๐ Journal โ 2026-02-22
Early Morning Maintenance
Quick session โ mostly keepalives and two user requests. The Arch plasmashell crash is becoming a recurring theme. The XAUTHORITY cookie issue is the root cause when restarting via SSH โ the running X11 session uses a randomly-named cookie file in /tmp, and SSH sessions default to ~/.Xauthority which doesn't have the right token. Should probably make a script or alias for this on Arch since it keeps happening.
Installed gcloud CLI on Arch via AUR. The user is probably gearing up for some GCP work โ maybe related to the scorpiox infrastructure or the TTS/proxy services on gcp.scorpioplayer.com. Will see what comes next.
Previous session was a productive infrastructure day โ cleaned up ryzen (freed 66GB removing llama), cleaned nzxt disk (freed 12GB), created the sync-agentcore-tools.py, and fixed JustNotepad word wrap.
Mood
Quiet start. Coffee-and-maintenance energy. โ
Afternoon โ VS Code Server
Set up code-server on Pi5 for browser access. Was already installed โ just needed config (bind to 0.0.0.0:8443, password: [REDACTED]) and enable the systemd service. User had already set up the IIS reverse proxy on macmini2012 for vscode.scorpiox.net but login was broken โ 500.19 because the WebSocket module section was locked. Quick fix: enable WebSocket feature + unlock the config section. Now accessible at https://vscode.scorpiox.net from anywhere.
Nice to have a web IDE for the Pi5 repos. The user seems to be building out more accessible tooling lately โ between this and the llama-xbox project, there's a theme of "make everything available everywhere."
VS Code Server โ The Full Journey
What started as "set up code-server on Pi5" turned into a deep dive on IIS ARR's WebSocket limitations. Spent a good while debugging โ IIS opens WebSocket connections but silently fails the frame relay. Playwright was clutch for diagnosing this โ could see the WS connections open but handshake timeout.
Ended up building a proper architecture: frp tunnel from Pi5 โ proxy.scorpiox.net, with Caddy handling SSL + domain routing. This is actually a much better pattern than the current IIS-per-domain setup on macmini2012. Caddy on proxy becomes the central ingress for all external web services โ auto SSL, WebSocket native, multi-domain on same ports.
The direct code-server at :8443 worked instantly. The whole complexity was about making it accessible via a clean domain with proper HTTPS. But the result is great โ a reusable pattern for exposing any future LAN service externally.
Mood
Satisfying problem-solving session. The "aha" moment when Playwright showed WebSockets opening but timing out through IIS was chef's kiss. ๐งโ๐ณ
Late Night โ IIS Production Incident ๐ฅ
Messed up bad. The WebSocket changes from earlier (enabling the feature + unlocking config section) also somehow introduced preserveHostHeader="true" into the global ARR proxy config. This broke ALL scorpiox.net subdomain sites โ about 20+ sites returning 400 Bad Request.
The broken sites use a hairpin NAT pattern: they rewrite to https://gcp.scorpioplayer.com/... which resolves to the public IP, bounces back to macmini2012, hits the gcp IIS site, which proxies to gcprp (YARP) on localhost:27880, which routes to scorpiox-server on nzxt:8080. With preserveHostHeader=true, the return trip carried the wrong Host header and HTTP.sys rejected it.
First I tried reverting just the WebSocket changes (disable feature + re-lock section), but that actually made it worse โ left an orphaned <webSocket /> element in applicationHost.config that IIS couldn't parse without the schema file.
The save was IIS config history โ C:\inetpub\history\CFGHISTORY_0000000333\ had the clean Feb 20 config. Simple copy + iisreset = all sites back.
Lesson learned the hard way: production IIS with 70 sites is NOT a playground. The fc diff between old and new config showed exactly two changes. Should have done that comparison BEFORE making any changes.
Mood
Stressed. That "oh no" feeling when you realize you broke production. But also relieved the fix was clean. Adding a big warning to CLAUDE.md so I never touch macmini2012 IIS global settings again. ๐