vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

feat: Add sovereign infrastructure stack (Gitea + SeaweedFS)

Browse Source 
Separate infrastructure services from application stack for operational
resilience. Following Gemini's architectural guidance.

Infrastructure Services:
- Gitea (git.corrosionmgmt.com) - Source control, CI/CD, releases
  * SQLite database (self-contained)
  * Port 8090: Web UI
  * Port 2222: SSH

- SeaweedFS (cdn.corrosionmgmt.com) - S3-compatible object storage
  * Port 8091: Filer UI (primary CDN interface)
  * Port 8092: S3 API (programmatic access)
  * Port 9333: Master UI (internal admin)
  * Port 8080: Volume server (internal)

Benefits:
- Restarting Corrosion app doesn't affect Git/CDN services
- No shared database dependencies (Gitea uses SQLite)
- Clear separation between infrastructure and application concerns
- Foundation for plugin ecosystem and map hosting

Deployment:
cd infra && docker compose up -d

See infra/README.md for full setup instructions and NPM configuration.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
2026-02-15 13:13:44 -05:00
parent 574e3311bc
commit c471b6a7dd
3 changed files with 274 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
infra/NPM-CONFIG.md Normal file
View File

@@ -0,0 +1,119 @@
# Nginx Proxy Manager Configuration
## Required Proxy Hosts
### 1. Gitea (Source Control)
**Domain Names:**
- `git.corrosionmgmt.com`
**Details:**
```
Scheme: http
Forward Hostname / IP: <asgard-internal-ip>
Forward Port: 8090
Cache Assets: No
Block Common Exploits: Yes
Websockets Support: Yes
```
**SSL:**
```
Force SSL: Yes
HTTP/2 Support: Yes
HSTS Enabled: Yes
```
**Advanced (if needed):**
```nginx
# For SSH git clone support over HTTPS (optional)
location ~ ^/(.+\.git)/(git-upload-pack|git-receive-pack)$ {
proxy_pass http://<asgard-ip>:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
```
---
### 2. SeaweedFS CDN (Object Storage)
**Domain Names:**
- `cdn.corrosionmgmt.com`
**Details:**
```
Scheme: http
Forward Hostname / IP: <asgard-internal-ip>
Forward Port: 8091
Cache Assets: Yes (Enable caching for static files)
Block Common Exploits: Yes
Websockets Support: Yes
```
**SSL:**
```
Force SSL: Yes
HTTP/2 Support: Yes
HSTS Enabled: Yes
```
**Custom Locations (Optional):**
If you want to expose the S3 API at a different path:
```nginx
# S3 API at cdn.corrosionmgmt.com/s3
location /s3/ {
proxy_pass http://<asgard-ip>:8092/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
```
---
## Port Summary
| Service | Container | Internal Port | Host Port | Domain |
|---------|-----------|---------------|-----------|--------|
| Gitea Web | corrosion-gitea | 3000 | 8090 | git.corrosionmgmt.com |
| Gitea SSH | corrosion-gitea | 22 | 2222 | git.corrosionmgmt.com:2222 |
| SeaweedFS Filer | corrosion-cdn | 8888 | 8091 | cdn.corrosionmgmt.com |
| SeaweedFS S3 | corrosion-cdn | 8333 | 8092 | Internal only |
| SeaweedFS Master | corrosion-cdn | 9333 | 9333 | Internal only |
| SeaweedFS Volume | corrosion-cdn | 8080 | 8080 | Internal only |
---
## Testing
After configuring NPM, test the proxies:
```bash
# Test Gitea
curl -I https://git.corrosionmgmt.com
# Test SeaweedFS CDN
curl -I https://cdn.corrosionmgmt.com
# Test S3 API (internal)
curl http://<asgard-ip>:8092/
```
---
## Firewall Rules (if applicable)
If Asgard has a firewall, ensure these ports are accessible:
**From Nginx Proxy Manager to Asgard:**
- 8090 (Gitea)
- 8091 (SeaweedFS Filer)
**Optional (for internal access):**
- 8092 (S3 API - for backend services)
- 9333 (Master UI - for admin)
**External SSH (if using git over SSH):**
- 2222 (Gitea SSH)