ldraney/pal-e-platform

Fork

You've already forked pal-e-platform

Code Issues 104 Pull requests 7 Projects Releases Packages Wiki Activity Actions

Configure Caddy reverse proxy for landscaping-assistant.app on edge-proxy #434

New issue

Closed

opened 2026-06-14 17:27:59 +00:00 by ldraney · 2 comments

ldraney commented

2026-06-14 17:27:59 +00:00

Owner

Copy link

Type

Feature

Lineage

Depends on ldraney/pal-e-platform #425 (must land first to establish salt/states/caddy/ structure).
Related to ldraney/pal-e-platform #424 (Hetzner edge node provisioning).

Repo

ldraney/pal-e-platform

User Story

As a platform operator
I want Caddy on the Hetzner edge node to reverse-proxy landscaping-assistant.app traffic to the correct k3s service
So that landscaping-assistant.app is publicly accessible with auto-TLS, without breaking existing palinks.app routing

Context

The Hetzner edge node (178.156.129.142) is provisioned (#424) and already serves palinks.app via Caddy reverse proxy configured through Salt (#425). Both domains resolve to the same IP but route to different k3s services over the Tailscale mesh. This ticket extends the existing Caddy config to add landscaping-assistant.app, mirroring the palinks.app pattern established in #425.

File Targets

Files the agent should modify:

salt/states/caddy/Caddyfile.j2 -- add landscaping-assistant.app server block and www redirect block (mirrors palinks.app pattern from #425)

Files the agent should NOT touch:

salt/states/caddy/init.sls -- Salt state structure already established by #425; no changes needed
palinks.app block in Caddyfile.j2 -- must not alter existing routing

Feature Flag

none

Acceptance Criteria

curl -I https://landscaping-assistant.app returns 200 after deploy
curl -I https://www.landscaping-assistant.app returns 301 permanent redirect to https://landscaping-assistant.app
TLS auto-provisioned via Let's Encrypt
Caddy config includes landscaping-assistant.app server block proxying to landscaping-assistant.tail5b443a.ts.net:443
Traffic proxied to correct k3s service via Tailscale mesh address
palinks.app routing remains unaffected
Salt state applied successfully

Test Expectations

Manual: curl -I https://landscaping-assistant.app returns 200
Manual: curl -I https://www.landscaping-assistant.app returns 301 redirect
Manual: curl -I https://palinks.app still returns 200 (no regression)
Run command: salt-call state.apply caddy on edge node

Constraints

Caddy config is managed by Salt (Caddyfile.j2) -- all changes go through the template, not direct file edits on the node
Must mirror the palinks.app server block pattern from #425 (reverse_proxy directive, TLS config)
Proxy target is landscaping-assistant.tail5b443a.ts.net:443 via Tailscale mesh
Must not break existing palinks.app routing
#425 must land first to establish the salt/states/caddy/ directory structure and Salt state

Checklist

PR opened
Tests pass
No unrelated changes

pal-e-platform -- project this affects

### Type Feature ### Lineage Depends on `ldraney/pal-e-platform #425` (must land first to establish `salt/states/caddy/` structure). Related to `ldraney/pal-e-platform #424` (Hetzner edge node provisioning). ### Repo `ldraney/pal-e-platform` ### User Story As a platform operator I want Caddy on the Hetzner edge node to reverse-proxy landscaping-assistant.app traffic to the correct k3s service So that landscaping-assistant.app is publicly accessible with auto-TLS, without breaking existing palinks.app routing ### Context The Hetzner edge node (178.156.129.142) is provisioned (#424) and already serves palinks.app via Caddy reverse proxy configured through Salt (#425). Both domains resolve to the same IP but route to different k3s services over the Tailscale mesh. This ticket extends the existing Caddy config to add landscaping-assistant.app, mirroring the palinks.app pattern established in #425. ### File Targets Files the agent should modify: - `salt/states/caddy/Caddyfile.j2` -- add landscaping-assistant.app server block and www redirect block (mirrors palinks.app pattern from #425) Files the agent should NOT touch: - `salt/states/caddy/init.sls` -- Salt state structure already established by #425; no changes needed - palinks.app block in `Caddyfile.j2` -- must not alter existing routing ### Feature Flag none ### Acceptance Criteria - [ ] `curl -I https://landscaping-assistant.app` returns 200 after deploy - [ ] `curl -I https://www.landscaping-assistant.app` returns 301 permanent redirect to `https://landscaping-assistant.app` - [ ] TLS auto-provisioned via Let's Encrypt - [ ] Caddy config includes `landscaping-assistant.app` server block proxying to `landscaping-assistant.tail5b443a.ts.net:443` - [ ] Traffic proxied to correct k3s service via Tailscale mesh address - [ ] palinks.app routing remains unaffected - [ ] Salt state applied successfully ### Test Expectations - [ ] Manual: `curl -I https://landscaping-assistant.app` returns 200 - [ ] Manual: `curl -I https://www.landscaping-assistant.app` returns 301 redirect - [ ] Manual: `curl -I https://palinks.app` still returns 200 (no regression) - Run command: `salt-call state.apply caddy` on edge node ### Constraints - Caddy config is managed by Salt (`Caddyfile.j2`) -- all changes go through the template, not direct file edits on the node - Must mirror the palinks.app server block pattern from #425 (reverse_proxy directive, TLS config) - Proxy target is `landscaping-assistant.tail5b443a.ts.net:443` via Tailscale mesh - Must not break existing palinks.app routing - #425 must land first to establish the `salt/states/caddy/` directory structure and Salt state ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `pal-e-platform` -- project this affects

ldraney commented

2026-06-14 20:22:25 +00:00

Author

Owner

Copy link

Scope Review: NEEDS_REFINEMENT

Review note: review-1463-2026-06-14

File targets are too vague for agent consumption -- need concrete paths (e.g., salt/states/caddy/init.sls).

[BODY] Specify concrete file paths instead of "Salt states for edge-proxy Caddy config"
[BODY] Specify Tailscale mesh proxy target address in AC #2
[BODY] Add AC for www.landscaping-assistant.app redirect (mirrors #425 pattern)
[BODY] Note ordering dependency on #425 (establishes salt/states/caddy/ structure)
[SCOPE] Create custom-domain user story entry on project-landscaping-assistant
[SCOPE] Create architecture note arch-pal-e-platform

## Scope Review: NEEDS_REFINEMENT Review note: `review-1463-2026-06-14` File targets are too vague for agent consumption -- need concrete paths (e.g., `salt/states/caddy/init.sls`). - [BODY] Specify concrete file paths instead of "Salt states for edge-proxy Caddy config" - [BODY] Specify Tailscale mesh proxy target address in AC #2 - [BODY] Add AC for www.landscaping-assistant.app redirect (mirrors #425 pattern) - [BODY] Note ordering dependency on #425 (establishes salt/states/caddy/ structure) - [SCOPE] Create `custom-domain` user story entry on `project-landscaping-assistant` - [SCOPE] Create architecture note `arch-pal-e-platform`

ldraney commented

2026-06-14 20:29:26 +00:00

Author

Owner

Copy link

Scope Review: APPROVED (re-review)

Review note: review-1463-2026-06-14-v2

All 4 [BODY] recommendations from previous review (review-1463-2026-06-14) are resolved:

Concrete file targets now specified (salt/states/caddy/Caddyfile.j2)
Proxy target address explicit (landscaping-assistant.tail5b443a.ts.net:443)
www redirect AC added
#425 ordering dependency documented in Lineage

Known [SCOPE] gaps (missing custom-domain story note, missing arch-pal-e-platform note) are being addressed separately and do not block.

## Scope Review: APPROVED (re-review) Review note: `review-1463-2026-06-14-v2` All 4 [BODY] recommendations from previous review (`review-1463-2026-06-14`) are resolved: - Concrete file targets now specified (`salt/states/caddy/Caddyfile.j2`) - Proxy target address explicit (`landscaping-assistant.tail5b443a.ts.net:443`) - www redirect AC added - #425 ordering dependency documented in Lineage Known [SCOPE] gaps (missing `custom-domain` story note, missing `arch-pal-e-platform` note) are being addressed separately and do not block.

ldraney referenced this issue

2026-06-14 21:57:35 +00:00

feat: add godaddy-tofu provider and DNS A records #436

ldraney referenced this issue

2026-06-14 22:05:53 +00:00

feat: add godaddy-tofu provider and DNS A records #436

ldraney referenced this issue

2026-06-15 23:38:18 +00:00

feat: add Caddy reverse proxy Salt state for palinks.app (#425) #439

ldraney referenced this issue

2026-06-15 23:51:19 +00:00

Improve Caddy Salt state: pillarize hostnames, graceful reload, Jinja parameterization #440

ldraney referenced this issue

2026-06-15 23:53:18 +00:00

chore: improve Caddy Salt state with pillarization and graceful reload (#440) #441

ldraney referenced this issue

2026-06-15 23:55:13 +00:00

chore: improve Caddy Salt state with pillarization and graceful reload (#440) #441

ldraney referenced this issue

2026-06-15 23:55:44 +00:00

feat: add Caddy reverse proxy Salt state for palinks.app (#425) #439

ldraney referenced this issue from a commit

2026-06-16 00:44:14 +00:00

feat: add Caddy reverse proxy for landscaping-assistant.app (#434)

ldraney referenced this issue from a pull request that will close it,

2026-06-16 00:44:27 +00:00

feat: add Caddy reverse proxy for landscaping-assistant.app (#434) #442

ldraney referenced this issue

2026-06-16 00:47:53 +00:00

feat: add Caddy reverse proxy for landscaping-assistant.app (#434) #442

ldraney added the

status:needs-fix

label

2026-06-16 00:47:54 +00:00

ldraney referenced this issue from a commit

2026-06-16 00:50:23 +00:00

feat: add Caddy reverse proxy for landscaping-assistant.app (#434)

ldraney referenced this issue

2026-06-16 00:52:20 +00:00

feat: add Caddy reverse proxy for landscaping-assistant.app (#434) #442

ldraney

2026-06-16 00:52:20 +00:00

closed this issue
added
status:approved
and removed
status:needs-fix
labels

ldraney referenced this issue from a commit

2026-06-16 01:05:47 +00:00

feat: add Caddy reverse proxy for landscaping-assistant.app (#434) (#442)

ldraney referenced this issue

2026-06-16 01:37:27 +00:00

Fix Caddy pillar: wrong Tailscale hostname for landscaping-assistant #444

ldraney referenced this issue

2026-06-16 01:41:32 +00:00

fix: correct Tailscale hostname in Caddy pillar for landscaping-assistant (#444) #445

No Branch/Tag specified

main

fix-dashboard-metric-names

netpol-westside-ror

spec-board-centric-renderer

457-add-dns-and-caddy-config-for-myvibes-wor

411-remove-deprecated-pal-e-app-references-f

412-remove-deprecated-westside-admin-referen

fix-gem-bin-path

fix-woodpecker-multi-pipeline

345-harbor-mobile-css

290-payment-pipeline-observability

284-fix-add-pal-e-docs-namespace-to-postgres

284-add-pal-e-docs-postgres-netpol

188-cross-repo-worktree-isolation-for-parall

111-fix-keycloak-probe

86-fix-rotate-woodpecker-api-token-in-salt

71-feat-deploy-pyrra-slo-manager-with-servi

64-hotfix-woodpecker-oauth-login-broken-for

18-fix-grafana-duplicate-default-datasource-v2

18-fix-grafana-duplicate-default-datasource

13-fix-cnpg-all-parameters

No results found.

Labels

Clear labels

QA passed, awaiting merge approval

status:in-progress

Dev agent is actively working

status:needs-fix

QA found issues, back to dev

status:qa

PR submitted, awaiting QA review

type:bug

Bug fix

type:devops

Infrastructure/CI/config work

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ldraney/pal-e-platform#434

Reference in a new issue

Repository

ldraney/pal-e-platform

Title

Body

No description provided.

Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?

Rows
Columns