From fad7ad0d4947dd3a1e7fecc405c7cf472075e9ba Mon Sep 17 00:00:00 2001 From: m17hr1l Date: Mon, 25 May 2026 16:45:47 +0200 Subject: [PATCH] stage-28: make the proxy docker network name configurable per environment On AnD0R the reverse-proxy lives on the 'backend' docker network; on cloud.neuronetz.ai it's 'neuronetz_default'. With a hardcoded name the cockpit ended up on a network the prod proxy couldn't see and routing silently dropped. Network is now overridable via PSYC_PROXY_NETWORK in .env (default 'backend' keeps dev working). On prod, set PSYC_PROXY_NETWORK=neuronetz_default in .env before the next compose up. Co-Authored-By: Claude Opus 4.7 --- .env.example | 7 +++++++ docker-compose.yml | 6 +++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 5edf74c..afe0f1d 100644 --- a/.env.example +++ b/.env.example @@ -20,6 +20,13 @@ NVD_API_KEY= # without a reachable acme-companion + public DNS + :443). # LETSENCRYPT_EMAIL=admin@neuronetz.ai +# --- Production-only: the docker network the reverse-proxy is on --- +# Cockpit must share this network with nginx-proxy + acme-companion so the +# proxy can route to it. Default 'backend' matches AnD0R dev; on cloud +# production this is typically 'neuronetz_default' (whatever the proxy stack +# declares — check with `docker network ls`). +# PSYC_PROXY_NETWORK=neuronetz_default + # --- Internal service URLs — overridden in docker compose; defaults for venv CLI --- # PSYC_MOCK_CERT_URL=http://127.0.0.1:8770 # PSYC_INFERENCE_URL=http://127.0.0.1:8771 diff --git a/docker-compose.yml b/docker-compose.yml index 9ca670b..b5a7d61 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -99,6 +99,10 @@ services: capabilities: [gpu] networks: + # The reverse-proxy + acme-companion need to share a docker network with the + # cockpit so they can see each other. The actual network name differs by + # environment (e.g. 'backend' in dev, 'neuronetz_default' in production), so + # it's overridable via PSYC_PROXY_NETWORK in .env. Default keeps dev working. backend: - name: backend + name: ${PSYC_PROXY_NETWORK:-backend} external: true