# Traefik DYNAMIC configuration for the AVC phone agent. # File-provider snippet — Traefik does NOT run on the GPU box (miaai), so this routes # your existing Traefik host to the phone service over the network. # # ── Install ────────────────────────────────────────────────────────────────── # Drop this into the directory your Traefik watches as a file provider, e.g. # traefik.yml (static): # providers: # file: # directory: /etc/traefik/dynamic # watch: true # then: cp traefik-avc-phone.yml /etc/traefik/dynamic/ (Traefik hot-reloads it) # # ── BEFORE IT WORKS, set these 4 things to match YOUR Traefik ──────────────── # 1) HOST -> the real domain (must equal PUBLIC_HOST in the app's .env, # because Twilio's signature is computed over https:///voice) # 2) entryPoints -> your HTTPS entrypoint name (commonly `websecure`; could be `https`) # 3) certResolver -> your ACME resolver name (commonly `le`/`letsencrypt`/`myresolver`) # 4) the service url -> reachable address of the GPU box from the Traefik host # (LAN 10.10.1.221:8200; swap for the NetBird overlay IP if that's # the path Traefik uses to reach miaai) # # WebSockets (the /ws Twilio Media Stream): Traefik forwards the Upgrade handshake # automatically — no special middleware needed. One router/service covers both the # /voice HTTPS POST and the /ws WSS upgrade because they share host + backend. http: routers: avc-phone: rule: "Host(`phone.example.com`)" # 1) <-- your domain entryPoints: - websecure # 2) <-- your HTTPS entrypoint service: avc-phone tls: certResolver: le # 3) <-- your ACME resolver # Optional: redirect plain HTTP -> HTTPS for this host. Omit if your Traefik does # this globally already. avc-phone-http: rule: "Host(`phone.example.com`)" # 1) <-- your domain entryPoints: - web # your HTTP (:80) entrypoint name middlewares: - avc-phone-https-redirect service: avc-phone # never reached (redirected first) services: avc-phone: loadBalancer: passHostHeader: true servers: - url: "http://10.10.1.221:8200" # 4) <-- GPU box (miaai) : app port # Twilio media streams are long-lived; keep generous timeouts on the # entrypoint (static config) — see note at bottom. middlewares: avc-phone-https-redirect: redirectScheme: scheme: https permanent: true # ── One static-config reminder (NOT part of this file) ─────────────────────── # Twilio Media Streams hold the WebSocket open for the whole call. If your HTTPS # entrypoint has a short respondingTimeout/idleTimeout, long calls get cut. In the # STATIC traefik config, ensure the entrypoint allows long-lived streams, e.g.: # entryPoints: # websecure: # address: ":443" # transport: # respondingTimeouts: # idleTimeout: 3600s