From 8ef56c6d91684bf34b25071aca0b8d6658aadcc9 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Tue, 10 Mar 2026 17:28:06 +0530
Subject: [PATCH] reverseproxy: fix restore of trusted ips

---
 src/provision.js    |  2 +-
 src/reverseproxy.js | 25 ++++++++++++++-----------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/provision.js b/src/provision.js
index cb6018fbb..0c663eb9e 100644
--- a/src/provision.js
+++ b/src/provision.js
@@ -190,7 +190,7 @@ async function restoreTask(backupSite, remotePath, ipv4Config, ipv6Config, optio
         await ensureDhparams();
         await network.setIPv4Config(ipv4Config);
         await network.setIPv6Config(ipv6Config);
-        await reverseProxy.restoreFallbackCertificates();
+        await reverseProxy.reprovision();
 
         await backupSites.reinitAll();
 
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 75f85edc7..f0ec13cc9 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -27,7 +27,6 @@ import tasks from './tasks.js';
 const debug = debugModule('box:reverseproxy');
 const shell = shellModule('reverseproxy');
 
-
 const NGINX_APPCONFIG_EJS = fs.readFileSync(import.meta.dirname + '/nginxconfig.ejs', { encoding: 'utf8' });
 const RESTART_SERVICE_CMD = path.join(import.meta.dirname, 'scripts/restartservice.sh');
 
@@ -164,15 +163,6 @@ function writeFileSync(filePath, data) {
     return true;
 }
 
-async function restoreFallbackCertificates() {
-    const result = await domains.list();
-
-    for (const domain of result) {
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain.domain}.host.cert`), domain.fallbackCertificate.cert)) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain.domain}.host.key`), domain.fallbackCertificate.key)) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
-    }
-}
-
 async function setupTlsAddon(app) {
     assert.strictEqual(typeof app, 'object');
 
@@ -717,6 +707,19 @@ async function setTrustedIps(trustedIps) {
     await reload();
 }
 
+async function reprovision() {
+    debug('reprovision: restoring fallback certs and trusted ips');
+
+    const result = await domains.list();
+
+    for (const domain of result) {
+        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain.domain}.host.cert`), domain.fallbackCertificate.cert)) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
+        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain.domain}.host.key`), domain.fallbackCertificate.key)) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
+    }
+
+    await setTrustedIps(await getTrustedIps());
+}
+
 export default {
     setUserCertificate, // per location certificate
     setFallbackCertificate, // per domain certificate
@@ -740,7 +743,7 @@ export default {
 
     removeDashboardConfig,
     removeAppConfigs,
-    restoreFallbackCertificates,
+    reprovision,
 
     handleCertificateProviderChanged,