R3: split the landing into its own static container

- gateway/Dockerfile gains a `landing` target: caddy:2-alpine + the shared Vite build (identical build args keep the ui stage a single cached build); the gateway target drops landing.html from the embed. - The contour caddy routes /app/, /telegram/ and the Connect path to the gateway; the catch-all — the landing at / and any stray path — goes to the new landing service, so junk traffic is absorbed by static file serving. - deploy/landing/Caddyfile mirrors the webui caching (immutable assets, no-cache shells) and falls back unknown paths to the landing shell. - The gateway's / now 308-redirects to /app/ (keeps a local no-caddy run usable); webui placeholder landing.html removed. - CI deploy probe checks both / (landing) and /app/ (gateway). Verified: both images build; the landing container serves landing.html at / (no-cache) with junk-path fallback; the gateway image redirects / to /app/ and carries no landing content.
2026-06-10 02:20:10 +02:00
parent ab58062565
commit f20a4b49ff
10 changed files with 141 additions and 66 deletions
@@ -298,17 +298,21 @@ jobs:
          # pick up the fresh config.
          docker compose --ansi never up -d --force-recreate --no-deps caddy otelcol prometheus tempo grafana
-      - name: Probe the gateway through caddy
+      - name: Probe the landing and the gateway through caddy
        run: |
          set -u
          # Two probes through the contour caddy (R3 split): "/" is the static
          # landing container, "/app/" is the gateway-served SPA shell.
          for i in $(seq 1 20); do
-            if docker run --rm --network edge alpine:3.20 wget -q -T 5 -O /dev/null http://scrabble/; then
+            if docker run --rm --network edge alpine:3.20 wget -q -T 5 -O /dev/null http://scrabble/ &&
-              echo "healthy: GET http://scrabble/"
+               docker run --rm --network edge alpine:3.20 wget -q -T 5 -O /dev/null http://scrabble/app/; then
              echo "healthy: GET http://scrabble/ (landing) + /app/ (gateway)"
              exit 0
            fi
            sleep 3
          done
-          echo "probe failed; recent gateway logs:"
+          echo "probe failed; recent landing + gateway logs:"
          docker logs --tail 50 scrabble-landing || true
          docker logs --tail 50 scrabble-gateway || true
          exit 1
@@ -1,7 +1,9 @@
 # Edge reverse proxy for the Scrabble contour. A single Basic-Auth gate covers
 # every operator surface under /_gm (the backend-rendered admin console and the
-# Grafana subpath); everything else (the SPA at / and /telegram/, plus the
+# Grafana subpath); the game SPA (/app/, /telegram/) and the Connect edge go to
-# Connect edge) goes to the gateway. Mirrors ../galaxy-game's /_gm model.
+# the gateway; the catch-all — notably the public landing at / — goes to the
 # static landing container (R3), so stray traffic never reaches the Go edge.
 # Mirrors ../galaxy-game's /_gm model.
 #
 # CADDY_SITE_ADDRESS is ":80" in the test contour (the host caddy terminates TLS
 # and forwards); set it to a domain in prod (Stage 18) so this caddy does its own
@@ -36,8 +38,14 @@
 		}
 	}
-	# The SPA (/, /telegram/) and the Connect edge are served by the gateway.
+	# The game SPA and the Connect edge are served by the gateway.
-	handle {
+	@gateway path /app /app/* /telegram /telegram/* /scrabble.edge.v1.Gateway/*
 	handle @gateway {
 		reverse_proxy gateway:8081
 	}
 	# Everything else — the public landing at / and any stray path — is static.
 	handle {
 		reverse_proxy landing:80
 	}
 }
@@ -75,6 +75,7 @@ services:
    build:
      context: ..
      dockerfile: gateway/Dockerfile
      target: gateway
      args:
        VITE_TELEGRAM_BOT_ID: ${VITE_TELEGRAM_BOT_ID:-}
        VITE_TELEGRAM_LINK: ${VITE_TELEGRAM_LINK:-}
@@ -100,6 +101,28 @@ services:
      # caddy owns the /_gm Basic-Auth and routes /_gm to the backend directly.
    networks: [internal]
  # --- Landing (static) -------------------------------------------------------
  # The public landing page in its own caddy container (R3): the contour caddy
  # routes the catch-all (notably /) here, the gateway keeps only /app/,
  # /telegram/ and the Connect edge. Shares the gateway Dockerfile's UI build
  # stage — identical build args keep that stage a single cached build.
  landing:
    container_name: scrabble-landing
    image: scrabble-landing:latest
    build:
      context: ..
      dockerfile: gateway/Dockerfile
      target: landing
      args:
        VITE_TELEGRAM_BOT_ID: ${VITE_TELEGRAM_BOT_ID:-}
        VITE_TELEGRAM_LINK: ${VITE_TELEGRAM_LINK:-}
        VITE_TELEGRAM_GAME_CHANNEL_NAME_EN: ${VITE_TELEGRAM_GAME_CHANNEL_NAME_EN:-}
        VITE_TELEGRAM_GAME_CHANNEL_NAME_RU: ${VITE_TELEGRAM_GAME_CHANNEL_NAME_RU:-}
        VITE_GATEWAY_URL: ${VITE_GATEWAY_URL:-}
        VITE_APP_VERSION: ${APP_VERSION:-dev}
    restart: unless-stopped
    networks: [internal]
  # --- Telegram connector (egress via the VPN sidecar) -----------------------
  vpn:
    container_name: scrabble-telegram-vpn
@@ -145,12 +168,13 @@ services:
      OTEL_EXPORTER_OTLP_ENDPOINT: http://otelcol:4317
      OTEL_EXPORTER_OTLP_INSECURE: "true"
-  # --- Edge reverse proxy (single /_gm Basic-Auth; SPA + Connect -> gateway) --
+  # --- Edge reverse proxy (single /_gm Basic-Auth; SPA + Connect -> gateway;
  #     the catch-all incl. the landing -> the static landing container) -------
  caddy:
    container_name: scrabble-caddy
    image: caddy:2-alpine
    restart: unless-stopped
-    depends_on: [gateway, backend, grafana]
+    depends_on: [gateway, backend, grafana, landing]
    environment:
      # Test: ":80" (host caddy terminates TLS). Prod: a domain for own ACME.
      CADDY_SITE_ADDRESS: ${CADDY_SITE_ADDRESS:-:80}
@@ -0,0 +1,27 @@
 # Static landing container (R3). Serves the public landing page and the built
 # assets it references at /; the game SPA (/app/, /telegram/) and the Connect
 # edge stay on the gateway. The contour caddy routes the catch-all here, so
 # stray public paths are absorbed by static file serving and never reach the Go
 # edge. This file is baked into the image at build time (gateway/Dockerfile,
 # target `landing`), not bind-mounted.
 {
 	admin off
 }
 :80 {
 	root * /srv
 	encode zstd gzip
 	# Mirror the gateway webui caching: hash-named build assets are immutable,
 	# every HTML shell is no-cache so a new deploy is picked up immediately.
 	header /assets/* Cache-Control "public, max-age=31536000, immutable"
 	@shell not path /assets/*
 	header @shell Cache-Control "no-cache"
 	# An unknown path falls back to the landing shell (the gateway's old "/"
 	# behaviour); "/" itself resolves through the index below.
 	try_files {path} /landing.html
 	file_server {
 		index landing.html
 	}
 }
@@ -1,15 +1,18 @@
-# Multi-stage build for the gateway service. A node stage builds the static UI
+# Multi-stage build for the gateway service and the landing image. A node stage
-# (Vite), the result is embedded into the Go binary (gateway/internal/webui/dist),
+# builds the static UI (Vite) once; the `landing` target serves that build from a
-# and the Go stage — mirroring platform/telegram/Dockerfile — yields a static
+# static caddy container (the public landing at /, R3), while the final gateway
-# binary shipped on distroless nonroot. So the single binary serves the SPA at /
+# target embeds it — minus landing.html — into the Go binary
-# and /telegram/ (docs/ARCHITECTURE.md §13) with no separate static container.
+# (gateway/internal/webui/dist), which serves the game SPA at /app/ and
 # /telegram/ (docs/ARCHITECTURE.md §13). The Go stage mirrors
 # platform/telegram/Dockerfile and ships on distroless nonroot.
 #
 # The production UI build vars are image build-args, baked into the bundle.
-# Build from the repository root so go.work, pkg/, gateway/ and ui/ are all in the
+# Build from the repository root so go.work, pkg/, gateway/, ui/ and
-# Docker context:
+# deploy/landing/ are all in the Docker context:
 #   docker build -f gateway/Dockerfile \
 #     --build-arg VITE_GATEWAY_URL=https://example \
 #     -t scrabble-gateway .
 #   docker build -f gateway/Dockerfile --target landing -t scrabble-landing .
 # --- UI build ----------------------------------------------------------------
 FROM node:22-alpine AS ui
@@ -38,6 +41,14 @@ RUN pnpm install --frozen-lockfile
 COPY ui ./
 RUN pnpm build
 # --- landing -------------------------------------------------------------------
 # The public landing page as its own static container (R3): the same Vite build
 # served by caddy at /, so stray public traffic is absorbed by static file
 # serving and never reaches the Go edge.
 FROM caddy:2-alpine AS landing
 COPY deploy/landing/Caddyfile /etc/caddy/Caddyfile
 COPY --from=ui /ui/dist /srv
 # --- Go build ----------------------------------------------------------------
 FROM golang:1.26.3-alpine AS build
 WORKDIR /src
@@ -46,9 +57,11 @@ COPY pkg ./pkg
 COPY gateway ./gateway
 # Replace the committed placeholder with the freshly built UI before compiling, so
-# go:embed bakes the real bundle into the binary.
+# go:embed bakes the real bundle into the binary. The landing shell ships in the
 # landing image, not in the gateway (R3).
 RUN rm -rf gateway/internal/webui/dist
 COPY --from=ui /ui/dist gateway/internal/webui/dist
 RUN rm gateway/internal/webui/dist/landing.html
 # Reduce the workspace to what the gateway needs: gateway + pkg (loadtest is not in
 # this context; its scrabble/gateway replace targets ./gateway, which is present here).
@@ -56,6 +69,6 @@ RUN go work edit -dropuse=./backend -dropuse=./platform/telegram -dropuse=./load
 RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -o /out/gateway ./gateway/cmd/gateway
 # --- runtime -----------------------------------------------------------------
-FROM gcr.io/distroless/static-debian12:nonroot
+FROM gcr.io/distroless/static-debian12:nonroot AS gateway
 COPY --from=build /out/gateway /usr/local/bin/gateway
 ENTRYPOINT ["/usr/local/bin/gateway"]
@@ -158,14 +158,16 @@ func (s *Server) HTTPHandler() http.Handler {
 		// does not serve the app shell at the operator path.
 		mux.Handle("/_gm/", http.NotFoundHandler())
 	}
-	// The embedded UI: the game SPA under /app/ (web) and /telegram/ (the Telegram Mini
+	// The embedded UI: the game SPA under /app/ (web) and /telegram/ (the Telegram
-	// App), with a separate landing page at the catch-all "/" — the single-origin model
+	// Mini App) — the single-origin model (docs/ARCHITECTURE.md §13). Both sit below
-	// (docs/ARCHITECTURE.md §13). All sit below the h2c wrap so the Connect edge (a more
+	// the h2c wrap so the Connect edge (a more specific prefix) keeps priority, and
-	// specific prefix) keeps priority. Each SPA mount falls back to the app shell
+	// each mount falls back to the app shell (index.html) for the hash router. The
-	// (index.html) for the hash router; "/" falls back to the landing (landing.html).
+	// public landing moved to its own static container behind the contour caddy
 	// (R3), so the catch-all redirects a stray root hit to the app shell — which
 	// keeps a local no-caddy run usable.
 	mux.Handle("/telegram/", webui.Handler("/telegram/", "index.html"))
 	mux.Handle("/app/", webui.Handler("/app/", "index.html"))
-	mux.Handle("/", webui.Handler("", "landing.html"))
+	mux.Handle("/", http.RedirectHandler("/app/", http.StatusPermanentRedirect))
 	// Every request body on the public listener is capped (the admin proxy POSTs
 	// included); the h2c server carries explicit stream/idle sizing (R3).
 	return h2c.NewHandler(maxBodyHandler(s.maxBodyBytes, mux), &http2.Server{
@@ -197,6 +197,26 @@ func TestExecuteOversizedPayloadRejected(t *testing.T) {
 	}
 }
 // TestRootRedirectsToApp verifies the gateway no longer serves a landing at "/"
 // (it lives in the landing container since R3): a stray root hit is redirected
 // to the app shell.
 func TestRootRedirectsToApp(t *testing.T) {
 	front := httptest.NewServer(connectsrv.NewServer(connectsrv.Deps{}).HTTPHandler())
 	defer front.Close()
 	client := &http.Client{CheckRedirect: func(*http.Request, []*http.Request) error {
 		return http.ErrUseLastResponse
 	}}
 	resp, err := client.Get(front.URL + "/")
 	if err != nil {
 		t.Fatalf("get /: %v", err)
 	}
 	defer func() { _ = resp.Body.Close() }()
 	if resp.StatusCode != http.StatusPermanentRedirect || resp.Header.Get("Location") != "/app/" {
 		t.Fatalf("GET / = %d -> %q, want 308 -> /app/", resp.StatusCode, resp.Header.Get("Location"))
 	}
 }
 func TestExecuteUnknownMessageType(t *testing.T) {
 	client, cleanup := newEdge(t, func(w http.ResponseWriter, r *http.Request) {})
 	defer cleanup()
@@ -1,16 +0,0 @@
 <!doctype html>
 <html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <title>Scrabble</title>
  </head>
  <body>
    <!-- scrabble-landing -->
    <p>
      Landing build placeholder. The production gateway image embeds the real Vite
      build (see gateway/Dockerfile); seeing this page means the binary was built
      without a UI build.
    </p>
  </body>
 </html>
@@ -1,12 +1,13 @@
 // Package webui serves the embedded static UI build over the public edge.
 //
-// The committed dist/ holds only placeholder index.html / landing.html so the gateway
+// The committed dist/ holds only a placeholder index.html so the gateway module
-// module compiles with a plain `go build` (and in CI) without a UI build. The production
+// compiles with a plain `go build` (and in CI) without a UI build. The production
-// gateway image replaces dist/ with the real Vite build before compiling (see
+// gateway image replaces dist/ with the real Vite build — minus landing.html, which
-// gateway/Dockerfile), so the binary ships the UI inside it. Because Vite is built with a
+// ships in the separate landing container since R3 — before compiling (see
-// relative asset base, one build serves under any path: the game SPA is mounted at /app/
+// gateway/Dockerfile), so the binary ships the UI inside it. Because Vite is built
-// (web) and /telegram/ (the Telegram Mini App), with a separate landing page at / — the
+// with a relative asset base, one build serves under any path: the game SPA is
-// single-origin model in docs/ARCHITECTURE.md §13.
+// mounted at /app/ (web) and /telegram/ (the Telegram Mini App) — the single-origin
 // model in docs/ARCHITECTURE.md §13.
 //
 // Caching (Stage 17): Vite emits hash-named files under assets/, so those are immutable and
 // cached hard (a reload/relaunch is a cache hit, not a re-download); the HTML shells carry
@@ -35,10 +36,10 @@ func distFS() fs.FS {
 }
 // Handler serves the embedded UI. An existing file is served directly (hash-named assets get
-// an immutable cache); every other path falls back to indexName (the SPA shell or the landing
+// an immutable cache); every other path falls back to indexName (the SPA shell) so a
-// page) so a client-side deep link still loads. When stripPrefix is non-empty it is removed
+// client-side deep link still loads. When stripPrefix is non-empty it is removed from the
-// from the request path before lookup, so the same build serves under a sub-path (e.g.
+// request path before lookup, so the same build serves under a sub-path (e.g. "/app/" or
-// "/app/" or "/telegram/").
+// "/telegram/").
 func Handler(stripPrefix, indexName string) http.Handler {
 	content := distFS()
 	files := http.FileServer(http.FS(content))
@@ -22,20 +22,12 @@ func body(t *testing.T, resp *http.Response) string {
 	return string(b)
 }
-// TestLandingMountServesLandingAndFallsBack: "/" serves the landing shell (no-cache) and
+// TestShellNoCache: the served HTML shell carries no-cache so a new deploy's
-// any unknown path falls back to it.
+// shell (and the asset URLs it references) is fetched fresh.
-func TestLandingMountServesLandingAndFallsBack(t *testing.T) {
+func TestShellNoCache(t *testing.T) {
-	h := Handler("", "landing.html")
+	h := Handler("/app/", "index.html")
-
+	if cc := get(t, h, "/app/").Header.Get("Cache-Control"); cc != "no-cache" {
-	resp := get(t, h, "/")
+		t.Errorf("shell Cache-Control = %q, want no-cache", cc)
 	if resp.StatusCode != http.StatusOK || !strings.Contains(body(t, resp), "scrabble-landing") {
 		t.Fatalf("GET / did not serve the landing shell (status %d)", resp.StatusCode)
 	}
 	if cc := get(t, h, "/").Header.Get("Cache-Control"); cc != "no-cache" {
 		t.Errorf("landing Cache-Control = %q, want no-cache", cc)
 	}
 	if resp := get(t, h, "/whatever"); resp.StatusCode != http.StatusOK {
 		t.Fatalf("GET /whatever status = %d, want 200 (fallback)", resp.StatusCode)
 	}
 }