Uebliche

Appearance

Changelog

[2026.05.25] - Restrict Managed Gateway DNS

Changed

  • Publish shared Gateway DNS records only for official Connect gateway servers with public-routable IP targets.
  • Keep public and self-claimed gateway registrations active without granting them managed DNS records.
  • Strip caller-supplied x-uebliche-user-id before config-gateway proxy requests reach upstream services.

[2026.05.01] - Stabilize public Minecraft gateway

Fixed

  • Add the public game hostnames to the deployed Gateway alias list so SRV and direct host handshakes route to the active Connect tunnel instead of showing Gateway offline.
  • Keep tunnel frame reads isolated from session command handling so cancelled waits cannot corrupt the stream and falsely mark the route offline.

[2026.04.30] - Route SRV target aliases

Fixed

  • Allow single-route Gateways to publish configured hostname aliases, so Minecraft clients that send an SRV target hostname in the handshake still reach the intended Connect tunnel route.

[2026.04.30] - Recover stale Connect tunnels

Fixed

  • Retire stale Connect tunnel sessions when stream or datagram opens time out, so gateway routes can force a fresh server reconnect instead of serving Gateway offline behind an apparently active route.

[2026.04.27] - Document Public Route DNS Repair

Changed

  • Clarify that Public API now manages the uebliche.gg apex Worker record and keeps public route DNS repaired on startup and periodic syncs.

[2026.04.21] - Make route owners explicit

Added

  • Add explicit ownerGatewayId persistence and route responses in the Connect gateway control plane while keeping gatewayId available as a compatibility alias.

Changed

  • Backfill legacy gateway route documents with ownerGatewayId on startup and resolve heartbeat/admin route ownership from the explicit owner field instead of relying on the legacy alias alone.

[2026.04.21] - Add MOTD cache and real client forwarding

Added

  • Add per-route forwardingMode and motdCachePolicy handling to the Public API heartbeat snapshot, watcher-rendered routes.json, and mcproxy runtime so gateway routes can explicitly opt into real client forwarding and shared minecraft-tcp MOTD caching.
  • Add a client-aware tunnel OPEN payload plus a status observe control frame so Connect receives the original client address, requested host/port, protocol version, cache-hit information, and optional MOTD cache token.
  • Add a 10s shared MOTD cache keyed by requested host, public port, protocol version, and route identity instead of only the route label, so multi-host routes do not bleed status payloads into each other.

Changed

  • Switch TCP forwarding to explicit forwarding modes, using PROXY protocol v2 for proxy-protocol-v2/connect-native backends instead of the old text-header proxy flag.
  • Invalidate cached MOTDs whenever the watcher publishes a new route snapshot so removed or changed routes cannot keep serving stale cached status payloads.
  • Reject udp-peer-context routes unless they resolve to a tunnel backend, keeping generic direct UDP routes fail-closed instead of pretending to preserve real peer addresses.
  • Log MOTD cache hits, misses, and failed status-observer dispatches in the gateway dataplane so operators can verify whether a route is really running with cache and client-IP forwarding enabled.

[2026.04.21] - Add service-based gateway tunnels

Added

  • Add service-based route snapshots with serviceId, protocol, and publicPort so Gateways can distinguish minecraft-tcp and optional voice-udp ownership.
  • Add reverse UDP tunnel sessions with per-peer datagram forwarding and default-deny routing for published voice-udp services.
  • Add a dedicated gateway Swarm cluster bootstrap script plus deploy env template so new Linux nodes can be turned into a labeled gateway region from an IP list instead of manual one-off Docker setup.
  • Add a dedicated one-node gateway worker bootstrap script so future Linux hosts can join an existing regional gateway cluster from just IP, SSH user, and password.
  • Add a swarm-load gateway publish mode that streams the built image directly onto the Gateway Swarm nodes over SSH before deploy, so dedicated clusters can roll out even when the registry is unavailable.

Changed

  • Render separate TCP and UDP mcproxy route tables from the watcher heartbeat snapshot instead of treating every route as one Minecraft TCP stream.
  • Open tunnel streams with explicit service metadata so Connect can map incoming gateway traffic to the correct local service instead of one static target.
  • Expose optional UDP listener configuration via MCPROXY_UDP_BIND_ADDRS and keep route matching bound to the published public port.
  • Report routed UDP sessions into the existing uebliche.online traffic ingest as well, and tag gateway buckets by transport so TCP gameplay and voice UDP no longer collapse into one opaque stream.
  • Restrict the production Gateway Swarm stack to nodes labeled for the selected gateway region and publish the default UDP voice port in host mode alongside the existing TCP ports.
  • Extend the gateway local deploy script with a plain-HTTP registry fallback plus direct node-image loading, and make generated cluster env files default to the direct swarm-load rollout path.

Fixed

  • Resolve the generated MCPROXY_UDP_BIND_ADDRS value explicitly for Gateway Swarm deploys so mcproxy no longer receives a literal ${GATEWAY_UDP_PORT} placeholder and the UDP dataplane actually starts.
  • Use stop-first updates for the Gateway Swarm service so single-node host-port rollouts do not deadlock on port already in use during deploys.
  • Accept older heartbeat route snapshots that still omit serviceId, protocol, and publicPort, so already deployed API control planes continue to feed TCP routes into mcproxy instead of leaving the Gateway stuck in offline mode.

Removed

  • Remove the legacy top-level Velocity proxy runtime, its old Dockerfile.proxy image build, and the matching uebliche-proxy-dev compose service now that Gateway traffic is handled exclusively by watcher + mcproxy.

[2026.04.19] - Add gateway traffic reporting

Added

  • Aggregate mcproxy traffic into anonymized source-country buckets and push them to uebliche.online for the public live world-map surface.

Changed

  • Let mcproxy optionally use a local GeoLite2 City database plus the shared ONLINE_TRAFFIC_INGEST_* contract so gateway traffic can be reported without exposing raw player IPs or hostnames.

[2026.02.18] - Clean up legacy gateway documentation

Changed

  • Rewrite Gateway docs to match the current headless architecture (watcher + mcproxy) and API-driven control plane.
  • Replace legacy watcher-UI/canvas/auth descriptions with current guides for identity, routing lifecycle, DNS automation, and operations.
  • Update getting-started/deployment pages to the current 3-port runtime contract (25565, 9001, 80) and dedicated stack context flow.

Removed

  • Remove outdated references to local gateway dashboard workflows and in-gateway Cloudflare management UI behavior.

[2026.02.16] - API-driven gateway control plane

Changed

  • Replace the legacy Nginx/UI-first stack with a headless watcher + mcproxy runtime.
  • Remove gateway-local dashboard/auth flows and source route state from public API heartbeat snapshots.
  • Limit gateway data-plane handling to Minecraft TCP and render routes.json for mcproxy from API payloads.
  • Standardize gateway exposure to exactly three ports: Minecraft (25565/tcp), Connect control (9001/tcp), and health (80/tcp).
  • Use an explicit GATEWAY_IMAGE/GATEWAY_IMAGE_TAG deployment contract for Swarm so Gateway can be published from the same private image repository flow as Public API.
  • Move Swarm deployment to a dedicated docker stack file (docker/stacks/gateway/docker-stack-gateway.yml) to mirror the Public API deployment structure.
  • Default Gateway production deploys to the dedicated Swarm stack name connect-gateway and keep gateway credentials on a stable named volume across stack migrations.
  • Prefer a dedicated Gateway deploy Docker context (GATEWAY_DOCKER_CONTEXT) so Gateway rollouts can run isolated from other stack deploy contexts.

Added

  • Add gateway auto-registration support with persisted credentials (CONNECT_GATEWAY_CREDENTIALS_PATH).
  • Add runtime status endpoints (/healthz, /status) and unknown-host intake for mcproxy telemetry (/minecraft/unknown-hosts).
  • Add /health alias on the watcher health endpoint for simpler external checks.

[2026.02.01] - Gateway docs migration

Added

  • Add Gateway docs to the global documentation site.
  • Add a feature checklist for Gateway.
  • JWT-based authentication with password & TOTP, including bootstrap admin seeding and session refresh endpoints.
  • Capture the protocol for upstream registry entries and expose it through the watcher API.
  • Cloudflare credential management endpoints with zone caching and DNS record CRUD (UI + API).
  • Optional Cloudflare zone scopes so tokens, die nur einzelne Zonen sehen duerfen, funktionieren via Fallback (/zones/{id}) weiterhin.
  • Cloudflare zone creation endpoint/UI mit Suche & Account-Auswahl ueber die neuen Dropdown-Header.
  • Automatisches Anlegen der benoetigten Cloudflare-DNS-Records direkt beim Speichern einer Route (TXT-Token, optional CNAME fuer HTTP und SRV fuer Minecraft).
  • Automatically ingest Docker containers into upstream nodes and backend groups via the gateway.upstreams label; generated resources carry an AUTO tag for traceability.
  • Automatically provision HTTP routes from the gateway.routes label and keep them in sync.
  • Optional MOTD caching for the Minecraft proxy via MCPROXY_MOTD_CACHE_TTL_SECS, reducing repeated status hits against upstream servers.
  • Surface Minecraft upstream status info (version, MOTD, players) across route and backend group views via mcproxy status snapshots.
  • Auto-create a development Minecraft route when an auto-managed backend group is discovered so the stack works immediately after docker compose up.

Changed

  • Remove the host port binding from the dev Mongo container so docker compose up succeeds even when other local Mongo instances are running.
  • Keep backend groups populated even when upstream DNS lookups fail so default routes remain available during local development.
  • Watcher API endpoints now require Bearer tokens; the UI provides a login flow with token-aware polling and SSE reconnection.
  • Backend-group editing now locks the protocol field to the first selected upstream and filters further selections to matching protocols in the UI.
  • Upstream creation/edit modals require an explicit protocol so persisted backend groups remain consistent with their upstream targets.
  • The dashboard adds a dedicated Cloudflare panel so tokens, zones, and DNS records can be maintained directly inside the watcher UI.
  • Route hostnames now reuse Cloudflare DNS records; the manual hostname modal and attach/detach flows were replaced with inline selection plus optional manual overrides in the route editor.
  • HTTP-CNAME-Eintraege uebernehmen automatisch PUBLIC_CNAME_TARGET, sofern kein individuelles Ziel hinterlegt wird.
  • UI surfaces an AUTO badge for automatically managed upstreams and backend groups and disables edit/delete actions so they remain read-only.
  • Auto-create a development Minecraft route when an auto-managed backend group is discovered so the stack works immediately after docker compose up.
  • Configure the watcher admin interface domains via WATCHER_ADMIN_URLS (comma-separated), automatically wiring routes to the watcher service.
  • Remove the direct host port mapping for the watcher container; reach the admin UI exclusively through the configured gateway domains instead of localhost:8080.
  • Drop the dedicated host port for the UI dev server and rely on the gateway to expose the Vite frontend during local development.
  • Add a velocity-test container (Velocity proxy) on the dev network so routing toward Velocity backends can be exercised locally.

[2025.10.10-a] - 2025-10-10

Added

  • Integrated Vue Router so the browser address bar mirrors the current editor context for routes, backend groups, notes, and upstream nodes.
  • Added detailed console debug logging around note and upstream editing flows, covering canvas editors and modal submissions.

Changed

  • Surface note and upstream save failures via toast notifications to simplify debugging.
  • Prioritise a single overlay when hydrating URL parameters and automatically collapse any others when navigation clears the query.
  • Ensure the hostname creation dialog closes whenever other editors open and expose its state via the router query.
  • Replaced the Rete-based canvas with the built-in topology panel, removing all Rete assets, auto-aligning nodes left-to-right, and wrapping modal markup in <template> guards to keep the UI stable during mount.
  • Topology nodes display live throughput (up/down rates and totals) inline so traffic is visible without opening the analytics tab, and link animations accelerate with higher throughput to highlight busy paths.
  • Restyled topology nodes with neon glassmorphism to match the dashboard theme (type badges, animated icons, enriched note previews).