bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bastian/deploy_home:3b9c46a11bdee5ca8bd425a6a7bb8e1f0127bcfc
Branches Tags
bastian/deploy_home:master
..
compare: bastian/deploy_home:f61105c9903e240d574b8a9e89b9751489ac944f
Branches Tags
bastian/deploy_home:master

3 Commits
3b9c46a11b .. f61105c990

Author SHA1 Message Date
Bastian de Byl f61105c990 SCRUM-45: Caddy carve-out for the EasyPost return webhook 
The Fulfillr host is IP-restricted, so EasyPost's servers can't reach it. Add a
narrow `handle /webhooks/easypost` before the IP restriction (handle blocks are
mutually exclusive, first match wins) for prod (:9054) and dev (:9055) so the
HMAC-verified tracker webhook is reachable while the rest of the host stays locked.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-12 20:23:52 -04:00
Bastian de Byl 7b35d0806d fulfillr prod: bump to 20260607.0217 (Snipcart decommission — go-snipcart dropped) 2026-06-06 22:20:58 -04:00
Bastian de Byl fba78f99b5 fulfillr prod: bump to 20260607.0055 (idle-conn fix [orders-500] + outreach->Turso) 2026-06-06 21:06:24 -04:00
2 changed files with 18 additions and 2 deletions
Expand all files Collapse all files
ansible/roles/podman/tasks/main.yml
+2 -2
View File
@@ -78,13 +78,13 @@
- import_tasks: containers/debyltech/fulfillr.yml - import_tasks: containers/debyltech/fulfillr.yml
vars: vars:
image: git.debyl.io/debyltech/fulfillr:20260606.2328 image: git.debyl.io/debyltech/fulfillr:20260607.0217
tags: debyltech, fulfillr tags: debyltech, fulfillr
# Staging back-office (fulfillr-dev.debyltech.com) — same image, staging Turso config. # Staging back-office (fulfillr-dev.debyltech.com) — same image, staging Turso config.
- import_tasks: containers/debyltech/fulfillr-dev.yml - import_tasks: containers/debyltech/fulfillr-dev.yml
vars: vars:
image: git.debyl.io/debyltech/fulfillr:20260606.2328 image: git.debyl.io/debyltech/fulfillr:20260607.0217
tags: debyltech, fulfillr-dev tags: debyltech, fulfillr-dev
- import_tasks: containers/debyltech/uptime-kuma.yml - import_tasks: containers/debyltech/uptime-kuma.yml
ansible/roles/podman/templates/caddy/Caddyfile.j2
+16
View File
@@ -344,6 +344,15 @@
# Fulfillr - {{ fulfillr_server_name }} (Static + API with IP restrictions) # Fulfillr - {{ fulfillr_server_name }} (Static + API with IP restrictions)
{{ fulfillr_server_name }} { {{ fulfillr_server_name }} {
# Public EasyPost tracker webhook — HMAC-verified inside go-fulfillr. Placed
# before the IP restriction (handle blocks are mutually exclusive, first
# match wins) so EasyPost's servers can POST here while everything else on
# this host stays IP-restricted.
@easypost_webhook path /webhooks/easypost
handle @easypost_webhook {
reverse_proxy localhost:9054
}
{{ ip_restricted_site() }} {{ ip_restricted_site() }}
@api { @api {
@@ -391,6 +400,13 @@
# Fulfillr DEV/staging - {{ fulfillr_dev_server_name }} (Static + API with IP restrictions) # Fulfillr DEV/staging - {{ fulfillr_dev_server_name }} (Static + API with IP restrictions)
{{ fulfillr_dev_server_name }} { {{ fulfillr_dev_server_name }} {
# Public EasyPost tracker webhook (test mode) — HMAC-verified inside
# go-fulfillr. Placed before the IP restriction so EasyPost can POST here.
@easypost_webhook path /webhooks/easypost
handle @easypost_webhook {
reverse_proxy localhost:9055
}
{{ ip_restricted_site() }} {{ ip_restricted_site() }}
@api { @api {