自定义节点，使用Transform插件时，minWidth，minHeight属性不生效

[huyu456]

效果

1.自定义节点

2.注册节点代码

[Larrikinau]

I've thought about this further and ended up implementing a more comprehensive security solution than just restricted SSH keys.

Given the constraints with Ultra.cc shared hosting (no custom ports, no sudo access, firewall limitations), I went with a chroot jail approach combined with IP-based SSH restrictions:

What I Implemented:

1. IP-Based SSH Match Directive

Match Address 79.127.235.177 User markvos
    ChrootDirectory /chroot/rclone-sftp
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

This ensures the restrictions only apply to connections from the Ultra.cc IP, avoiding any lockout issues for local access.

2. Chroot Jail Structure

Created /chroot/rclone-sftp/ containing:

• Only the 4 required staging directories (bind mounted from /tank/)
• Minimal system binaries needed for SFTP operation
• No access to home directories, system files, or media libraries

3. Filesystem Isolation

The seedbox now sees only:

• /incomingmovies/
• /IncomingMovies_staging/
• /IncomingTV/
• /IncomingTV_staging/

Everything else is completely inaccessible.

4. Persistent Configuration

• Bind mounts added to /etc/fstab for persistence across reboots
• SSH configuration survives system updates
• Proper root ownership on chroot directories

Security Benefits:

• Complete filesystem isolation - seedbox cannot access anything outside the 4 directories
• SFTP-only access - no shell execution possible from seedbox
• IP-based restrictions - only applies to Ultra.cc, local access remains unrestricted
• Zero lockout risk - local admin access unaffected

Testing Results:

• ✅ rclone transfers work perfectly within restrictions
• ✅ Local SSH access completely unrestricted
• ✅ Seedbox cannot access /tank/Media/ or any system directories
• ✅ Configuration persists across reboots

This approach gives much stronger security than just SSH key restrictions while working within the Ultra.cc hosting constraints. The chroot jail provides true filesystem isolation rather than just limiting commands.

Thanks for the suggestion about reversed connections - while I couldn't implement that specific approach due to Ultra.cc limitations, it led me to implement this more robust solution!