Ilia Denisov
4b2a949f12
`api.galaxy.lan` was proxying every path to `galaxy-api:8080` (the public REST listener), so authenticated Connect-Web calls (`/galaxy.gateway.v1.EdgeGateway/ExecuteCommand`, `/galaxy.gateway.v1.EdgeGateway/SubscribeEvents`) collapsed to a 404 from the public route table — the lobby loaded the static bundle but every authenticated query failed silently. Split routing by path: `/galaxy.gateway.v1.EdgeGateway/*` goes to the authenticated listener on `:9090`, everything else stays on `:8080`. Mirrors the Vite dev-server proxy in `ui/frontend/vite.config.ts`. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
35 lines
1.0 KiB
Caddyfile
35 lines
1.0 KiB
Caddyfile
# Application-routing Caddy for the long-lived dev environment.
|
|
# Listens only on the `edge` Docker network; TLS termination and the
|
|
# real `:80`/`:443` listeners belong to the host Caddy in front of us.
|
|
#
|
|
# `/srv/galaxy-ui` is mounted from the `galaxy-dev-ui-dist` named volume,
|
|
# refreshed on every dev-deploy run.
|
|
{
|
|
auto_https off
|
|
}
|
|
|
|
:80 {
|
|
@frontend host www.galaxy.lan
|
|
handle @frontend {
|
|
root * /srv/galaxy-ui
|
|
try_files {path} /index.html
|
|
file_server
|
|
encode zstd gzip
|
|
}
|
|
|
|
@api host api.galaxy.lan
|
|
handle @api {
|
|
# Connect-Web (authenticated) lives on a separate listener
|
|
# (`GATEWAY_AUTHENTICATED_GRPC_ADDR=:9090`). Anything else —
|
|
# public auth, healthz — is the public REST listener on
|
|
# `:8080`. The split mirrors the Vite dev-server proxy in
|
|
# `ui/frontend/vite.config.ts`.
|
|
@connect path /galaxy.gateway.v1.EdgeGateway/*
|
|
handle @connect {
|
|
reverse_proxy galaxy-api:9090
|
|
}
|
|
reverse_proxy galaxy-api:8080
|
|
}
|
|
}
|