From 147e8ac574c9d3cb29d2750c189a8c36f17287c0 Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Fri, 27 Feb 2026 11:00:55 +0000
Subject: [PATCH] fix(web,api): fix orchestrator proxy 502 connectivity (#542)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
---
 docker-compose.coolify.yml         | 4 ++++
 docker-compose.swarm.portainer.yml | 4 ++++
 docker-compose.yml                 | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/docker-compose.coolify.yml b/docker-compose.coolify.yml
index 60f0cc5..d8fbb3e 100644
--- a/docker-compose.coolify.yml
+++ b/docker-compose.coolify.yml
@@ -158,6 +158,8 @@ services:
       - NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
       - NEXT_PUBLIC_ORCHESTRATOR_URL=${NEXT_PUBLIC_ORCHESTRATOR_URL:-}
       - NEXT_PUBLIC_AUTH_MODE=${NEXT_PUBLIC_AUTH_MODE:-real}
+      # Server-side orchestrator proxy (API routes forward to orchestrator service over internal network)
+      - ORCHESTRATOR_URL=http://orchestrator:3001
       - ORCHESTRATOR_API_KEY=${ORCHESTRATOR_API_KEY:-}
     depends_on:
       api:
@@ -222,6 +224,8 @@ services:
     environment:
       - NODE_ENV=production
       - ORCHESTRATOR_PORT=3001
+      # Bind to all interfaces so the web container can reach it over Docker networking
+      - HOST=0.0.0.0
       - AI_PROVIDER=${AI_PROVIDER:-ollama}
       - OLLAMA_ENDPOINT=${OLLAMA_ENDPOINT:-}
       - OLLAMA_MODEL=${OLLAMA_MODEL:-llama3.2}
diff --git a/docker-compose.swarm.portainer.yml b/docker-compose.swarm.portainer.yml
index 0cd84aa..a5cc05e 100644
--- a/docker-compose.swarm.portainer.yml
+++ b/docker-compose.swarm.portainer.yml
@@ -252,6 +252,8 @@ services:
     environment:
       NODE_ENV: production
       ORCHESTRATOR_PORT: 3001
+      # Bind to all interfaces so the web container can reach it over Docker networking
+      HOST: 0.0.0.0
       AI_PROVIDER: ${AI_PROVIDER:-ollama}
       VALKEY_URL: redis://valkey:6379
       VALKEY_HOST: valkey
@@ -263,6 +265,8 @@ services:
       GIT_USER_EMAIL: "orchestrator@mosaicstack.dev"
       KILLSWITCH_ENABLED: "true"
       SANDBOX_ENABLED: "true"
+      # API key for authenticating requests from the web proxy
+      ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - orchestrator_workspace:/workspace
diff --git a/docker-compose.yml b/docker-compose.yml
index ee433f3..b1d95ef 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -433,6 +433,8 @@ services:
       NODE_ENV: production
       # Orchestrator Configuration
       ORCHESTRATOR_PORT: 3001
+      # Bind to all interfaces so the web container can reach it over Docker networking
+      HOST: 0.0.0.0
       AI_PROVIDER: ${AI_PROVIDER:-ollama}
       # Valkey
       VALKEY_URL: redis://valkey:6379
@@ -448,6 +450,8 @@ services:
       # Security
       KILLSWITCH_ENABLED: true
       SANDBOX_ENABLED: true
+      # API key for authenticating requests from the web proxy
+      ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
     ports:
       - "3002:3001"
     volumes:
@@ -498,6 +502,8 @@ services:
       NODE_ENV: production
       PORT: ${WEB_PORT:-3000}
       NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3001}
+      # Server-side orchestrator proxy (API routes forward to orchestrator service)
+      ORCHESTRATOR_URL: http://orchestrator:3001
       ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
     ports:
       - "${WEB_PORT:-3000}:${WEB_PORT:-3000}"
@@ -515,6 +521,7 @@ services:
       retries: 3
       start_period: 40s
     networks:
+      - mosaic-internal
       - mosaic-public
     labels:
       - "com.mosaic.service=web"