Skip to content

v1.0.4 — Replication, Engine v3.3.32, SNI Policy & Metrics

Choose a tag to compare

View all tags
@SamNet-dev SamNet-dev released this 28 Mar 15:36
· 47 commits to main since this release
v1.0.4
1e9a8e2

What's New

🗂️ Master-Slave Replication (#39)

Automatic config synchronization from a master server to one or more slaves via rsync+SSH on a configurable interval (default: 60s).

  • Synced files: secrets.conf, upstreams.conf, instances.conf, config.toml
  • Never synced: settings.conf, replication.conf (slave role always preserved)
  • Wizard: mtproxymax replication setup — interactive master/slave/standalone setup
  • Failover: mtproxymax replication promote — promote slave to master
  • Configurable SSH user (REPLICATION_SSH_USER), rsync --delete toggle, dependency checks
  • TUI: [r] Replication in main menu with full management interface
  • 112 unit tests included

🛡️ Unknown SNI Policy (#40)

Configurable mask (permissive, default) or drop (strict) for TLS connections with non-matching SNI.

  • CLI: mtproxymax sni-policy [mask|drop]
  • TUI: Security & Routing > Unknown SNI Policy
  • Hot-reloads instantly — no container restart needed

📊 Engine Metrics Dashboard

  • mtproxymax metrics — connections, upstream routing, per-user stats, ME pool status
  • mtproxymax metrics live [seconds] — auto-refresh dashboard

🔄 Reset Traffic Counters

  • mtproxymax secret reset-traffic <label|all> — manually reset per-user cumulative traffic

⚙️ Engine Upgrade (v3.3.30 → v3.3.32)

  • Bounded hybrid routing loop — hard timeout on ME no-writer recovery
  • ArcSwap snapshots — lock-free concurrent reads, less contention
  • Parallel health checks — reduced latency during writer recovery
  • Refined quarantine — draining writers no longer needlessly quarantine healthy endpoints
  • New backpressure model — tiered base/high watermark
  • TLS fetcher redesign — adaptive profile cascade, per-target caching
  • Atomic per-user quotas — removed locking from hot path

Bug Fixes

  • Fix proxy auto-restarting after intentional stop (#49) — Docker restart policy and bot auto-recovery now respect a manual stop
  • Fix 'echo: write error: Broken pipe' on Alpine (#37) — replaced process-substitution FIFOs with here-strings
  • Fix menu requiring double input on Alpine (#38) — drain leftover escape-sequence bytes from multi-byte key presses
  • Fix 'Enter choice' prompt disappearing on Alpine (#48) — removed -s flag from input drain reads
  • Fix SNI rejection after engine upgrade (#40) — unknown_sni_action default changed to drop in v3.3.31+, now explicitly configurable
  • Fix traffic stats lost on restart (#44) — flush traffic before hot-reload; save existing cumulative even when Prometheus unreachable
  • Fix update lock leak (#43) — flock FD now released via trap RETURN; fixed false "already running" in same TUI session
  • Auto-clean old Docker images (#45) — old engine images pruned on every update
  • Re-exec after script update (#46) — TUI automatically restarts with the new version after update
  • Fix hot-reloadcp config in-place instead of mv to preserve Docker bind-mount inode

Upgrade

mtproxymax update
Assets 2
Loading