Add Cloudflare Tunnel connector (profile-gated) to the deploy stack
A cloudflared service (opt-in via the 'tunnel' compose profile, token from CLOUDFLARE_TUNNEL_TOKEN) connects the lab to Cloudflare. One public hostname -> http://caddy:80 is sufficient because Caddy does the internal path routing. Mirrors the drawbar tunnel setup. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
@@ -26,8 +26,16 @@ S3_REGION=us-east-1
|
||||
|
||||
# --- Edge (Caddy) ---
|
||||
# Local: ':80' (http://localhost). Production: 'provenance.example.com' for auto-HTTPS.
|
||||
# Behind a Cloudflare Tunnel, keep ':80' — Cloudflare terminates TLS and the
|
||||
# tunnel forwards plain HTTP to caddy:80.
|
||||
PROVENANCE_SITE_ADDRESS=:80
|
||||
|
||||
# --- Cloudflare Tunnel (optional) ---
|
||||
# Enable by setting COMPOSE_PROFILES=tunnel and supplying the connector token
|
||||
# from the Cloudflare dashboard. Public hostname -> http://caddy:80.
|
||||
CLOUDFLARE_TUNNEL_TOKEN=
|
||||
COMPOSE_PROFILES=
|
||||
|
||||
# --- Auth / sessions ---
|
||||
SESSION_TTL_DAYS=30
|
||||
TOKEN_TTL_HOURS=24
|
||||
|
||||
Reference in New Issue
Block a user