mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(web,api): fix orchestrator proxy 502 connectivity #542

Merged
jason.woltje merged 1 commits from fix/orchestrator-connectivity into main 2026-02-27 11:00:56 +00:00
Conversation 0 Commits 1 Files Changed 3 +15
jason.woltje commented 2026-02-27 11:00:29 +00:00
Owner
Copy Link

Summary

  • Fix orchestrator proxy returning 502 for all endpoints at mosaic.woltje.com
  • Root cause: orchestrator binds to 127.0.0.1 by default (not reachable from other containers) and web service was missing ORCHESTRATOR_URL env var

Changes

Root cause 1: Orchestrator binds to 127.0.0.1 (unreachable from Docker network)

The orchestrator main.ts reads HOST env var (defaults to 127.0.0.1). Added HOST=0.0.0.0 to all three compose files so the orchestrator listens on all interfaces and is reachable by container name.

Root cause 2: Web server missing ORCHESTRATOR_URL

docker-compose.yml and docker-compose.coolify.yml web services were missing ORCHESTRATOR_URL=http://orchestrator:3001. The server-side proxy fell through to NEXT_PUBLIC_API_URL (the public API URL) which has no /agents, /health/ready, /queue/* endpoints.

Root cause 3: Web service network isolation (docker-compose.yml)

The web service was only on mosaic-public while the orchestrator was only on mosaic-internal — they could not communicate by service name. Added web to mosaic-internal.

Root cause 4: Orchestrator missing ORCHESTRATOR_API_KEY

docker-compose.yml and docker-compose.swarm.portainer.yml did not pass ORCHESTRATOR_API_KEY to the orchestrator service. The OrchestratorApiKeyGuard would reject all authenticated requests.

Test plan

  • Verify lint/typecheck pass (no TS changes, only YAML)
  • Verify all web and API tests pass
  • After deploy: orchestrator panel shows connected status, not "Reconnecting to server..."
  • After deploy: /api/orchestrator/health returns 200 instead of 502

Closes SS-ORCH-001 (issue #534)

## Summary - Fix orchestrator proxy returning 502 for all endpoints at mosaic.woltje.com - Root cause: orchestrator binds to 127.0.0.1 by default (not reachable from other containers) and web service was missing ORCHESTRATOR_URL env var ## Changes ### Root cause 1: Orchestrator binds to 127.0.0.1 (unreachable from Docker network) The orchestrator `main.ts` reads `HOST` env var (defaults to `127.0.0.1`). Added `HOST=0.0.0.0` to all three compose files so the orchestrator listens on all interfaces and is reachable by container name. ### Root cause 2: Web server missing ORCHESTRATOR_URL `docker-compose.yml` and `docker-compose.coolify.yml` web services were missing `ORCHESTRATOR_URL=http://orchestrator:3001`. The server-side proxy fell through to `NEXT_PUBLIC_API_URL` (the public API URL) which has no `/agents`, `/health/ready`, `/queue/*` endpoints. ### Root cause 3: Web service network isolation (docker-compose.yml) The web service was only on `mosaic-public` while the orchestrator was only on `mosaic-internal` — they could not communicate by service name. Added web to `mosaic-internal`. ### Root cause 4: Orchestrator missing ORCHESTRATOR_API_KEY `docker-compose.yml` and `docker-compose.swarm.portainer.yml` did not pass `ORCHESTRATOR_API_KEY` to the orchestrator service. The `OrchestratorApiKeyGuard` would reject all authenticated requests. ## Test plan - [ ] Verify lint/typecheck pass (no TS changes, only YAML) - [ ] Verify all web and API tests pass - [ ] After deploy: orchestrator panel shows connected status, not "Reconnecting to server..." - [ ] After deploy: `/api/orchestrator/health` returns 200 instead of 502 Closes SS-ORCH-001 (issue #534)
jason.woltje added 1 commit 2026-02-27 11:00:31 +00:00
fix(web,api): fix orchestrator proxy 502 connectivity d28611e0db 
Root causes of the 502 Bad Gateway on all orchestrator proxy endpoints:

1. Orchestrator bound to 127.0.0.1 by default — add HOST=0.0.0.0 to all
   compose files so the orchestrator is reachable from other containers.

2. Web service missing ORCHESTRATOR_URL in docker-compose.yml and
   docker-compose.coolify.yml — server-side proxy was falling through to
   NEXT_PUBLIC_API_URL (the public API URL) which has no /agents or /health
   endpoints. Add ORCHESTRATOR_URL=http://orchestrator:3001 so the web
   container routes to the orchestrator service over the internal network.

3. Orchestrator missing ORCHESTRATOR_API_KEY in docker-compose.yml and
   docker-compose.swarm.portainer.yml — the OrchestratorApiKeyGuard would
   reject all requests with 401 (or 502 when unreachable first).

4. Web service missing mosaic-internal network in docker-compose.yml —
   orchestrator was only on mosaic-internal while web was only on
   mosaic-public, making them unreachable by name.

Closes SS-ORCH-001 (issue #534)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jason.woltje merged commit 147e8ac574 into main 2026-02-27 11:00:56 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
ai
AI/LLM integration
 api
Backend/API work
 api
auth
Authentication
 database
database
Database/schema work
 devops
Docker/deployment
 docs
Documentation
 frontend
graph
knowledge-module
migration
Data migration
 orchestrator
Orchestrator service (apps/orchestrator/)
 p0
Critical priority
 p1
High priority
 p2
Medium priority
 p3
Low priority
 performance
Performance work
 phase-1
phase-2
phase-3
phase-4
phase-5
plugin
MoltBot plugin work
 search
security
Security-related
 setup
Initial setup
 testing
Testing/QA
 web
Frontend work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaic/stack#542
Delete Branch "fix/orchestrator-connectivity"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?