From 87cf953364485d4cbe99735234473124617a6d83 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Fri, 12 Jun 2026 21:13:56 -0400 Subject: [PATCH] SCRUM-45: Revert Caddy /webhooks/easypost carve-out The EasyPost tracker webhook moved to debyltech-api (publicly reachable Lambda); the fulfillr host is LAN-restricted and no longer hosts it, so the carve-out is no longer needed. Removes the handle blocks for prod and dev. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../roles/podman/templates/caddy/Caddyfile.j2 | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ansible/roles/podman/templates/caddy/Caddyfile.j2 b/ansible/roles/podman/templates/caddy/Caddyfile.j2 index e0ce118..048696f 100644 --- a/ansible/roles/podman/templates/caddy/Caddyfile.j2 +++ b/ansible/roles/podman/templates/caddy/Caddyfile.j2 @@ -344,15 +344,6 @@ # Fulfillr - {{ fulfillr_server_name }} (Static + API with IP restrictions) {{ fulfillr_server_name }} { - # Public EasyPost tracker webhook — HMAC-verified inside go-fulfillr. Placed - # before the IP restriction (handle blocks are mutually exclusive, first - # match wins) so EasyPost's servers can POST here while everything else on - # this host stays IP-restricted. - @easypost_webhook path /webhooks/easypost - handle @easypost_webhook { - reverse_proxy localhost:9054 - } - {{ ip_restricted_site() }} @api { @@ -400,13 +391,6 @@ # Fulfillr DEV/staging - {{ fulfillr_dev_server_name }} (Static + API with IP restrictions) {{ fulfillr_dev_server_name }} { - # Public EasyPost tracker webhook (test mode) — HMAC-verified inside - # go-fulfillr. Placed before the IP restriction so EasyPost can POST here. - @easypost_webhook path /webhooks/easypost - handle @easypost_webhook { - reverse_proxy localhost:9055 - } - {{ ip_restricted_site() }} @api { -- 2.52.0