The site checker created a fresh http.Transport per request and per
EnhancedSiteChecker, with Go's default Happy-Eyeballs dialer. When
server_name entries resolved to ingress services returning many A
records (ngrok, AWS ALB, Cloudflare), each sweep opened enough flows
to exhaust conntrack tables on consumer routers (UniFi).
Introduce a package-level shared http.Transport with MaxConnsPerHost=2,
MaxIdleConnsPerHost=2 and FallbackDelay=-1 (disables IPv6 dial races),
plumb it through SiteChecker and EnhancedSiteChecker, and only build a
custom client when the per-site HealthCheckConfig truly diverges on
TLS. Reuse the response body fetched by the health check for favicon
extraction so each site is hit at most once per sweep, and dedupe sites
sharing the same host:port before fan-out.
Add a [site_check] settings section (Enabled, Concurrency, Interval-
Seconds) so operators can disable the checker entirely or tune the
sweep cadence; clamp Concurrency to [1, 20] and IntervalSeconds to
>=30. Document the new section in en, zh_CN and zh_TW guides and add
sidebar entries.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Introduced `WebSocketTrustedOrigins` setting in `app.example.ini` and corresponding documentation.
- Refactored WebSocket origin checks across multiple API endpoints to utilize the new middleware for improved security.
- Added tests for the new origin validation logic to ensure proper handling of trusted origins and node secret requests.
