Shared Nginx reverse proxy deployment for Makepad-fr applications.
This repository owns the shared proxy stack for application VMs. Application repositories should not deploy Nginx directly. They should only attach their services to the shared application overlay network created or managed by this repository.
compose.yml: base Nginx service definitionsites/catwlk.conf.template: Catwlk virtual host templateenvs/canary/compose.yml: canary Swarm overridesenvs/canary/.env.proxy: canary proxy settingsenvs/production/compose.yml: production Swarm overridesenvs/production/.env.proxy: production proxy settings
The proxy joins a shared external overlay network:
${DEPLOY_CATWLK_APP_NETWORK}
Application stacks attach to the same external network and expose a stable alias such as catwlk-app.
Pin the shared proxy to proxy-capable nodes:
docker node update --label-add infra.makepad.proxy=true <proxy-node>Use the manual GitHub Actions workflow in this repository.
Required environment secrets:
DEPLOY_SSH_HOSTDEPLOY_SSH_PORTDEPLOY_SSH_USERDEPLOY_SSH_PRIVATE_KEYDEPLOY_REMOTE_DIRDEPLOY_STACK_NAMEDEPLOY_CATWLK_APP_NETWORK
The workflow deploys only the proxy stack. If the shared application network does not exist yet, it is created on the manager before deployment.
Certificates must already exist on the proxy VM under /etc/certs, matching the paths configured in envs/<environment>/.env.proxy.