blog/content/posts/commits/2026-04-09-commit-10af16e.md

title, date, draft, tags, categories, summary, author

title	date	draft	tags	categories	summary	author
[bojemoi] feat(redirector): OPSEC hardening — Let's Encrypt + header suppression + MSF keepalive	2026-04-09T21:55:35+02:00	false	commit bojemoi main	Git Activity	Commit 10af16e par Betty dans bojemoi	Betty

Commit 10af16e

Repository	bojemoi
Branch	main
Author	Betty
Hash	10af16e9fdf0d0548b10291c972dee0b08665722

Description

• entrypoint.sh: acquire Let's Encrypt cert via acme.sh at startup (webroot HTTP-01 on redirector-1.fly.dev); fallback self-signed uses CN=api.microsoft.com instead of CN=localhost; register-account step to avoid invalidContact error
• nginx.conf: load headers_more module + more_clear_headers Server; add ACME challenge location /.well-known/acme-challenge/ and /healthz on port 80
• Dockerfile: add ca-certificates, libnginx-mod-http-headers-more-filter, socat; download acme.sh script directly (avoids silent pipe install failure)
• start_msf_server.sh: pipe stdin keepalive (tail -f /dev/null | msfconsole) to prevent handler exit on EOF; add watchdog loop + port 4444 readiness check
• .claude/commands/opsec-check.md: new /opsec-check skill (6-phase C2 OPSEC audit)
• .claude/commands/topology.md: new /topology skill (swarm service dependency check)

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

Files Changed

A	.claude/commands/opsec-check.md
A	.claude/commands/topology.md
M	borodino/redirector/Dockerfile
M	borodino/redirector/entrypoint.sh
M	borodino/redirector/nginx.conf
M	borodino/start_msf_server.sh

Diff Summary

 .claude/commands/opsec-check.md   | 242 ++++++++++++++++++++++++++++++++++++++
 .claude/commands/topology.md      | 150 +++++++++++++++++++++++
 borodino/redirector/Dockerfile    |  14 ++-
 borodino/redirector/entrypoint.sh |  54 +++++++--
 borodino/redirector/nginx.conf    |  21 +++-
 borodino/start_msf_server.sh      |  37 +++++-
 6 files changed, 503 insertions(+), 15 deletions(-)