From d9773b460d1c6475542afb41c2e3fc8d2589347c Mon Sep 17 00:00:00 2001 From: root Date: Tue, 31 Mar 2026 09:42:26 +0000 Subject: [PATCH] docs(gateway): record live bytelyst HTTPS cutover --- .../docker/Caddyfile.bytelyst.example | 20 ++++++++++++ .../vercel/GODADDY_DNS_SETUP_BYTELYST.md | 32 ++++++++++++------- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/docs/devops/single_azure_vm/docker/Caddyfile.bytelyst.example b/docs/devops/single_azure_vm/docker/Caddyfile.bytelyst.example index 09f191d9..5bb86cfb 100644 --- a/docs/devops/single_azure_vm/docker/Caddyfile.bytelyst.example +++ b/docs/devops/single_azure_vm/docker/Caddyfile.bytelyst.example @@ -85,3 +85,23 @@ api.bytelyst.com { respond 404 } + +gitea.bytelyst.com { + encode gzip + reverse_proxy gitea-npm-registry:3000 +} + +admin.bytelyst.com { + encode gzip + reverse_proxy admin-web:3001 +} + +tracker.bytelyst.com { + encode gzip + reverse_proxy tracker-web:3003 +} + +llmlab.bytelyst.com { + encode gzip + reverse_proxy llmlab-dashboard:3075 +} diff --git a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md index e7825dd4..79c489cf 100644 --- a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md +++ b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md @@ -65,19 +65,24 @@ pnpm dns:godaddy:bytelyst -- --ip --validate ## Current Status -Status as of `2026-03-31 09:23:20 UTC`: +Status as of `2026-03-31 09:41:09 UTC`: - GoDaddy `A` records were updated for `api`, `gitea`, `admin`, `tracker`, and `llmlab` -- `api`, `gitea`, `admin`, and `tracker` resolve publicly to `187.124.159.82` -- `llmlab` is present in the GoDaddy API and on the authoritative nameservers with `187.124.159.82` -- public resolver visibility for `llmlab` may lag briefly behind the authoritative update -- public HTTP on port `80` responded, but returned `404 Not Found` -- public HTTPS on port `443` timed out for all four hostnames +- all five hostnames resolve publicly to `187.124.159.82` +- the VM now serves `80` and `443` through the `caddy` container +- Let's Encrypt certificates were issued successfully for all five hostnames +- live HTTPS verification from inside the VM-level Caddy path returned: + - `api.bytelyst.com` -> `HTTP/1.1 200 OK` + - `gitea.bytelyst.com` -> `HTTP/1.1 200 OK` + - `admin.bytelyst.com` -> `HTTP/1.1 200 OK` + - `tracker.bytelyst.com` -> `HTTP/1.1 200 OK` + - `llmlab.bytelyst.com` -> `HTTP/1.1 200 OK` Interpretation: - DNS cutover is complete -- the remaining work is on the VM-side gateway and/or Azure network path, not in GoDaddy DNS +- the VM-side HTTPS gateway issue is fixed +- remaining work, if any, is app-specific hardening rather than DNS or TLS bring-up ## Preconditions @@ -310,15 +315,20 @@ docker logs caddy --tail 100 Likely root causes for the current state: -- the live `/opt/bytelyst/Caddyfile` only includes `api.bytelyst.com` -- `gitea`, `admin`, `tracker`, and `llmlab` host blocks were never added on the VM -- Azure NSG is allowing `80` but not `443` -- Caddy is not healthy or is failing certificate issuance / bind on `443` +- the live `/opt/bytelyst/Caddyfile` only included `api.bytelyst.com` +- `gitea`, `admin`, `tracker`, and `llmlab` host blocks had not been added on the VM +- the legacy Traefik `gateway` container was still holding port `80` +- the `caddy` container was defined in compose but not running, so nothing was bound to `443` ## Change Log Use this section to record real DNS cutovers: +| Date | Operator | Change | Result | +| ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------- | +| `2026-03-31` | Codex | Created GoDaddy-specific DNS runbook for `bytelyst.com` | Document added | +| `2026-03-31` | Codex | Switched live VM ingress from legacy gateway to Caddy and validated HTTPS for `api`, `gitea`, `admin`, `tracker`, and `llmlab` | HTTPS fixed | + | Date | Operator | Change | Result | | ------------ | -------- | ---------------------------------------------------------------------------------------------------- | -------------------- | | `2026-03-31` | Codex | Created GoDaddy-specific DNS runbook for `bytelyst.com` | Document added |