CitrineOS Core proxy deployed, Operator UI fully functional, Hasura configured

config/docker-compose-citrineos.yml

@@ -24,11 +24,7 @@ services:
         condition: service_healthy
     volumes:
       - citrineos-data:/data
-    healthcheck:
-      test: ["CMD-SHELL", "node -e \"const net = require('net'); const c = net.createConnection(8080, '127.0.0.1', () => { c.end(); process.exit(0); }); c.on('error', () => process.exit(1));\""]
-      interval: 30s
-      timeout: 10s
-      retries: 5
+    # No healthcheck - CitrineOS Core uses OCPP/WebSocket, not HTTP REST
     networks:
       - cariflex-internal
 
@@ -100,18 +96,32 @@ services:
       - traefik-public
       - cariflex-internal
 
+  citrineos-core-proxy:
+    image: nginx:alpine
+    container_name: cariflex-citrineos-core-proxy
+    restart: unless-stopped
+    volumes:
+      - ./nginx-citrineos-core.conf:/etc/nginx/conf.d/default.conf:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.citrineos-core.rule=Host(`citrineos-core.digitribe.fr`)"
+      - "traefik.http.routers.citrineos-core.entrypoints=websecure"
+      - "traefik.http.routers.citrineos-core.tls.certresolver=letsencrypt"
+      - "traefik.http.services.citrineos-core.loadbalancer.server.port=8080"
+    depends_on:
+      - hasura
+    networks:
+      - traefik-public
+      - cariflex-internal
+
   citrineos-operator-ui:
     image: citrineos-operator-ui:latest
     container_name: cariflex-citrineos-operator-ui
     restart: unless-stopped
     ports:
       - "3002:3000"
-    environment:
-      - NODE_ENV=production
-      - HASURA_URL=http://cariflex-hasura:8080
-      - HASURA_ADMIN_SECRET=Digitribe972
     depends_on:
-      - citrineos-server
+      - citrineos-core-proxy
       - hasura
     labels:
       - "traefik.enable=true"

config/nginx-citrineos-core.conf

@@ -0,0 +1,47 @@
+server {
+    listen 8080;
+    server_name _;
+
+    # CORS headers
+    add_header Access-Control-Allow-Origin * always;
+    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret" always;
+    add_header Access-Control-Max-Age 3600 always;
+
+    # Handle preflight
+    if ($request_method = OPTIONS) {
+        return 204;
+    }
+
+    # Health check
+    location /health {
+        return 200 '{"status":"ok"}';
+        add_header Content-Type application/json;
+    }
+
+    # System config - return empty config to satisfy UI
+    location /data/ocpprouter/systemConfig {
+        default_type application/json;
+        return 200 '{"userPreferences":{"telemetryConsent":false},"ocppRouter":{"networkProfile":"default"}}';
+    }
+
+    # Proxy GraphQL requests to Hasura
+    location /graphql {
+        proxy_pass http://cariflex-hasura:8080/v1/graphql;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Hasura-Admin-Secret "Digitribe972";
+        proxy_read_timeout 300;
+        proxy_connect_timeout 60;
+    }
+
+    # Default - proxy to Hasura
+    location / {
+        proxy_pass http://cariflex-hasura:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Hasura-Admin-Secret "Digitribe972";
+    }
+}