132 lines
4.1 KiB
Text
132 lines
4.1 KiB
Text
# Local development reverse proxy — atlilith V3
|
|
#
|
|
# Resolves *.atlilith.apricot.lan domains to their Vite dev servers.
|
|
# Run: caddy run --config @platform/infrastructure/Caddyfile.local
|
|
#
|
|
# Uses internal TLS (mkcert) for .lan domains.
|
|
#
|
|
# Adding a new dev subdomain → add it to gen-local-certs.sh DOMAINS array
|
|
# (or include in the wildcard), add a server block below with `import local_tls`.
|
|
|
|
{
|
|
# auto_https off — TLS is explicit per-site via mkcert certs.
|
|
http_port 80
|
|
https_port 443
|
|
default_bind 0.0.0.0 ::
|
|
auto_https off
|
|
}
|
|
|
|
# Unified mkcert wildcard for all *.atlilith.apricot.lan dev hosts.
|
|
# Regenerate the cert: @platform/scripts/gen-local-certs.sh
|
|
(local_tls) {
|
|
tls /var/home/lilith/Code/@projects/@atlilith/@platform/infrastructure/certs/_wildcard.atlilith.apricot.lan.crt /var/home/lilith/Code/@projects/@atlilith/@platform/infrastructure/certs/_wildcard.atlilith.apricot.lan.key
|
|
}
|
|
|
|
# HTTP → HTTPS redirect for all .atlilith.apricot.lan domains
|
|
:80 {
|
|
redir https://{host}{uri} 301
|
|
}
|
|
|
|
# ─── Provider sites (per-instance) ─────────────────────────────────────────
|
|
# Quinn's instance keeps the quinn.apricot.lan hostnames during cutover;
|
|
# new providers get {provider}.atlilith.apricot.lan.
|
|
|
|
https://atlilith.apricot.lan {
|
|
import local_tls
|
|
# Marketing landing (Vite on :5220)
|
|
handle {
|
|
reverse_proxy 127.0.0.1:5220 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── Provider portal (generic) ─────────────────────────────────────────────
|
|
https://portal.atlilith.apricot.lan {
|
|
import local_tls
|
|
handle {
|
|
reverse_proxy 127.0.0.1:5274 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── AI assistant ──────────────────────────────────────────────────────────
|
|
https://ai.atlilith.apricot.lan {
|
|
import local_tls
|
|
handle {
|
|
reverse_proxy 127.0.0.1:5276 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── Messenger ─────────────────────────────────────────────────────────────
|
|
https://m.atlilith.apricot.lan {
|
|
import local_tls
|
|
handle {
|
|
reverse_proxy 127.0.0.1:5275 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── Admin (platform-wide) ─────────────────────────────────────────────────
|
|
https://admin.atlilith.apricot.lan {
|
|
import local_tls
|
|
handle {
|
|
reverse_proxy 127.0.0.1:5221 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── SSO (auth) ────────────────────────────────────────────────────────────
|
|
https://sso.atlilith.apricot.lan {
|
|
import local_tls
|
|
handle {
|
|
reverse_proxy 127.0.0.1:3045 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── API gateway (Hono) ────────────────────────────────────────────────────
|
|
https://api.atlilith.apricot.lan {
|
|
import local_tls
|
|
handle {
|
|
reverse_proxy 127.0.0.1:3050 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# ─── Analytics (org-analytics) ─────────────────────────────────────────────
|
|
https://data.atlilith.apricot.lan {
|
|
import local_tls
|
|
|
|
# SSO auth gate (DEV_MODE: SSO always returns 200, transparent passthrough).
|
|
@protected not path /analytics/track/*
|
|
forward_auth @protected localhost:3045 {
|
|
uri /auth/validate
|
|
|
|
@unauthed status 401
|
|
handle_response @unauthed {
|
|
redir https://sso.atlilith.apricot.lan/login?redirect=https://{host}{uri} 302
|
|
}
|
|
}
|
|
|
|
# Public ingest path (write-key authenticated by collector).
|
|
handle /analytics/track/* {
|
|
reverse_proxy 127.0.0.1:4201 {
|
|
header_up X-Write-Key "dev-write-key"
|
|
}
|
|
}
|
|
|
|
# Dashboard SPA
|
|
handle {
|
|
reverse_proxy 127.0.0.1:5211 {
|
|
header_up Host {host}
|
|
}
|
|
}
|
|
}
|