feat(web,host/windows): move the web console off :3000 to :47992
apple / swift (push) Successful in 1m6s
apple / screenshots (push) Has been cancelled
ci / rust (push) Has been cancelled
ci / web (push) Has been cancelled
ci / docs-site (push) Has been cancelled
ci / bench (push) Has been cancelled
android-screenshots / screenshots (push) Successful in 50s
android / android (push) Successful in 3m25s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 33s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 4s
windows-host / package (push) Successful in 6m28s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 52s
windows-msix / package (arm64, C:\Users\Public\ffmpeg-arm64, aarch64-pc-windows-msvc, C:\t-a64) (push) Successful in 1m3s
windows-msix / package (x64, C:\Users\Public\ffmpeg, x86_64-pc-windows-msvc, C:\t) (push) Successful in 1m5s
linux-client-screenshots / screenshots (push) Successful in 2m9s
release / apple (push) Successful in 9m25s
docker / deploy-docs (push) Successful in 20s
web-screenshots / screenshots (push) Successful in 2m33s
deb / build-publish (push) Successful in 3m19s
decky / build-publish (push) Successful in 19s
flatpak / build-publish (push) Successful in 5m9s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Successful in 9m21s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 8m38s

Port 3000 collides with half the dev-server ecosystem; 47992 sits next
to the mgmt API (47990) in the punktfunk port family. Updates the run
scripts, systemd/scheduled-task units, Dockerfile, Windows firewall
rule + installer, packaging, and every doc that referenced :3000.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-02 18:17:42 +00:00
parent 0c17343a50
commit 861da54066
31 changed files with 53 additions and 53 deletions
+1 -1
View File
@@ -40,5 +40,5 @@ PUNKTFUNK_UI_TLS_KEY=/home/you/.config/punktfunk/key.pem
PUNKTFUNK_UI_SECURE=1
# The Bun server binds these (standard Nitro env):
# PORT=3000
# PORT=47992
# HOST=0.0.0.0
+3 -3
View File
@@ -4,7 +4,7 @@
#
# docker build -f web/Dockerfile -t punktfunk-web .
#
# Runtime: PORT (default 3000) and PUNKTFUNK_MGMT_URL (upstream management API the Nitro
# Runtime: PORT (default 47992) and PUNKTFUNK_MGMT_URL (upstream management API the Nitro
# server proxies /api to; see web/server/routes).
FROM oven/bun:1 AS build
WORKDIR /repo/web
@@ -24,6 +24,6 @@ FROM oven/bun:1-slim
WORKDIR /app
COPY --from=build /repo/web/.output ./.output
USER bun
ENV PORT=3000
EXPOSE 3000
ENV PORT=47992
EXPOSE 47992
CMD ["bun", "run", ".output/server/index.mjs"]
+3 -3
View File
@@ -18,7 +18,7 @@ The `@unom` registry mapping lives in [`.npmrc`](.npmrc); the auth token comes f
```sh
# from web/ — Bun is the toolchain (https://bun.sh)
bun install # runs `prepare` → codegen (orval + paraglide)
bun run dev # http://localhost:3000
bun run dev # http://localhost:47992
# The dev server proxies /api → https://127.0.0.1:47990 (the host's mgmt API; it serves HTTPS
# with the host's self-signed identity cert — the dev proxy uses `secure: false`).
@@ -50,7 +50,7 @@ LAN console.)
```sh
bun run build # → .output/ (Nitro `bun` preset + our Bun.serve TLS entry)
PORT=3000 HOST=0.0.0.0 \
PORT=47992 HOST=0.0.0.0 \
PUNKTFUNK_UI_PASSWORD=PUNKTFUNK_MGMT_TOKEN=\
PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990 NODE_TLS_REJECT_UNAUTHORIZED=0 \
PUNKTFUNK_UI_TLS_CERT=~/.config/punktfunk/cert.pem \
@@ -63,7 +63,7 @@ bun run lint # tsc --noEmit
```
The built **Nitro bun server** SSR-renders the app and is the only thing exposed on the LAN.
Run it on the same box as the host; it serves the console over HTTPS on `:3000` (or `$PORT`).
Run it on the same box as the host; it serves the console over HTTPS on `:47992` (or `$PORT`).
## Auth (backend-for-frontend)
+1 -1
View File
@@ -7,7 +7,7 @@
"prepare": "bun run codegen",
"codegen": "orval --config orval.config.ts && paraglide-js compile --project ./project.inlang --outdir ./src/paraglide",
"predev": "orval --config orval.config.ts",
"dev": "vite dev --port 3000",
"dev": "vite dev --port 47992",
"prebuild": "orval --config orval.config.ts",
"build": "vite build",
"start": "bun run .output/server/index.mjs",
+2 -2
View File
@@ -3,7 +3,7 @@ rem punktfunk web console launcher - DEV layout (in-repo tree). The PunktfunkWeb
rem (boot trigger, SYSTEM, restart-on-failure) runs this at startup. It sources the host's mgmt bearer
rem token + the console login password from %ProgramData%\punktfunk\, points the /api proxy at the
rem host's loopback HTTPS mgmt API, and serves the self-contained (no-node_modules) Nitro console over
rem HTTPS (HTTP/1.1 over TLS) on :3000 with the host's identity cert. %~dp0 = <repo>\web\ .
rem HTTPS (HTTP/1.1 over TLS) on :47992 with the host's identity cert. %~dp0 = <repo>\web\ .
rem
rem DEV vs the installed launcher (scripts\windows\web-run.cmd): the dev host service runs from
rem target\release (not the installed {app} tree), so this runs the in-repo web\.output. The console
@@ -35,7 +35,7 @@ for /f "usebackq tokens=1* delims==" %%A in ("%TOKENFILE%") do set "%%A=%%B"
if exist "%PWFILE%" for /f "usebackq tokens=1* delims==" %%A in ("%PWFILE%") do set "%%A=%%B"
rem Fixed deployment wiring (the Windows analogue of scripts/punktfunk-web.service).
set "PORT=3000"
set "PORT=47992"
set "HOST=0.0.0.0"
set "PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990"
set "NODE_TLS_REJECT_UNAUTHORIZED=0"
+2 -2
View File
@@ -3,7 +3,7 @@
# On a `apt install punktfunk-web` install you DO NOT edit anything: the systemd --user units wire
# everything automatically —
# punktfunk-web.service sets PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990, NODE_TLS_REJECT_UNAUTHORIZED=0,
# PORT=3000, HOST=0.0.0.0, the PUNKTFUNK_UI_TLS_* cert paths + PUNKTFUNK_UI_SECURE=1, and sources:
# PORT=47992, HOST=0.0.0.0, the PUNKTFUNK_UI_TLS_* cert paths + PUNKTFUNK_UI_SECURE=1, and sources:
# ~/.config/punktfunk/mgmt-token (written by the host's `serve` — the shared bearer token)
# ~/.config/punktfunk/web-password (written by punktfunk-web-init — the console login password)
# ~/.config/punktfunk/{cert,key}.pem (the host identity — the console serves HTTPS with it)
@@ -14,7 +14,7 @@
# (its only outbound TLS hop is that loopback connection).
PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990
NODE_TLS_REJECT_UNAUTHORIZED=0
PORT=3000
PORT=47992
HOST=0.0.0.0
# Serve the console over HTTPS (HTTP/1.1 over TLS) with the host's own identity cert. BOTH paths