# Model Dock Caddy Deployment Plan

This document defines the recommended reverse proxy setup for public exposure of Model Dock.

## Why Caddy

- Automatic HTTPS by default
- Simple hostname-to-upstream configuration
- Good defaults for websocket and reverse proxy behavior
- Lower operational overhead than a hand-built Nginx setup for this footprint

## Public hostnames

- `n8n.mrksylvstr.com` -> `http://127.0.0.1:5678`
- `chat.mrksylvstr.com` -> `http://127.0.0.1:8080`
- `flow.mrksylvstr.com` -> `http://127.0.0.1:3001`
- `api.mrksylvstr.com` -> `http://127.0.0.1:4000`

## Design rules

- Keep all upstream services bound to localhost
- Expose only Caddy on public ports `80` and `443`
- Let Caddy terminate TLS
- Do not start compose-managed `n8n` while host-side `n8n` owns `127.0.0.1:5678`

## Files

- Example Caddy config: `/home/mark/modeldock/Caddyfile.example`
- Ingress contract: `/home/mark/modeldock/INGRESS_PLAN.md`

## Prerequisites

- DNS `A` or `AAAA` records for all four hostnames pointing at the machine running Caddy
- Public inbound access to ports `80` and `443`
- Caddy installed on the host or deployed in a trusted boundary with access to localhost upstreams

## Recommended deployment mode

- Run Caddy on the host
- Keep Model Dock services on localhost
- Keep the current host-side `n8n`
- Reuse the same hostname map after migration to `/srv/arch1/modeldock`

## Cutover sequence

1. Create DNS records for the four hostnames
2. Install Caddy
3. Copy `/home/mark/modeldock/Caddyfile.example` to the active Caddy config location
4. Start or reload Caddy
5. Verify each hostname returns the expected app
6. Verify Open WebUI login, Flowise access, LiteLLM API responses, and n8n editor access over HTTPS

## Verification

- `https://n8n.mrksylvstr.com` loads the existing `n8n`
- `https://chat.mrksylvstr.com` loads Open WebUI
- `https://flow.mrksylvstr.com` loads Flowise
- `https://api.mrksylvstr.com/v1/models` returns LiteLLM models

## Notes

- If `n8n` later moves into compose, keep the same hostname and just change the upstream target if needed
- If the stack later moves to `/srv/arch1/modeldock`, the Caddy public mapping does not need to change