diff --git a/docs/DEVOPS_DEPLOY_PROMPT.md b/docs/DEVOPS_DEPLOY_PROMPT.md index abb16c9..0739cdd 100644 --- a/docs/DEVOPS_DEPLOY_PROMPT.md +++ b/docs/DEVOPS_DEPLOY_PROMPT.md @@ -80,11 +80,11 @@ env: - The deploy script will pull the container image from the registry - Ensure the shared external Docker network `proxy-net` exists so Caddy can reverse proxy the deployment by container name -5. **Publish VPN route through Caddy**: - - Add `http://vd1.uncloud.vpn` to `/opt/caddy/Caddyfile` - - Restrict access with the existing `@not-vpn` matcher for `10.100.0.0/24` +5. **Publish public route through Caddy**: + - Add `lombard.uncloud.tech` to `/opt/caddy/Caddyfile` - Reverse proxy to `vault-dash:8000` on `proxy-net` - - Reload Caddy and verify `http://vd1.uncloud.vpn/health` over VPN + - Reload Caddy and verify `https://lombard.uncloud.tech/health` + - Remove the retired `vd1.uncloud.vpn` route if it still exists 6. **Verify network connectivity**: - Forgejo runner must be able to reach the VPS via SSH diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index dafa90a..22956d7 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -291,13 +291,13 @@ DATA-001 (Price Feed) **Dependencies:** DATA-001, PORT-001 ### OPS-001: Caddy Route for Production Dashboard [P1, S] **[depends: deploy-stable]** -**As a** VPN user, **I want** to reach the deployed dashboard at `vd1.uncloud.vpn` **so that** I can access it without SSH port forwarding. +**As a** user, **I want** to reach the deployed dashboard at `lombard.uncloud.tech` **so that** I can access it directly over HTTPS. **Acceptance Criteria:** -- Caddy route proxies `vd1.uncloud.vpn` to local deployment container -- Route works over the VPN only +- Caddy route proxies `lombard.uncloud.tech` to the deployment container +- HTTPS works with a valid certificate - Health check succeeds through Caddy -- Deployment docs include the route and where it lives +- Deployment docs include the route and note that `vd1.uncloud.vpn` was retired **Dependencies:** stable deployed app on VPS