72 lines
3.3 KiB
YAML
72 lines
3.3 KiB
YAML
# Traefik DYNAMIC configuration for the AVC phone agent.
|
|
# File-provider snippet — Traefik does NOT run on the GPU box (miaai), so this routes
|
|
# your existing Traefik host to the phone service over the network.
|
|
#
|
|
# ── Install ──────────────────────────────────────────────────────────────────
|
|
# Drop this into the directory your Traefik watches as a file provider, e.g.
|
|
# traefik.yml (static):
|
|
# providers:
|
|
# file:
|
|
# directory: /etc/traefik/dynamic
|
|
# watch: true
|
|
# then: cp traefik-avc-phone.yml /etc/traefik/dynamic/ (Traefik hot-reloads it)
|
|
#
|
|
# ── BEFORE IT WORKS, set these 4 things to match YOUR Traefik ────────────────
|
|
# 1) HOST -> the real domain (must equal PUBLIC_HOST in the app's .env,
|
|
# because Twilio's signature is computed over https://<HOST>/voice)
|
|
# 2) entryPoints -> your HTTPS entrypoint name (commonly `websecure`; could be `https`)
|
|
# 3) certResolver -> your ACME resolver name (commonly `le`/`letsencrypt`/`myresolver`)
|
|
# 4) the service url -> reachable address of the GPU box from the Traefik host
|
|
# (LAN 10.10.1.221:8200; swap for the NetBird overlay IP if that's
|
|
# the path Traefik uses to reach miaai)
|
|
#
|
|
# WebSockets (the /ws Twilio Media Stream): Traefik forwards the Upgrade handshake
|
|
# automatically — no special middleware needed. One router/service covers both the
|
|
# /voice HTTPS POST and the /ws WSS upgrade because they share host + backend.
|
|
|
|
http:
|
|
routers:
|
|
avc-phone:
|
|
rule: "Host(`phone.example.com`)" # 1) <-- your domain
|
|
entryPoints:
|
|
- websecure # 2) <-- your HTTPS entrypoint
|
|
service: avc-phone
|
|
tls:
|
|
certResolver: le # 3) <-- your ACME resolver
|
|
|
|
# Optional: redirect plain HTTP -> HTTPS for this host. Omit if your Traefik does
|
|
# this globally already.
|
|
avc-phone-http:
|
|
rule: "Host(`phone.example.com`)" # 1) <-- your domain
|
|
entryPoints:
|
|
- web # your HTTP (:80) entrypoint name
|
|
middlewares:
|
|
- avc-phone-https-redirect
|
|
service: avc-phone # never reached (redirected first)
|
|
|
|
services:
|
|
avc-phone:
|
|
loadBalancer:
|
|
passHostHeader: true
|
|
servers:
|
|
- url: "http://10.10.1.221:8200" # 4) <-- GPU box (miaai) : app port
|
|
# Twilio media streams are long-lived; keep generous timeouts on the
|
|
# entrypoint (static config) — see note at bottom.
|
|
|
|
middlewares:
|
|
avc-phone-https-redirect:
|
|
redirectScheme:
|
|
scheme: https
|
|
permanent: true
|
|
|
|
# ── One static-config reminder (NOT part of this file) ───────────────────────
|
|
# Twilio Media Streams hold the WebSocket open for the whole call. If your HTTPS
|
|
# entrypoint has a short respondingTimeout/idleTimeout, long calls get cut. In the
|
|
# STATIC traefik config, ensure the entrypoint allows long-lived streams, e.g.:
|
|
# entryPoints:
|
|
# websecure:
|
|
# address: ":443"
|
|
# transport:
|
|
# respondingTimeouts:
|
|
# idleTimeout: 3600s
|