Caddy internal mode: cover host IPs and reload on rewrite
When TLS_MODE=internal the generated Caddyfile only listed the configured PIP_DOMAIN in the site block, so hitting the box by IP (common during initial bootstrap before DNS is wired up) tripped ERR_SSL_PROTOCOL_ERROR in the browser because Caddy had no matching site for that SNI. write_caddyfile now expands the site block to include every non-loopback IPv4 the host advertises plus localhost / 127.0.0.1. Caddy issues internal-CA certs covering all of them, so the TLS handshake succeeds for whichever address the operator hits. The browser still warns on the self-signed cert (expected); the user can click through and proceed. bring_up_stack now restarts the Caddy container after `up -d` so re-runs of install.sh against an existing deployment pick up the regenerated Caddyfile (the bind-mount changing alone doesn't make compose recreate the service).
| Repository | cpatpa/PIP |
|---|---|
| Author | Claude <noreply@anthropic.com> |
| Authored | |
| Parents | 8bb78320 |
| Stats | 1 file changed , +40 , -12 |
| Part of | Bare-metal installer + operator tooling |
Capture this commit into my fork
Download a Markdown prompt that tells Claude how to port this
exact commit into your working tree. Run it via
claude -p < capture-commit-2c726b5f.md
from inside the repo you want the change in.