Files
avc-phone-ai/traefik-avc-phone.yml
2026-06-23 22:38:22 +00:00

72 lines
3.3 KiB
YAML

# Traefik DYNAMIC configuration for the AVC phone agent.
# File-provider snippet — Traefik does NOT run on the GPU box (miaai), so this routes
# your existing Traefik host to the phone service over the network.
#
# ── Install ──────────────────────────────────────────────────────────────────
# Drop this into the directory your Traefik watches as a file provider, e.g.
# traefik.yml (static):
# providers:
# file:
# directory: /etc/traefik/dynamic
# watch: true
# then: cp traefik-avc-phone.yml /etc/traefik/dynamic/ (Traefik hot-reloads it)
#
# ── BEFORE IT WORKS, set these 4 things to match YOUR Traefik ────────────────
# 1) HOST -> the real domain (must equal PUBLIC_HOST in the app's .env,
# because Twilio's signature is computed over https://<HOST>/voice)
# 2) entryPoints -> your HTTPS entrypoint name (commonly `websecure`; could be `https`)
# 3) certResolver -> your ACME resolver name (commonly `le`/`letsencrypt`/`myresolver`)
# 4) the service url -> reachable address of the GPU box from the Traefik host
# (LAN 10.10.1.221:8200; swap for the NetBird overlay IP if that's
# the path Traefik uses to reach miaai)
#
# WebSockets (the /ws Twilio Media Stream): Traefik forwards the Upgrade handshake
# automatically — no special middleware needed. One router/service covers both the
# /voice HTTPS POST and the /ws WSS upgrade because they share host + backend.
http:
routers:
avc-phone:
rule: "Host(`phone.example.com`)" # 1) <-- your domain
entryPoints:
- websecure # 2) <-- your HTTPS entrypoint
service: avc-phone
tls:
certResolver: le # 3) <-- your ACME resolver
# Optional: redirect plain HTTP -> HTTPS for this host. Omit if your Traefik does
# this globally already.
avc-phone-http:
rule: "Host(`phone.example.com`)" # 1) <-- your domain
entryPoints:
- web # your HTTP (:80) entrypoint name
middlewares:
- avc-phone-https-redirect
service: avc-phone # never reached (redirected first)
services:
avc-phone:
loadBalancer:
passHostHeader: true
servers:
- url: "http://10.10.1.221:8200" # 4) <-- GPU box (miaai) : app port
# Twilio media streams are long-lived; keep generous timeouts on the
# entrypoint (static config) — see note at bottom.
middlewares:
avc-phone-https-redirect:
redirectScheme:
scheme: https
permanent: true
# ── One static-config reminder (NOT part of this file) ───────────────────────
# Twilio Media Streams hold the WebSocket open for the whole call. If your HTTPS
# entrypoint has a short respondingTimeout/idleTimeout, long calls get cut. In the
# STATIC traefik config, ensure the entrypoint allows long-lived streams, e.g.:
# entryPoints:
# websecure:
# address: ":443"
# transport:
# respondingTimeouts:
# idleTimeout: 3600s