Front Door Edge Proxy
Stateless Caddy edge proxy for Coderunner public URLs — TLS and routing delegated to Control Plane.
The front door is a stateless edge proxy. Control Plane is the source of truth for hostname authorization and per-request upstream routing.
Architecture
Internet → Caddy (edge) → Control Plane /v1/public/route → upstream (Coderunner)
↓
/v1/public/tls-authorize (ACME)Control Plane endpoints
Both are public, unauthenticated, and rate-limited:
| Endpoint | Purpose |
|---|---|
GET /v1/public/tls-authorize?domain= | ACME TLS authorization — returns 200 if host is allowed |
GET /v1/public/route?host= | Per-request routing — returns upstream in X-Gf-Upstream* headers |
Environment variables
| Variable | Description |
|---|---|
CP_INTERNAL_URL | Full URL to Control Plane (e.g. https://dev-platform.groundfloor.cloud) |
CP_INTERNAL_HOSTPORT | Host:port for upstream calls |
Dev environment
The deployed Control Plane for dev is https://dev-platform.groundfloor.cloud. The front door must call it for both TLS authorization and per-request routing.
Related
- Architecture — platform overview
- Shell integration — federated app guides
Full deployment runbook (Docker Compose, Kubernetes manifests) lives in the Control Plane repo under deploy/front-door/.