linumiq_net-user
7fe0cc3753
Near-1:1 clone of the prod remote-access stack, isolated on a new external dev_edge network and fronted by the same shared Caddy instance (dual-homed on edge + dev_edge). Dev is manual-start (not on boot). - Hostnames: app-dev / api-dev .linumiq.net, tunnels under *.dev.linumiq.net, dev tunnel ingress on port 7001. - Dev Supabase (project supabase-dev, *-dev containers), web, frps, redis, stripe-stub, bandwidth-worker with fresh independent secrets (gitignored). - Shared Caddyfile: app-dev -> web-dev, api-dev -> dev kong (+webhook block), *.dev -> frps-dev vhost. Caddy compose dual-homed on dev_edge. - On-demand-TLS authorizer (prod check-subdomain, in gitignored volumes/) extended additively: app-dev/api-dev -> 200; *.dev delegated to the dev authorizer. Prod allow-list logic unchanged. - dev.sh manual up/down/ps helper; README documents topology + secrets. Secrets, frps.toml, volumes/, web worktree and data dirs are gitignored.
/docker — linumiq.net remote access stack
Networks
Shared external docker network: edge (created with docker network create edge).
Shared env
/docker/.env — DOMAIN, LE_EMAIL.
Per-service secrets
/docker/<svc>/.env, all chmod 600, owned root:root. See /docker/SECRETS.md
for the inventory.
Service inventory (Wave A + Wave B)
| Service | Compose dir | Container name | Listens | Image |
|---|---|---|---|---|
| Supabase stack | /docker/supabase | supabase-* | kong :8000, edge :9000 (internal) | supabase/* (pinned per compose) |
| Caddy | /docker/caddy | caddy | :80, :443 | caddy:2.10.2-alpine |
| frps | /docker/frps | frps | :7000 ctrl, :7080 vhost, :7500 dash | snowdreamtech/frps:0.65.0 |
| Redis | /docker/redis | redis | :6379 (edge net only) | redis:7.2-alpine |
| stripe-stub | /docker/stripe-stub | stripe-stub | 127.0.0.1:4242 | stripe-stub:1.0.0 (local build) |
| bandwidth-worker | /docker/bandwidth-worker | bandwidth-worker | (no inbound) | bandwidth-worker:1.0.0 (local build) |
Start order
cd /docker/redis && docker compose --env-file .env up -dcd /docker/supabase && docker compose up -dcd /docker/frps && docker compose up -dcd /docker/caddy && docker compose up -dcd /docker/stripe-stub && docker compose up -dcd /docker/bandwidth-worker && docker compose up -d- (later)
cd /docker/web && docker compose up -d
Stop order
Reverse of the above. docker compose down per directory.
Edge functions
Mounted from /docker/supabase/volumes/functions/. The main function is a
router that reads the first URL path segment as the function name.
- Via Kong:
POST http://127.0.0.1:8000/functions/v1/<name> - Direct (intra-
edgenetwork, e.g. frps auth plugin):POST http://supabase-edge-functions:9000/<name>
After editing a function, cd /docker/supabase && docker compose restart functions
(or up -d functions if env changed).
Wave B specifics
frps.tomlenables[[httpPlugins]] name="auth"pointing athttp://supabase-edge-functions:9000/auth-webhook.supabase-edge-functionsreadsREDIS_URLfrom/docker/supabase/.env.- bandwidth-worker polls
http://frps:7500/api/proxy/httpevery 60s; deltas go topublic.usage_samplesandpublic.tunnels.bytes_usedvia PostgREST.