From 834c9722dd1bfa4716b7101ceb8d110c6fe7afa6 Mon Sep 17 00:00:00 2001 From: Sammy Oina Date: Fri, 13 Mar 2026 01:53:27 +0300 Subject: [PATCH 1/4] fix: improve disable-atls command and update config-local for local development Signed-off-by: Sammy Oina --- Makefile | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index eed9d952..868b65fe 100644 --- a/Makefile +++ b/Makefile @@ -174,13 +174,17 @@ up-vllm-guardrails: enable-guardrails config-guardrails-vllm up-vllm .PHONY: disable-atls disable-atls: - @echo "Disabling attested TLS for local development..." - @sed -i 's|^UV_CUBE_AGENT_CLIENT_CERT=.*|UV_CUBE_AGENT_CLIENT_CERT=|' docker/.env - @sed -i 's|^UV_CUBE_AGENT_CLIENT_KEY=.*|UV_CUBE_AGENT_CLIENT_KEY=|' docker/.env - @sed -i 's|^UV_CUBE_AGENT_SERVER_CA_CERTS=.*|UV_CUBE_AGENT_SERVER_CA_CERTS=|' docker/.env - @sed -i 's|^UV_CUBE_AGENT_ATTESTED_TLS=.*|UV_CUBE_AGENT_ATTESTED_TLS=false|' docker/.env - @sed -i 's|^UV_CUBE_AGENT_ATTESTATION_POLICY=.*|UV_CUBE_AGENT_ATTESTATION_POLICY=|' docker/.env - @echo "✓ Attested TLS disabled" + @if grep -q '^UV_CUBE_AGENT_ATTESTED_TLS=true' docker/.env; then \ + echo "Disabling attested TLS for local development..."; \ + sed -i 's|^UV_CUBE_AGENT_CLIENT_CERT=.*|UV_CUBE_AGENT_CLIENT_CERT=|' docker/.env; \ + sed -i 's|^UV_CUBE_AGENT_CLIENT_KEY=.*|UV_CUBE_AGENT_CLIENT_KEY=|' docker/.env; \ + sed -i 's|^UV_CUBE_AGENT_SERVER_CA_CERTS=.*|UV_CUBE_AGENT_SERVER_CA_CERTS=|' docker/.env; \ + sed -i 's|^UV_CUBE_AGENT_ATTESTED_TLS=.*|UV_CUBE_AGENT_ATTESTED_TLS=false|' docker/.env; \ + sed -i 's|^UV_CUBE_AGENT_ATTESTATION_POLICY=.*|UV_CUBE_AGENT_ATTESTATION_POLICY=|' docker/.env; \ + echo "✓ Attested TLS disabled"; \ + else \ + echo "✓ Attested TLS already configured, skipping"; \ + fi .PHONY: up up: config-local enable-guardrails config-backend disable-atls @@ -201,7 +205,6 @@ endif .PHONY: config-local config-local: @echo "Configuring for local development..." - @git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null || true @sed -i 's|__SMQ_EMAIL_HOST__|localhost|g' docker/.env @sed -i 's|__SMQ_EMAIL_PORT__|1025|g' docker/.env @sed -i 's|__SMQ_EMAIL_USERNAME__|test|g' docker/.env @@ -217,9 +220,9 @@ config-local: @sed -i 's|__MG_MAILCHIMP_SERVER_PREFIX__||g' docker/.env @sed -i 's|__MG_MAILCHIMP_AUDIENCE_ID__||g' docker/.env @sed -i 's|__CUBE_PUBLIC_URL__|localhost|g' docker/.env - @sed -i 's|^TRAEFIK_HTTP_PORT=.*|TRAEFIK_HTTP_PORT=80|g' docker/.env - @sed -i 's|^TRAEFIK_HTTPS_PORT=.*|TRAEFIK_HTTPS_PORT=443|g' docker/.env - @sed -i 's|^TRAEFIK_DASHBOARD_PORT=.*|TRAEFIK_DASHBOARD_PORT=8080|g' docker/.env + @sed -i 's|__TRAEFIK_HTTP_PORT__|80|g' docker/.env + @sed -i 's|__TRAEFIK_HTTPS_PORT__|443|g' docker/.env + @sed -i 's|__TRAEFIK_DASHBOARD_PORT__|8080|g' docker/.env @sed -i 's|__TUNNEL_TOKEN__||g' docker/.env @sed -i 's|__CUBE_AGENT_CERTS_TOKEN__|localdevtoken12we12we12we12we12we|g' docker/.env @echo "✓ Configured with local defaults" @@ -231,12 +234,12 @@ restore-config: echo "✓ Restored from git" || echo "⚠ git restore failed, files may not be tracked" .PHONY: down -down: config-local +down: @echo "Stopping all Cube services..." docker compose -f docker/compose.yaml down .PHONY: down-volumes -down-volumes: config-local +down-volumes: @echo "Stopping all Cube services and removing volumes..." docker compose -f docker/compose.yaml down -v From 6051f4d677254fcdbf4d75923cfadf05f3d761e4 Mon Sep 17 00:00:00 2001 From: Sammy Oina Date: Fri, 13 Mar 2026 02:09:23 +0300 Subject: [PATCH 2/4] fix: update object storage configuration and add seaweedfs service to Traefik Signed-off-by: Sammy Oina --- docker/.env | 2 +- docker/cube-compose.yaml | 2 +- docker/traefik/dynamic.toml | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/docker/.env b/docker/.env index 55c669f4..3a4c73d5 100644 --- a/docker/.env +++ b/docker/.env @@ -349,7 +349,7 @@ MG_BACKEND_OBJECT_STORAGE_REGION=fra1 MG_BACKEND_OBJECT_STORAGE_BUCKET=mg-ui-images MG_BACKEND_OBJECT_STORAGE_ENDPOINT=http://magistrala-seaweedfs-s3:8333 MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE=true -MG_BACKEND_OBJECT_STORAGE_REWRITE_URL=localhost +MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT=https://localhost MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY=localKey MG_BACKEND_OBJECT_STORAGE_SECRET_KEY=localSecret MG_BACKEND_OBJECT_STORAGE_WRITE_TTL=1m diff --git a/docker/cube-compose.yaml b/docker/cube-compose.yaml index 8e1e90b6..30f1131f 100644 --- a/docker/cube-compose.yaml +++ b/docker/cube-compose.yaml @@ -420,7 +420,7 @@ services: MG_BACKEND_OBJECT_STORAGE_BUCKET: ${MG_BACKEND_OBJECT_STORAGE_BUCKET} MG_BACKEND_OBJECT_STORAGE_ENDPOINT: ${MG_BACKEND_OBJECT_STORAGE_ENDPOINT} MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE: ${MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE} - MG_BACKEND_OBJECT_STORAGE_REWRITE_URL: ${MG_BACKEND_OBJECT_STORAGE_REWRITE_URL} + MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT: ${MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT} MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY: ${MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY} MG_BACKEND_OBJECT_STORAGE_SECRET_KEY: ${MG_BACKEND_OBJECT_STORAGE_SECRET_KEY} MG_BACKEND_OBJECT_STORAGE_WRITE_TTL: ${MG_BACKEND_OBJECT_STORAGE_WRITE_TTL} diff --git a/docker/traefik/dynamic.toml b/docker/traefik/dynamic.toml index a5553b29..5bf9d09e 100644 --- a/docker/traefik/dynamic.toml +++ b/docker/traefik/dynamic.toml @@ -25,6 +25,10 @@ prefixes = ["/domains"] # HTTP Services +[http.services.seaweedfs.loadBalancer] + [[http.services.seaweedfs.loadBalancer.servers]] + url = "http://magistrala-seaweedfs-s3:8333" + [http.services.users.loadBalancer] [[http.services.users.loadBalancer.servers]] url = "http://supermq-users:9002" @@ -134,6 +138,13 @@ middlewares = ["retry-middleware", "headers-middleware"] priority = 8 +[http.routers.seaweedfs] + rule = "PathPrefix(`/mg-ui-images`)" + entryPoints = ["websecure"] + service = "seaweedfs" + middlewares = ["retry-middleware"] + priority = 10 + [http.routers.ui] rule = "PathPrefix(`/`) || PathPrefix(`/api`)" entryPoints = ["websecure"] From ec053628309a6ddc98dd394cf84db02ca06912cc Mon Sep 17 00:00:00 2001 From: Sammy Oina Date: Fri, 13 Mar 2026 02:57:04 +0300 Subject: [PATCH 3/4] fix: update presign endpoint for object storage configuration Signed-off-by: Sammy Oina --- docker/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/.env b/docker/.env index 3a4c73d5..374ee090 100644 --- a/docker/.env +++ b/docker/.env @@ -349,7 +349,7 @@ MG_BACKEND_OBJECT_STORAGE_REGION=fra1 MG_BACKEND_OBJECT_STORAGE_BUCKET=mg-ui-images MG_BACKEND_OBJECT_STORAGE_ENDPOINT=http://magistrala-seaweedfs-s3:8333 MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE=true -MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT=https://localhost +MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT=https://__CUBE_PUBLIC_URL__ MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY=localKey MG_BACKEND_OBJECT_STORAGE_SECRET_KEY=localSecret MG_BACKEND_OBJECT_STORAGE_WRITE_TTL=1m From 4583f7d518657542692b08e6f65eaabdf2c5ab32 Mon Sep 17 00:00:00 2001 From: Sammy Oina Date: Fri, 13 Mar 2026 11:17:50 +0300 Subject: [PATCH 4/4] fix: remove UI CI badge from README.md Signed-off-by: Sammy Oina --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 8fcf296f..77431e17 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ Confidential computing framework for GPT-based applications. OpenAI-compatible API, multiple LLM backends, and TEE-backed isolation for data and model privacy. [![CI](https://github.com/ultravioletrs/cube/actions/workflows/main.yaml/badge.svg)](https://github.com/ultravioletrs/cube/actions/workflows/main.yaml) -[![UI CI](https://github.com/ultravioletrs/cube/actions/workflows/ui-ci.yaml/badge.svg)](https://github.com/ultravioletrs/cube/actions/workflows/ui-ci.yaml) [![Check License](https://github.com/ultravioletrs/cube/actions/workflows/check-license.yaml/badge.svg)](https://github.com/ultravioletrs/cube/actions/workflows/check-license.yaml) [![Go Report Card](https://goreportcard.com/badge/github.com/ultravioletrs/cube)](https://goreportcard.com/report/github.com/ultravioletrs/cube) [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)