mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

fix(web,api): fix orchestrator proxy 502 connectivity

Browse Source 
Root causes of the 502 Bad Gateway on all orchestrator proxy endpoints:

1. Orchestrator bound to 127.0.0.1 by default — add HOST=0.0.0.0 to all
   compose files so the orchestrator is reachable from other containers.

2. Web service missing ORCHESTRATOR_URL in docker-compose.yml and
   docker-compose.coolify.yml — server-side proxy was falling through to
   NEXT_PUBLIC_API_URL (the public API URL) which has no /agents or /health
   endpoints. Add ORCHESTRATOR_URL=http://orchestrator:3001 so the web
   container routes to the orchestrator service over the internal network.

3. Orchestrator missing ORCHESTRATOR_API_KEY in docker-compose.yml and
   docker-compose.swarm.portainer.yml — the OrchestratorApiKeyGuard would
   reject all requests with 401 (or 502 when unreachable first).

4. Web service missing mosaic-internal network in docker-compose.yml —
   orchestrator was only on mosaic-internal while web was only on
   mosaic-public, making them unreachable by name.

Closes SS-ORCH-001 (issue #534)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-27 04:59:58 -06:00
parent 833662a64f
commit d28611e0db
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docker-compose.yml
View File

@@ -433,6 +433,8 @@ services:
NODE_ENV: production
# Orchestrator Configuration
ORCHESTRATOR_PORT: 3001
# Bind to all interfaces so the web container can reach it over Docker networking
HOST: 0.0.0.0
AI_PROVIDER: ${AI_PROVIDER:-ollama}
# Valkey
VALKEY_URL: redis://valkey:6379
@@ -448,6 +450,8 @@ services:
# Security
KILLSWITCH_ENABLED: true
SANDBOX_ENABLED: true
# API key for authenticating requests from the web proxy
ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
ports:
- "3002:3001"
volumes:
@@ -498,6 +502,8 @@ services:
NODE_ENV: production
PORT: ${WEB_PORT:-3000}
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3001}
# Server-side orchestrator proxy (API routes forward to orchestrator service)
ORCHESTRATOR_URL: http://orchestrator:3001
ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
ports:
- "${WEB_PORT:-3000}:${WEB_PORT:-3000}"
@@ -515,6 +521,7 @@ services:
retries: 3
start_period: 40s
networks:
- mosaic-internal
- mosaic-public
labels:
- "com.mosaic.service=web"