From 00de9b02094386961d76e43d6dadac78fffa82b3 Mon Sep 17 00:00:00 2001
From: juvdiaz <juvenal.diaz@oracle.com>
Date: Tue, 2 Jun 2026 17:00:15 -0600
Subject: [PATCH] Bypass edge cache for app traffic

---
 bootstrap/edge/main.tf                      |  3 +++
 bootstrap/edge/templates/default.conf.tftpl | 10 +++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/bootstrap/edge/main.tf b/bootstrap/edge/main.tf
index 24a1916..ca58df2 100644
--- a/bootstrap/edge/main.tf
+++ b/bootstrap/edge/main.tf
@@ -15,6 +15,7 @@ locals {
     server_name        = var.server_name
     server_names       = join(" ", local.server_names)
     backend_host       = var.backend_host
+    backend_port       = tostring(var.backend_port)
     demos_backend_port = var.demos_backend_port
     gitea_backend_host = var.gitea_backend_host
     gitea_backend_port = var.gitea_backend_port
@@ -260,6 +261,8 @@ if [ "$enable_letsencrypt" = "true" ]; then
       "$certbot_image" certonly \
         --webroot \
         -w /var/www/certbot \
+        --cert-name "$server_name" \
+        --expand \
         $certbot_domain_args \
         --preferred-challenges http \
         --agree-tos \
diff --git a/bootstrap/edge/templates/default.conf.tftpl b/bootstrap/edge/templates/default.conf.tftpl
index 84ad08c..471c3f1 100644
--- a/bootstrap/edge/templates/default.conf.tftpl
+++ b/bootstrap/edge/templates/default.conf.tftpl
@@ -8,8 +8,8 @@ limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=static_assets:10m max_size=100m inactive=24h;
 proxy_cache_path /var/cache/nginx_dynamic levels=1:2 keys_zone=dynamic_content:5m max_size=50m inactive=1h;
 
-upstream haproxy_backend {
-    server haproxy-dev:9000;
+upstream homelab_backend {
+    server ${backend_host}:${backend_port};
 }
 
 set_real_ip_from 173.245.48.0/20;
@@ -101,7 +101,7 @@ server {
     }
 
     location ~* \.(css|js)$ {
-        proxy_pass http://haproxy_backend;
+        proxy_pass http://homelab_backend;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -116,7 +116,7 @@ server {
     }
 
     location ~* \.(jpg|jpeg|png|gif|ico|webp|svg)$ {
-        proxy_pass http://haproxy_backend;
+        proxy_pass http://homelab_backend;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -133,7 +133,7 @@ server {
     location / {
         limit_req zone=one burst=20 nodelay;
 
-        proxy_pass http://haproxy_backend;
+        proxy_pass http://homelab_backend;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;