Phase 2: caddy_manager — Caddyfile generation, health monitor, DNS-01 support

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-09 09:04:11 -04:00
parent c1b1686cd9
commit 7d290c12c4
6 changed files with 640 additions and 3 deletions
@@ -41,6 +41,7 @@ from managers import (
    email_manager, calendar_manager, file_manager,
    routing_manager, vault_manager, container_manager,
    cell_link_manager, auth_manager, setup_manager,
+    caddy_manager,
    firewall_manager, EventType,
 )
 # Re-exports: tests do `from app import CellManager` and `from app import _resolve_peer_dns`
@@ -556,6 +557,21 @@ def health_monitor_loop():
            # Re-anchor stateful rule every cycle: wg0 PostUp uses -I FORWARD which
            # pushes ESTABLISHED,RELATED down below per-peer DROPs on restart.
            firewall_manager.ensure_forward_stateful()
+            # Caddy health monitor: 3 consecutive failures triggers a restart.
+            try:
+                if caddy_manager.check_caddy_health():
+                    caddy_manager.reset_health_failures()
+                else:
+                    count = caddy_manager.increment_health_failure()
+                    if count >= 3:
+                        logger.warning(
+                            "Caddy health check failed %d times \u2014 restarting",
+                            count,
+                        )
+                        container_manager.restart_container('cell-caddy')
+                        caddy_manager.reset_health_failures()
+            except Exception as _caddy_err:
+                logger.error("Caddy health monitor error: %s", _caddy_err)
        time.sleep(60)  # Check every 60 seconds

 # Start health monitor thread