Problem
Project assumptions: UI binds to 127.0.0.1 for nginx+oauth2. Reality right now: VM behind VPN, accessed via IP:port without HTTPS. We had to override bind host.
Goal
Make mode switching intentional, documented, and easy.
Proposed change
- Add a short “Modes” doc that covers:
- VPN VM mode: bind
0.0.0.0, no nginx, optional basic auth (if desired).
- Reverse-proxy mode: bind
127.0.0.1, nginx + oauth2-proxy, HTTPS.
- Provide a single config knob:
QUAIL_BIND_HOST and QUAIL_BIND_PORT in /etc/quail/config.env (already used by systemd unit).
- Provide a helper script
scripts/quail-mode:
quail-mode vpn sets bind host to 0.0.0.0 and restarts.quail-mode proxy sets bind host to 127.0.0.1 and restarts.- Prints what it changed.
Acceptance criteria
- Fresh install defaults to proxy-safe (
127.0.0.1) but can be switched to VPN VM mode in one command.
- Docs match reality and do not require editing systemd drop-ins manually.
Test plan
- Run
quail-mode vpn, verify ss -lntp | grep 8000 shows 0.0.0.0:8000.
- Run
quail-mode proxy, verify it shows 127.0.0.1:8000.
Problem
Project assumptions: UI binds to
127.0.0.1for nginx+oauth2. Reality right now: VM behind VPN, accessed viaIP:portwithout HTTPS. We had to override bind host.Goal
Make mode switching intentional, documented, and easy.
Proposed change
0.0.0.0, no nginx, optional basic auth (if desired).127.0.0.1, nginx + oauth2-proxy, HTTPS.QUAIL_BIND_HOSTandQUAIL_BIND_PORTin/etc/quail/config.env(already used by systemd unit).scripts/quail-mode:quail-mode vpnsets bind host to0.0.0.0and restarts.quail-mode proxysets bind host to127.0.0.1and restarts.Acceptance criteria
127.0.0.1) but can be switched to VPN VM mode in one command.Test plan
quail-mode vpn, verifyss -lntp | grep 8000shows0.0.0.0:8000.quail-mode proxy, verify it shows127.0.0.1:8000.