feat: replace onebox ingress with SmartProxy
This commit is contained in:
+15
-16
@@ -44,42 +44,42 @@ ts/database/
|
||||
- All methods delegate to the appropriate repository
|
||||
- No breaking changes for existing code
|
||||
|
||||
## Current Migration Version: 8
|
||||
## Current Migration Version: 15
|
||||
|
||||
Migration 8 converted certificate storage from file paths to PEM content.
|
||||
Migration 15 renames the core reverse proxy platform service from `caddy` to `smartproxy`.
|
||||
|
||||
## Reverse Proxy (November 2025 - Caddy Docker Service)
|
||||
## Reverse Proxy (April 2026 - SmartProxy Docker Service)
|
||||
|
||||
The reverse proxy uses **Caddy** running as a Docker Swarm service for production-grade reverse proxying with native SNI support, HTTP/2, HTTP/3, and WebSocket handling.
|
||||
The reverse proxy uses **SmartProxy** running as a Docker Swarm service for production-grade reverse proxying with TLS termination and WebSocket handling.
|
||||
|
||||
**Architecture:**
|
||||
|
||||
- Caddy runs as Docker Swarm service (`onebox-caddy`) on the overlay network
|
||||
- No binary download required - uses `caddy:2-alpine` Docker image
|
||||
- Configuration pushed dynamically via Caddy Admin API (port 2019)
|
||||
- SmartProxy runs as Docker Swarm service (`onebox-smartproxy`) on the overlay network
|
||||
- No host binary download required - uses `code.foss.global/host.today/ht-docker-smartproxy:latest`
|
||||
- Routes are pushed dynamically via the SmartProxy admin API (host port 2019)
|
||||
- Automatic HTTPS disabled - certificates managed externally via SmartACME
|
||||
- Zero-downtime configuration updates
|
||||
- Services reached by Docker service name (e.g., `onebox-hello-world:80`)
|
||||
|
||||
**Key files:**
|
||||
|
||||
- `ts/classes/caddy.ts` - CaddyManager class for Docker service and Admin API
|
||||
- `ts/classes/reverseproxy.ts` - Delegates to CaddyManager
|
||||
- `ts/classes/smartproxy.ts` - SmartProxyManager class for Docker service and Admin API
|
||||
- `ts/classes/reverseproxy.ts` - Delegates to SmartProxyManager
|
||||
|
||||
**Certificate workflow:**
|
||||
|
||||
1. `CertRequirementManager` creates requirements for domains
|
||||
2. Daemon processes requirements via `certmanager.ts`
|
||||
3. Certificates stored in database (PEM content)
|
||||
4. `reverseProxy.addCertificate()` passes PEM content to Caddy via `load_pem` (inline in config)
|
||||
5. Caddy serves TLS with the loaded certificates (no volume mounts needed)
|
||||
4. `reverseProxy.addCertificate()` passes PEM content to SmartProxy route config
|
||||
5. SmartProxy serves TLS with the loaded certificates (no volume mounts needed)
|
||||
|
||||
**Docker Service Configuration:**
|
||||
|
||||
- Service name: `onebox-caddy`
|
||||
- Image: `caddy:2-alpine`
|
||||
- Service name: `onebox-smartproxy`
|
||||
- Image: `code.foss.global/host.today/ht-docker-smartproxy:latest`
|
||||
- Network: `onebox-network` (overlay, attachable)
|
||||
- Startup: Writes initial config with `admin.listen: 0.0.0.0:2019` for host access
|
||||
- Startup: SmartProxy daemon admin API listens on container port 3000, published on host port 2019
|
||||
|
||||
**Port Mapping:**
|
||||
|
||||
@@ -89,5 +89,4 @@ The reverse proxy uses **Caddy** running as a Docker Swarm service for productio
|
||||
|
||||
**Log Receiver:**
|
||||
|
||||
- Caddy sends access logs to `tcp/172.17.0.1:9999` (Docker bridge gateway)
|
||||
- `CaddyLogReceiver` on host receives and processes logs
|
||||
- `ProxyLogReceiver` remains the host-side access-log stream endpoint for proxy log integrations
|
||||
|
||||
Reference in New Issue
Block a user