fix: Caddy host network mode for real client IPs

- Caddy now uses network_mode: host (sees real IPv4/IPv6) - All backend services on fixed IPs (172.28.0.10/20/30) - Caddyfile uses IPs instead of Docker DNS names - /myip now returns actual client IP, not Docker gateway Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 11:19:23 +04:00
parent cac812665c
commit 47030a3b29
2 changed files with 10 additions and 27 deletions
--- a/warzone/deploy/docker/Caddyfile
+++ b/warzone/deploy/docker/Caddyfile
@@ -1,26 +1,17 @@
 {
-	# Global ACME settings
 	email admin@manko.yoga
-	servers {
-		trusted_proxies static private_ranges
-	}
 }

 voip.manko.yoga {
-	# TLS via Cloudflare DNS-01 challenge
 	tls {
 		dns cloudflare {$CF_API_TOKEN}
 	}

 	# Audio bridge WebSocket (wzp-web)
-	# /audio/ws/* → wzp-web:8080/ws/*
 	handle_path /audio/* {
-		reverse_proxy wzp-web:8080
+		reverse_proxy 172.28.0.30:8080
 	}

 	# Everything else → featherChat server
-	# Web UI (/), API (/v1/*), WebSocket (/v1/ws/*)
-	reverse_proxy warzone-server:7700 {
-		header_up X-Real-IP {remote_host}
-	}
+	reverse_proxy 172.28.0.20:7700
 }