llm-multiverse/llm-multiverse
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Configure Caddy v2 edge proxy #92

New Issue
Closed
opened 2026-03-08 10:53:16 +01:00 by shahondin1624 · 1 comment
shahondin1624 commented 2026-03-08 10:53:16 +01:00
Owner
Copy Link

Description

Configure Caddy v2 as the edge proxy: TLS termination, routing external requests to the Orchestrator, and blocking direct access to internal services.

Acceptance Criteria

  • Caddyfile with reverse proxy to Orchestrator
  • Automatic TLS via Let's Encrypt (or self-signed for local dev)
  • Internal services not exposed externally
  • gRPC-Web support for browser clients (optional)
  • Rate limiting on external endpoints
  • Health check endpoint exposed

Blocked by

## Description Configure Caddy v2 as the edge proxy: TLS termination, routing external requests to the Orchestrator, and blocking direct access to internal services. ## Acceptance Criteria - [ ] Caddyfile with reverse proxy to Orchestrator - [ ] Automatic TLS via Let's Encrypt (or self-signed for local dev) - [ ] Internal services not exposed externally - [ ] gRPC-Web support for browser clients (optional) - [ ] Rate limiting on external endpoints - [ ] Health check endpoint exposed ## Blocked by - #91
shahondin1624 added this to the Phase 11: Docker Compose (Single Machine) milestone 2026-03-08 10:53:16 +01:00
shahondin1624 commented 2026-03-11 10:43:20 +01:00
Author
Owner
Copy Link

Implementation Complete

Added Caddy v2 edge proxy:

  • docker/caddy/Caddyfile — reverse proxy to orchestrator via h2c, self-signed TLS for dev, /healthz endpoint
  • Updated docker/docker-compose.yml — Caddy service on ports 80/443, removed direct orchestrator port exposure

Deviations:

  • Rate limiting deferred (requires caddy-ratelimit plugin not in standard image)
  • gRPC-Web support deferred (optional per acceptance criteria)

Auto-merged via PR #197.

## Implementation Complete Added Caddy v2 edge proxy: - `docker/caddy/Caddyfile` — reverse proxy to orchestrator via h2c, self-signed TLS for dev, /healthz endpoint - Updated `docker/docker-compose.yml` — Caddy service on ports 80/443, removed direct orchestrator port exposure **Deviations:** - Rate limiting deferred (requires caddy-ratelimit plugin not in standard image) - gRPC-Web support deferred (optional per acceptance criteria) Auto-merged via PR #197.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
cat:agent
Agent related
 cat:cross-cutting
Cross-cutting concern
 cat:deployment
Deployment related
 cat:devops
DevOps related
 cat:performance
Performance related
 cat:security
Security related
 cat:tech-debt
Technical debt from code reviews
 lang:protobuf
Protocol Buffers
 lang:python
Python language
 lang:rust
Rust language
 priority:critical
Critical priority
 priority:high
High priority
 priority:low
Low priority
 priority:medium
Medium priority
 service:audit
Audit service
 service:memory
Memory service
 service:model-gateway
Model Gateway service
 service:orchestrator
Orchestrator service
 service:search
Search service
 service:secrets
Secrets service
 service:tool-broker
Tool Broker service
 type:bug
Bug fix
 type:documentation
Docs
 type:feature
New functionality
 type:infrastructure
Build tooling, project setup
 type:refactor
Restructuring
 type:research
Investigation, benchmarking
 type:testing
Tests
 workflow:blocked
Blocked after max retries
 workflow:manual
Requires manual intervention — blocked from auto-dev
No Label
Milestone
No items
No Milestone Phase 11: Docker Compose (Single Machine)
Projects
Clear projects
No project
Assignees
Clear assignees
shahondin1624
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: llm-multiverse/llm-multiverse#92
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?