# Local development reverse proxy — atlilith V3 # # Resolves *.atlilith.apricot.lan domains to their Vite dev servers. # Run: caddy run --config @platform/infrastructure/Caddyfile.local # # Uses internal TLS (mkcert) for .lan domains. # # Adding a new dev subdomain → add it to gen-local-certs.sh DOMAINS array # (or include in the wildcard), add a server block below with `import local_tls`. { # auto_https off — TLS is explicit per-site via mkcert certs. http_port 80 https_port 443 default_bind 0.0.0.0 :: auto_https off } # Unified mkcert wildcard for all *.atlilith.apricot.lan dev hosts. # Regenerate the cert: @platform/scripts/gen-local-certs.sh (local_tls) { tls /var/home/lilith/Code/@projects/@atlilith/@platform/infrastructure/certs/_wildcard.atlilith.apricot.lan.crt /var/home/lilith/Code/@projects/@atlilith/@platform/infrastructure/certs/_wildcard.atlilith.apricot.lan.key } # HTTP → HTTPS redirect for all .atlilith.apricot.lan domains :80 { redir https://{host}{uri} 301 } # ─── Provider sites (per-instance) ───────────────────────────────────────── # Quinn's instance keeps the quinn.apricot.lan hostnames during cutover; # new providers get {provider}.atlilith.apricot.lan. https://atlilith.apricot.lan { import local_tls # Marketing landing (Vite on :5220) handle { reverse_proxy 127.0.0.1:5220 { header_up Host {host} } } } # ─── Provider portal (generic) ───────────────────────────────────────────── https://portal.atlilith.apricot.lan { import local_tls handle { reverse_proxy 127.0.0.1:5274 { header_up Host {host} } } } # ─── AI assistant ────────────────────────────────────────────────────────── https://ai.atlilith.apricot.lan { import local_tls handle { reverse_proxy 127.0.0.1:5276 { header_up Host {host} } } } # ─── Messenger ───────────────────────────────────────────────────────────── https://m.atlilith.apricot.lan { import local_tls handle { reverse_proxy 127.0.0.1:5275 { header_up Host {host} } } } # ─── Admin (platform-wide) ───────────────────────────────────────────────── https://admin.atlilith.apricot.lan { import local_tls handle { reverse_proxy 127.0.0.1:5221 { header_up Host {host} } } } # ─── SSO (auth) ──────────────────────────────────────────────────────────── https://sso.atlilith.apricot.lan { import local_tls handle { reverse_proxy 127.0.0.1:3045 { header_up Host {host} } } } # ─── API gateway (Hono) ──────────────────────────────────────────────────── https://api.atlilith.apricot.lan { import local_tls handle { reverse_proxy 127.0.0.1:3050 { header_up Host {host} } } } # ─── Analytics (org-analytics) ───────────────────────────────────────────── https://data.atlilith.apricot.lan { import local_tls # SSO auth gate (DEV_MODE: SSO always returns 200, transparent passthrough). @protected not path /analytics/track/* forward_auth @protected localhost:3045 { uri /auth/validate @unauthed status 401 handle_response @unauthed { redir https://sso.atlilith.apricot.lan/login?redirect=https://{host}{uri} 302 } } # Public ingest path (write-key authenticated by collector). handle /analytics/track/* { reverse_proxy 127.0.0.1:4201 { header_up X-Write-Key "dev-write-key" } } # Dashboard SPA handle { reverse_proxy 127.0.0.1:5211 { header_up Host {host} } } }