docker-compose.coolify.yml

@@ -158,6 +158,8 @@ services:
       - NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
       - NEXT_PUBLIC_ORCHESTRATOR_URL=${NEXT_PUBLIC_ORCHESTRATOR_URL:-}
       - NEXT_PUBLIC_AUTH_MODE=${NEXT_PUBLIC_AUTH_MODE:-real}
+      # Server-side orchestrator proxy (API routes forward to orchestrator service over internal network)
+      - ORCHESTRATOR_URL=http://orchestrator:3001
       - ORCHESTRATOR_API_KEY=${ORCHESTRATOR_API_KEY:-}
     depends_on:
       api:
@@ -222,6 +224,8 @@ services:
     environment:
       - NODE_ENV=production
       - ORCHESTRATOR_PORT=3001
+      # Bind to all interfaces so the web container can reach it over Docker networking
+      - HOST=0.0.0.0
       - AI_PROVIDER=${AI_PROVIDER:-ollama}
       - OLLAMA_ENDPOINT=${OLLAMA_ENDPOINT:-}
       - OLLAMA_MODEL=${OLLAMA_MODEL:-llama3.2}

docker-compose.swarm.portainer.yml

@@ -252,6 +252,8 @@ services:
     environment:
       NODE_ENV: production
       ORCHESTRATOR_PORT: 3001
+      # Bind to all interfaces so the web container can reach it over Docker networking
+      HOST: 0.0.0.0
       AI_PROVIDER: ${AI_PROVIDER:-ollama}
       VALKEY_URL: redis://valkey:6379
       VALKEY_HOST: valkey
@@ -263,6 +265,8 @@ services:
       GIT_USER_EMAIL: "orchestrator@mosaicstack.dev"
       KILLSWITCH_ENABLED: "true"
       SANDBOX_ENABLED: "true"
+      # API key for authenticating requests from the web proxy
+      ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - orchestrator_workspace:/workspace

docker-compose.yml

@@ -433,6 +433,8 @@ services:
       NODE_ENV: production
       # Orchestrator Configuration
       ORCHESTRATOR_PORT: 3001
+      # Bind to all interfaces so the web container can reach it over Docker networking
+      HOST: 0.0.0.0
       AI_PROVIDER: ${AI_PROVIDER:-ollama}
       # Valkey
       VALKEY_URL: redis://valkey:6379
@@ -448,6 +450,8 @@ services:
       # Security
       KILLSWITCH_ENABLED: true
       SANDBOX_ENABLED: true
+      # API key for authenticating requests from the web proxy
+      ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
     ports:
       - "3002:3001"
     volumes:
@@ -498,6 +502,8 @@ services:
       NODE_ENV: production
       PORT: ${WEB_PORT:-3000}
       NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3001}
+      # Server-side orchestrator proxy (API routes forward to orchestrator service)
+      ORCHESTRATOR_URL: http://orchestrator:3001
       ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
     ports:
       - "${WEB_PORT:-3000}:${WEB_PORT:-3000}"
@@ -515,6 +521,7 @@ services:
       retries: 3
       start_period: 40s
     networks:
+      - mosaic-internal
       - mosaic-public
     labels:
       - "com.mosaic.service=web"