- Replace AbortSignal.timeout() with AbortController for better compatibility
- Add detailed error logging to diagnose connection failures
- Improve health status logging (only warn once when becoming unhealthy)
- Add logging when Caddy recovers from unhealthy state
- Add current state to initialization log for debugging
This fixes the monitoring service continuously reporting failures and improves
restart detection after OOM crashes or container restarts.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implemented health monitoring service that detects Caddy restarts/crashes
- Automatically reapplies configuration when Caddy restarts
- Added metrics settings UI for enabling Prometheus/Grafana monitoring
- Caddy metrics exposed on separate port (default: 9090) via reverse proxy
- Admin API (port 2019) kept internal-only for security
- Updated docker-compose.yml with metrics port documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implemented health monitoring service that detects Caddy restarts/crashes
- Automatically reapplies configuration when Caddy restarts
- Added metrics settings UI for enabling Prometheus/Grafana monitoring
- Caddy metrics available at /metrics endpoint (configurable port/path)
- Updated docker-compose.yml with metrics port documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
When editing a proxy host with certificate_id set to null (auto), the
dropdown would not show "Managed by Caddy (Auto)" as selected and it
would revert to another certificate. There were two issues:
1. Form submission: Empty string from dropdown was treated as falsy,
returning undefined instead of null (means "don't change")
2. Database update: The ?? operator treated null as falsy and fell back
to existing value instead of saving null
Changes:
- app/(dashboard)/proxy-hosts/actions.ts: Check formData.has() and
explicitly convert empty string to null for auto mode
- src/lib/models/proxy-hosts.ts: Use !== undefined instead of ?? to
allow null values to be saved
- app/(dashboard)/proxy-hosts/ProxyHostsClient.tsx: Add Certificate
column to table showing "Managed by Caddy (Auto)" for auto certs
Applied same fixes to access_list_id for consistency.
Now when users select "Managed by Caddy (Auto)", it correctly sets
certificate_id to null, displays properly on subsequent edits, and
shows in the table view.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
When editing a proxy host with certificate_id set to null (auto), the
dropdown would not show "Managed by Caddy (Auto)" as selected. The issue
was that empty string from the dropdown was treated as falsy, returning
undefined instead of null, which means "don't change" in the update logic.
Changes:
- Check if certificate_id field exists with formData.has()
- Explicitly convert empty string to null for auto mode
- Apply same fix to access_list_id for consistency
Now when users select "Managed by Caddy (Auto)", it correctly sets
certificate_id to null and displays properly on subsequent edits.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The forward_auth directive only exists in Caddyfile syntax, not JSON config.
This fix converts Authentik authentication to use the underlying reverse_proxy
handler with proper configuration:
- Replace forward_auth handler with reverse_proxy
- Convert "private_ranges" keyword to actual CIDR blocks for JSON config
- Parse upstream URL to extract host:port for dial field (removing http://)
- Add handle_response block to copy Authentik headers on 2xx status
- Preserve X-Forwarded-Method and X-Forwarded-Uri headers
Fixes error: "unknown module: http.handlers.forward_auth"
Fixes error: "invalid IP address: 'private_ranges'"
Fixes error: "lookup /hostname: no such host" (dial with URL scheme)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Following the Prisma guide for GitHub Actions and CI/CD, this commit addresses
the Prisma client generation issues in the Docker build process:
Changes:
1. **package.json**:
- Removed silent failure fallback in postinstall hook
- Removed redundant prisma generate from build script
- Now fails fast if Prisma generation has issues
2. **docker/web/Dockerfile**:
- Added DATABASE_URL environment variable in deps stage
- Explicitly run prisma generate after npm install to ensure client is created
- Generate Prisma client again in builder stage for build context
- Removed --skip-generate flag from prisma db push
- Added clear comments explaining each Prisma-related step
These changes ensure:
- Prisma client is generated with correct engines for debian-openssl-3.0.x
- Build fails early if there are Prisma configuration issues
- DATABASE_URL is set before running any Prisma commands
- Proper multi-stage Docker build with Prisma support
The previous attempt failed because Prisma CLI couldn't parse the binaryTarget
configuration due to an incorrect environment variable I set. This commit:
- Removes the non-existent PRISMA_CLI_BINARY_TARGETS environment variable
- Copies the Prisma schema BEFORE running npm ci, allowing the postinstall
script to properly generate the Prisma client with engines
- Adds openssl and ca-certificates to deps stage for engine downloads
- Simplifies the builder stage to rely on pre-generated engines from deps
This ensures Prisma engines are downloaded during npm installation via the
postinstall hook, making them available for subsequent build steps.
The build was failing with Prisma schema validation errors because Prisma
couldn't download engine binaries from binaries.prisma.sh (403 Forbidden).
This resulted in cryptic parsing errors during 'prisma generate'.
Changes:
- Add openssl and ca-certificates to deps stage for engine downloads
- Set PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING to bypass checksum validation
- Pre-generate Prisma client with engines in deps stage
- Copy pre-generated client to builder stage to avoid re-downloading
- Set PRISMA_SKIP_POSTINSTALL_GENERATE in builder to prevent regeneration
This ensures engines are bundled during the deps stage and reused in
subsequent stages, eliminating network dependency during the build phase.
The build was failing during 'prisma generate' with numerous validation
errors because Prisma's query engine requires OpenSSL to function properly.
The builder stage was missing the openssl package, causing the engine to
fail to load and produce cryptic parsing errors.
This adds openssl installation to the builder stage, matching what was
already present in the runner stage.
- Remove /app/node_modules/.prisma/client before generating
- Prevents EACCES errors when Prisma tries to unlink existing files
- Cleanup runs as root before switching to nextjs user
