bluesky-pds

recipe-maintainers/bluesky-pds

Fork 0

Commit Graph

Author	SHA1	Message	Date
autonomic-bot	fdbd1e2fee	fix(routing): unique pds alias so caddy resolves THIS stack's PDS on shared proxy The caddy sidecar uses on-demand TLS and asks http://app:3000/tls-check before issuing a cert. On a shared host every co-located stack aliases its main service 'app' on the 'proxy' overlay; caddy (on both proxy+internal) resolves bare 'app' to a FOREIGN stack's endpoint, so the tls-check connection is refused, no cert is issued, and the PDS is unreachable over HTTPS (xrpc/_health=000). Give the PDS a unique 'pds' alias on the internal network and point caddy's reverse_proxy + on_demand_tls ask at it; 'pds' exists only on internal, so it always resolves to this stack's PDS. Service name stays 'app' (no downstream breakage).	2026-06-18 01:27:38 +00:00
notplants	e1cedf7e88	working on caddy sidecar	2026-02-21 23:48:21 -05:00

Author

SHA1

Message

Date

autonomic-bot

fdbd1e2fee

fix(routing): unique pds alias so caddy resolves THIS stack's PDS on shared proxy

The caddy sidecar uses on-demand TLS and asks http://app:3000/tls-check before issuing a cert.
On a shared host every co-located stack aliases its main service 'app' on the 'proxy' overlay;
caddy (on both proxy+internal) resolves bare 'app' to a FOREIGN stack's endpoint, so the tls-check
connection is refused, no cert is issued, and the PDS is unreachable over HTTPS (xrpc/_health=000).
Give the PDS a unique 'pds' alias on the internal network and point caddy's reverse_proxy +
on_demand_tls ask at it; 'pds' exists only on internal, so it always resolves to this stack's PDS.
Service name stays 'app' (no downstream breakage).

2026-06-18 01:27:38 +00:00

notplants

e1cedf7e88

working on caddy sidecar

2026-02-21 23:48:21 -05:00

2 Commits