+					initialTab={initialTab}
+				/>
 			</div>
 		</>
 	);

web/app/api/github/manifest/callback/route.ts

@@ -0,0 +1,60 @@
+import { NextRequest, NextResponse } from "next/server";
+
+export async function GET(request: NextRequest) {
+	const searchParams = request.nextUrl.searchParams;
+	const code = searchParams.get("code");
+
+	if (!code) {
+		return NextResponse.redirect(
+			new URL("/dashboard/settings?github_error=missing_code", request.url),
+		);
+	}
+
+	try {
+		const response = await fetch(
+			`https://api.github.com/app-manifests/${code}/conversions`,
+			{
+				method: "POST",
+				headers: {
+					Accept: "application/vnd.github+json",
+				},
+			},
+		);
+
+		if (!response.ok) {
+			const error = await response.text();
+			console.error("GitHub manifest conversion failed:", error);
+			return NextResponse.redirect(
+				new URL(
+					"/dashboard/settings?github_error=conversion_failed",
+					request.url,
+				),
+			);
+		}
+
+		const data = await response.json();
+
+		const credentials = {
+			id: data.id,
+			slug: data.slug,
+			pem: Buffer.from(data.pem).toString("base64"),
+			webhookSecret: data.webhook_secret,
+			ownerType: data.owner?.type,
+			ownerLogin: data.owner?.login,
+		};
+
+		const credentialsParam = encodeURIComponent(JSON.stringify(credentials));
+
+		return NextResponse.redirect(
+			new URL(
+				`/dashboard/settings?github_credentials=${credentialsParam}`,
+				request.url,
+			),
+		);
+	} catch (error) {
+		console.error("GitHub manifest callback error:", error);
+		return NextResponse.redirect(
+			new URL("/dashboard/settings?github_error=unknown", request.url),
+		);
+	}
+}

web/app/api/v1/agent/expected-state/route.ts

@@ -304,6 +304,7 @@ export async function GET(request: NextRequest) {
 	}
 
 	return NextResponse.json({
+		serverName: server.name,
 		containers,
 		dns: { records: dnsRecords },
 		traefik: traefikConfig,