From c0db29014b063aff78262ccd4765d855b0b4fb62 Mon Sep 17 00:00:00 2001
From: Saravana Kumar <saravanakumardb1@gmail.com>
Date: Sat, 30 May 2026 16:37:09 +0000
Subject: [PATCH] fix(infra): bind caddy to public eth0 IP only

Caddy was binding 0.0.0.0:443, which prevented tailscaled from claiming
100.87.53.10:443 for `tailscale serve --https=443`. Restricting Caddy to
the public eth0 IP (187.124.159.82) keeps the public api.bytelyst.com /
devops.bytelyst.com routing intact while freeing the Tailscale IP so the
tailnet-only dashboard URL (https://srv1491630.tailf85608.ts.net) is
reachable again.

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
---
 docker-compose.ecosystem.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docker-compose.ecosystem.yml b/docker-compose.ecosystem.yml
index d130c1f1..813ad9ad 100644
--- a/docker-compose.ecosystem.yml
+++ b/docker-compose.ecosystem.yml
@@ -270,8 +270,10 @@ services:
     image: caddy:2-alpine
     container_name: caddy
     ports:
-      - '80:80'
-      - '443:443'
+      # Bind to public eth0 IP only (not 0.0.0.0) so tailscaled can claim
+      # 100.87.53.10:443 for `tailscale serve` on the tailnet.
+      - '187.124.159.82:80:80'
+      - '187.124.159.82:443:443'
     volumes:
       - ../Caddyfile:/etc/caddy/Caddyfile:ro
       - caddy-data:/data