Files
apix-mvp/infra/Caddyfile
T
Carsten Rehfeld 82a379e536
Deploy to Production / deploy (push) Failing after 47s
feat(admin): apix-admin UI at admin.api-index.org
Internal maintainer dashboard: global stats, sandbox list with
tier-filter and pagination, sandbox drill-down with D3 world map,
tier-promotion form. API-key auth via HttpOnly cookie. Port 8084,
rolling a/b deploy alongside the existing service pairs.

- apix-common: AdminSandboxSummary, AdminSandboxListResponse, AdminStatsResponse DTOs
- apix-registry: AdminResource (4 endpoints), SandboxService.listAllSandboxes + getGlobalStats
- apix-registry: SandboxResource GET /{uuid}/dashboard endpoint (was missing — fixes portal 500)
- apix-portal: RegistryClient path corrected to /dashboard
- apix-admin: new Quarkus module — auth filter, registry REST client, 3 resources, 6 Qute templates, admin.js
- infra: Dockerfile.admin, docker-compose admin-a/b services, Caddyfile admin.api-index.org block
- scripts: deploy-bluegreen.sh extended for admin-a/b

Co-Authored-By: Mira Rehfeld <noreply@anthropic.com>
2026-05-16 21:18:48 +02:00

75 lines
1.8 KiB
Caddyfile

www.api-index.org {
reverse_proxy portal-a:8081 portal-b:8081 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
api-index.org {
reverse_proxy registry-a:8180 registry-b:8180 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
-Server
}
log {
output file /var/log/caddy/api-index.log
format json
}
}
demo.api-index.org {
reverse_proxy demo-a:8083 demo-b:8083 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
header X-Content-Type-Options "nosniff"
header -Server
}
admin.api-index.org {
reverse_proxy admin-a:8084 admin-b:8084 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
header X-Content-Type-Options "nosniff"
header X-Frame-Options "DENY"
header Referrer-Policy "strict-origin"
header -Server
}
git.api-index.org {
reverse_proxy gitea:3001
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
header -Server
}
# grafana.api-index.org — access via SSH tunnel for now:
# ssh -L 3000:localhost:3000 deploy@204.168.156.179
# Uncomment when DNS record is added and bcrypt hash is generated:
# caddy hash-password --plaintext <password>
# grafana.api-index.org {
# basic_auth {
# admin $2a$14$REPLACE_WITH_BCRYPT_HASH
# }
# reverse_proxy grafana:3000
# header Strict-Transport-Security "max-age=31536000; includeSubDomains"
# }