Merge pull request #280 from ChrispyBacon-dev/unstable

ChrispyBacon-dev · web-flow · commit d96a7b97946a · 2025-10-14T11:21:56.000+02:00
Fix for No TLS Verify Bug
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -24,7 +24,7 @@ jobs:
   build_self_hosted:
     runs-on: self-hosted
     
-    timeout-minutes: 5
+    timeout-minutes: 3
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -62,6 +62,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - **Prevention of unsafe configurations:** System now prevents creation of policies where "any user with selected IdP" (e.g., any Google account) could access protected services
   - **Clear error messaging:** Users receive actionable security warnings explaining why email addresses are required with IdP authentication
   - **Result:** Eliminates accidental creation of overly permissive access policies that could expose services to unauthorized users
+  - **Agent No TLS Verify Bug:** Fixed bug where `dockflare.no_tls_verify=true` label was ignored when Agent containers started.
 
 ### Documentation
 - **CLI Usage Guide:** Created comprehensive [CLI_USAGE.md](CLI_USAGE.md) documenting the duplicate policy cleanup utility with examples, safety features, and best practices for advanced users.
diff --git a/dockflare/app/core/state_manager.py b/dockflare/app/core/state_manager.py
@@ -141,6 +141,8 @@ def load_state():
                 rule_copy.setdefault("access_group_id", None)
                 rule_copy.setdefault("tunnel_id", None)
                 rule_copy.setdefault("zone_name", None)
+                rule_copy.setdefault("no_tls_verify", False)
+                rule_copy.setdefault("origin_server_name", None)
 
                 tunnel_name = rule_copy.get("tunnel_name")
                 if not tunnel_name or tunnel_name == "dockflare-tunnel":
diff --git a/dockflare/app/web/api_v2_routes.py b/dockflare/app/web/api_v2_routes.py
@@ -1076,15 +1076,15 @@ def process_agent_container_start(payload, agent_id):
                             logging.error(f"AGENT_PROCESS: Could not determine Zone ID for DNS record {hostname_dns}")
     
                     from app.core.state_manager import get_agent_rules
+                    from app.core.tunnel_manager import _build_ingress_entry_from_rule
                     agent_rules = get_agent_rules(agent_id)
-                    
+
                     ingress_rules = []
                     for rule_key, rule in agent_rules.items():
                         if rule.get("status") == "active":
-                            entry = {"hostname": rule["hostname"], "service": rule["service"]}
-                            if rule.get("path"):
-                                entry["path"] = rule["path"]
-                            ingress_rules.append(entry)
+                            entry = _build_ingress_entry_from_rule(rule)
+                            if entry:
+                                ingress_rules.append(entry)
                     ingress_rules.append({"service": "http_status:404"})
                     account_id = current_app.config.get('CF_ACCOUNT_ID')
                     endpoint = f"/accounts/{account_id}/cfd_tunnel/{agent_tunnel_id}/configurations"
