chore: audit and fix service configurations and allowedOrigins

2026-05-06 13:23:51 -04:00
parent f52b4ae2b4
commit ccb9d44c04
13 changed files with 522 additions and 0 deletions
@@ -0,0 +1,20 @@
+# Override file added by us (homelab-configs).
+# Coolify auto-generates /data/coolify/proxy/dynamic/coolify.yaml with a
+# redirect-to-https middleware on the HTTP router. That redirect causes a
+# loop with our upstream alpine-caddy (LXC 101) which already terminates TLS.
+# This higher-priority router wins for the UI but explicitly excludes the
+# WebSocket paths so they keep using Coolify's own routers (coolify-realtime-ws
+# for /app, coolify-terminal-ws for /terminal/ws).
+http:
+  routers:
+    coolify-http-noredirect:
+      entryPoints:
+        - http
+      service: coolify-noredirect-svc
+      rule: 'Host(`coolify.klhoud.com`) && !PathPrefix(`/app`) && !PathPrefix(`/terminal/ws`)'
+      priority: 1000
+  services:
+    coolify-noredirect-svc:
+      loadBalancer:
+        servers:
+          - url: 'http://coolify:8080'