SCRUM-45: Caddy carve-out for the EasyPost return webhook #2

2026-06-12T20:30:23-04:00

bastian commented

2026-06-12 20:30:23 -04:00

The Fulfillr host is IP-restricted, so EasyPost's servers can't reach it. Adds a narrow handle /webhooks/easypost before the IP restriction (handle blocks are mutually exclusive, first match wins) for prod (:9054) and dev (:9055) so the HMAC-verified tracker webhook is reachable while the rest of the host stays locked down.

Single-file change (Caddyfile.j2 only). Part of epic SCRUM-42. Deploy: make deploy TAGS=fulfillr-dev / fulfillr (re-renders the Caddyfile).

🤖 Generated with Claude Code

The Fulfillr host is IP-restricted, so EasyPost's servers can't reach it. Adds a narrow `handle /webhooks/easypost` **before** the IP restriction (handle blocks are mutually exclusive, first match wins) for prod (`:9054`) and dev (`:9055`) so the HMAC-verified tracker webhook is reachable while the rest of the host stays locked down. Single-file change (`Caddyfile.j2` only). Part of epic **SCRUM-42**. Deploy: `make deploy TAGS=fulfillr-dev` / `fulfillr` (re-renders the Caddyfile). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

bastian added 1 commit 2026-06-12 20:30:23 -04:00

SCRUM-45: Caddy carve-out for the EasyPost return webhook c896f69ff9

The Fulfillr host is IP-restricted, so EasyPost's servers can't reach it. Add a
narrow `handle /webhooks/easypost` before the IP restriction (handle blocks are
mutually exclusive, first match wins) for prod (:9054) and dev (:9055) so the
HMAC-verified tracker webhook is reachable while the rest of the host stays locked.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

bastian merged commit accecd74a5 into master

2026-06-12 20:30:32 -04:00

bastian deleted branch returns-refund/webhook-caddy

2026-06-12 20:30:33 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bastian/deploy_home#2