digital-identity-platform-docs
digital-identity-platform-docs / infra/hetzner/sgtm/qaxal-com/infra-provisioner/typedoc.entry
infra/hetzner/sgtm/qaxal-com/infra-provisioner/typedoc.entry
Hetzner sGTM Infra Provisioner (Contract)
This module documents the public HTTP contract for the Hetzner-side infra provisioner service.
Runtime implementation (non-exporting executable script):
infra/hetzner/sgtm/qaxal-com/infra-provisioner/index.js
TypeDoc navigation is export-driven; the runtime file is a CommonJS Express daemon and does not export symbols. This shim provides stable, exportable types and endpoint definitions for docs without modifying runtime behavior.
Authentication
All mutating endpoints require:
- HTTP header:
x-secret: <value> - The value must match the server environment variable
INFRA_SECRET.
If INFRA_SECRET is not set on the host, the service denies requests (403).
Endpoints
POST /provision- Creates Cloudflare DNS + Worker route + KV routing entry
- Appends Caddy vhost blocks for origin + preview origin and reloads Caddy
- Starts Docker containers (processing + preview) using
docker run -d
POST /custom-domain- Appends a Caddy vhost block that maps a customer-owned domain to the edge hostname
- Reloads Caddy
- Does not modify Cloudflare or Docker
DELETE /custom-domain- Removes the Caddy vhost block for a custom domain
- Reloads Caddy if changed
- Does not modify Cloudflare or Docker
POST /deprovision- Deletes Cloudflare DNS records (origin, preview origin, edge hostname)
- Deletes Cloudflare Worker route for edge hostname
- Deletes Cloudflare KV routing entry for edge hostname
- Removes Caddy vhosts for origin + preview origin and reloads Caddy (if changed)
- Stops/removes Docker containers (best-effort; failures are logged but do not fail teardown)