Skip to content

feat(supply-depot): add MeshCore Web with self-signed HTTPS#1004

Open
chriscrosstalk wants to merge 1 commit into
devfrom
feat/supply-depot-meshcore-web
Open

feat(supply-depot): add MeshCore Web with self-signed HTTPS#1004
chriscrosstalk wants to merge 1 commit into
devfrom
feat/supply-depot-meshcore-web

Conversation

@chriscrosstalk

@chriscrosstalk chriscrosstalk commented Jun 9, 2026

Copy link
Copy Markdown
Collaborator

What

Adds MeshCore Web to the Supply Depot catalog (host port 8500), alongside the existing Meshtastic apps. MeshCore is a sibling LoRa mesh project to Meshtastic; this is its browser-based client (aXistem's prebuilt image of Liam Cottle's MeshCore client).

Why HTTPS

The image is stock nginx serving a static Flutter build over HTTP, but the MeshCore client reaches radios via Web Bluetooth / Web Serial, which browsers only permit from a secure (HTTPS) context. Over plain HTTP the app loads but cannot connect to a device.

NOMAD therefore serves it over HTTPS: a new preinstall hook generates a self-signed cert + a small SSL nginx config into storage/meshcore-web, both bind-mounted into the container (the config over the image's default.conf), publishing 443. This is the same one-time-browser-warning approach already used for Vaultwarden, whose openssl cert generation is refactored into a shared _ensureSelfSignedCert helper.

Changes

  • Catalog entry + MESHCORE_WEB service name + MESHCORE_WEB_STORAGE_PATH
  • _runPreinstallActions__MeshCoreWeb() (cert + SSL config); shared _ensureSelfSignedCert helper (Vaultwarden refactored onto it)
  • NOMAD-specific docs section + Manage > Docs anchor
  • Registers the IconAntenna icon
  • Notes MeshCore in the port-audit script's KNOWN_NEEDS_SETUP (it serves on 443 only with the mounted TLS config)

Meshtastic Web is unchanged.

Testing

Verified end-to-end on a NOMAD running v1.33.0-rc.1: installed through the real Supply Depot flow. The preinstall generated the cert + config, the container came up with the correct binds and 443 -> 8500, and https://<nomad>:8500 returns HTTP 200 serving the MeshCore client with working SPA fallback. nginx -t is clean.

Note

The three pre-existing tsc errors in app/jobs/*_job.ts (Redis EX typing) are already present on dev and are not introduced by this PR.

🤖 Generated with Claude Code

@chriscrosstalk @claude
feat(supply-depot): add MeshCore Web with self-signed HTTPS
0a3dfc2 
Adds the MeshCore web client to the Supply Depot catalog (host port 8500),
alongside the existing Meshtastic apps. Uses aXistem's prebuilt image of Liam
Cottle's MeshCore client (MeshCore is a sibling LoRa mesh project to Meshtastic).

The image is stock nginx serving a static Flutter build over HTTP, but the
client reaches radios via Web Bluetooth / Web Serial, which browsers only allow
from a secure (HTTPS) context. So we serve it over HTTPS: a new preinstall hook
generates a self-signed cert + a small SSL nginx config into storage/meshcore-web,
both bind-mounted into the container (the config over the image's default.conf),
publishing 443. Same one-time browser-warning approach as Vaultwarden, whose
openssl cert generation is refactored into a shared _ensureSelfSignedCert helper.

Also adds a NOMAD-specific docs section + Manage>Docs anchor, and registers the
IconAntenna icon. Meshtastic Web left unchanged.

Validated on NOMAD3 (v1.33.0-rc.1): the image + SSL config + self-signed cert
serves the MeshCore Flutter app over HTTPS 200 with working SPA fallback.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chriscrosstalk