Skip to content

hotfix: Fix caddy docker volume #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 11, 2025
Merged

hotfix: Fix caddy docker volume #103

merged 2 commits into from
Sep 11, 2025

Conversation

@gocanto
Copy link
Collaborator

@gocanto gocanto commented Sep 11, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features
    • Added commands to generate and delete mTLS certificates.
  • Refactor
    • Centralized CORS preflight handling for API requests to improve consistency without changing behavior.
  • Chores
    • Configuration validation now runs in a container for reproducible results.
    • The application now mounts the full mTLS directory in the container to simplify certificate management.
  • Documentation
    • Added a help entry describing the command to remove mTLS certificates.

@coderabbitai
Copy link

coderabbitai bot commented Sep 11, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Centralizes CORS preflight matching in Caddyfile, updates docker-compose to mount the whole mTLS directory, revises Make targets to generate/delete mTLS certs and validate config via Docker, removes a PHONY entry, and adds a help entry for deleting certs.

Changes

Cohort / File(s) Summary of changes
Caddy TLS Make targets
metal/makefile/caddy.mk		 Replaced caddy-gen-cert with caddy-gen-certs (creates mtls dir, permissions, generates CA key/cert/srl, fingerprint output). Added caddy-del-certs. Changed caddy-validate to run in Docker (caddy:2.10.0) with prod Caddyfile and mTLS mounted read-only. Updated .PHONY.
App Make PHONY
metal/makefile/app.mk		 Removed validate-caddy from .PHONY.
Caddy CORS/preflight
caddy/Caddyfile.prod		 Introduced a global @preflight matcher for OPTIONS with Origin. Removed per-route preflight matcher inside /api/*. Kept preflight handling in /api/* to reflect Origin and return 204 with CORS headers.
Docker mTLS mount
docker-compose.yml		 Changed caddy_prod volume from single file ./caddy/mtls/ca.pem:/etc/caddy/mtls/ca.pem:ro to directory mount ./caddy/mtls:/etc/caddy/mtls:ro.
Root Make help
Makefile		 Added help entry for caddy-del-cert description.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant Make as Make (metal/makefile/caddy.mk)
  participant Dkr as Docker
  participant Cad as caddy:2.10.0
  participant FS as Mounted FS (/etc/caddy, /etc/caddy/mtls)

  Dev->>Make: make caddy-validate
  Make->>Dkr: docker run -v Caddyfile.prod (ro) -v mtls dir (ro)
  Dkr->>Cad: caddy validate --config /etc/caddy/Caddyfile
  Cad-->>FS: Read config and mTLS materials
  Cad-->>Dkr: Validation result (ok/error)
  Dkr-->>Make: Exit code
  Make-->>Dev: Print validation status
Loading 
sequenceDiagram
  autonumber
  participant Cl as Client
  participant Cdy as Caddy
  participant API as /api/* handler

  Cl->>Cdy: OPTIONS /api/... with Origin
  Note over Cdy: Global @preflight matcher applies
  Cdy->>API: Route to /api/* preflight handler
  API-->>Cl: 204 with CORS headers (reflect Origin)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

A rabbit taps “make” with a gentle thrum,
New certs appear, old certs succumb.
Caddy hums in a Docker shell,
Preflights sorted—“all is well.”
Mount the mtls burrow wide,
Hop, validate, and glide. 🐇🔐

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cc1ad6c and b5ba051.

📒 Files selected for processing (5)
  • Makefile (1 hunks)
  • caddy/Caddyfile.prod (1 hunks)
  • docker-compose.yml (1 hunks)
  • metal/makefile/app.mk (1 hunks)
  • metal/makefile/caddy.mk (1 hunks)
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch hotfix/secure-generate-signature-endpoint

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gocanto gocanto changed the title Hotfix/secure generate signature endpoint hotfix: Fix caddy docker volume Sep 11, 2025
@gocanto gocanto marked this pull request as ready for review September 11, 2025 06:12
@gocanto gocanto merged commit 6e241a5 into main Sep 11, 2025
3 checks passed
@gocanto gocanto deleted the hotfix/secure-generate-signature-endpoint branch September 11, 2025 06:13
@coderabbitai coderabbitai bot mentioned this pull request Sep 12, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Nov 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gocanto