fix: change domain from dev to lan to avoid browser HSTS preload blocking HTTP

The .dev TLD has been HSTS preloaded in Chrome/Firefox/Safari/Edge since 2019. Browsers silently redirect http://anything.dev to https://anything.dev before making any network request. Since Caddy has auto_https off, all browser-based access to .dev domains fails with a connection error even though DNS, routing, and HTTP all work correctly (curl works; browsers don't). - cell_config.json: domain "dev" -> "lan" - Caddyfile: all http://*.dev blocks -> http://*.lan - Corefile: dev zone -> lan zone (file /data/lan.zone) - data/dns/lan.zone: new zone file (dev.zone removed live) - test_wg_domain_access.py: remove hardcoded DOMAIN_IPS / .dev references; read domain from /api/config at runtime so tests work with any configured TLD Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 01:54:33 -04:00
parent 32272420cb
commit 0c12e3fc97
4 changed files with 129 additions and 64 deletions
@@ -3,7 +3,7 @@
 }

 # Main cell domain — no service-IP restriction needed
-http://pic0.dev, http://172.20.0.2:80 {
+http://pic0.lan, http://172.20.0.2:80 {
    handle /api/* {
        reverse_proxy cell-api:3000
    }
@@ -22,27 +22,27 @@ http://pic0.dev, http://172.20.0.2:80 {
 }

 # Per-service virtual IPs — each gets its own IP so iptables can target them
-http://calendar.dev, http://172.20.0.21:80 {
+http://calendar.lan, http://172.20.0.21:80 {
    reverse_proxy cell-radicale:5232
 }

-http://files.dev, http://172.20.0.22:80 {
+http://files.lan, http://172.20.0.22:80 {
    reverse_proxy cell-filegator:8080
 }

-http://mail.dev, http://webmail.dev, http://172.20.0.23:80 {
+http://mail.lan, http://webmail.lan, http://172.20.0.23:80 {
    reverse_proxy cell-rainloop:8888
 }

-http://webdav.dev, http://172.20.0.24:80 {
+http://webdav.lan, http://172.20.0.24:80 {
    reverse_proxy cell-webdav:80
 }

-http://api.dev {
+http://api.lan {
    reverse_proxy cell-api:3000
 }

-http://webui.dev {
+http://webui.lan {
    reverse_proxy cell-webui:80
 }

@@ -0,0 +1,22 @@
+{
+  "_identity": {
+    "cell_name": "pic0",
+    "domain": "lan",
+    "ip_range": "172.20.0.0/16",
+    "wireguard_port": 51820
+  },
+  "_pending_restart": {
+    "needs_restart": false,
+    "changes": [],
+    "containers": [],
+    "network_recreate": false
+  },
+  "calendar": {
+    "port": 5233
+  },
+  "wireguard": {
+    "port": 51820,
+    "address": "",
+    "private_key": ""
+  }
+}