mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

chore: move gateway default port from 4000 to 14242
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details

Browse Source 
Port 4000 collides with too many dev tools (Phoenix, GraphQL tools, etc.).
Switch to 14242 — unregistered with IANA, no known conflicts, safely within
the User Ports range and outside Linux ephemeral port range (32768+).

Updates all hardcoded defaults across gateway, web client, CLI commands,
playwright config, .env.example, and docs. Bumps @mosaic/cli and
@mosaic/mosaic to 0.0.14.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jarvis
2026-04-04 15:16:54 -05:00
parent cbd5e8c626
commit e6856e6fdf
22 changed files with 61 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/guides/deployment.md
View File

@@ -194,7 +194,7 @@ server {
# WebSocket support (for chat.gateway.ts / Socket.IO)
location /socket.io/ {
proxy_pass http://127.0.0.1:4000;
proxy_pass http://127.0.0.1:14242;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
@@ -204,7 +204,7 @@ server {
# REST + auth
location / {
proxy_pass http://127.0.0.1:4000;
proxy_pass http://127.0.0.1:14242;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -234,11 +234,11 @@ server {
# /etc/caddy/Caddyfile
your-domain.example.com {
reverse_proxy /socket.io/* localhost:4000 {
reverse_proxy /socket.io/* localhost:14242 {
header_up Upgrade {http.upgrade}
header_up Connection {http.connection}
}
reverse_proxy localhost:4000
reverse_proxy localhost:14242
}
app.your-domain.example.com {
@@ -328,7 +328,7 @@ MaxRetentionSec=30day
- Set `BETTER_AUTH_SECRET` to a cryptographically random value (`openssl rand -base64 32`).
- Restrict `GATEWAY_CORS_ORIGIN` to your exact frontend origin — do not use `*`.
- Run services as a dedicated non-root system user (e.g., `mosaic`).
- Firewall: only expose ports 80/443 externally; keep 4000 and 3000 bound to `127.0.0.1`.
- Firewall: only expose ports 80/443 externally; keep 14242 and 3000 bound to `127.0.0.1`.
- Set `AGENT_FILE_SANDBOX_DIR` to a directory outside the application root to prevent agent tools from accessing source code.
- If using `AGENT_USER_TOOLS`, enumerate only the tools non-admin users need.