.

Author: alexh-scrt

dockerize/Caddyfile

@@ -0,0 +1,57 @@
+# Caddyfile for MONAI Breast Density Classification
+# Simple reverse proxy to auth-gateway service
+
+# Main site configuration
+:23434 {
+    # TLS configuration using provided certificates
+    tls /etc/ssl/certs/fullchain.pem /etc/ssl/private/privkey.pem
+
+    # Reverse proxy all requests to auth-gateway
+    reverse_proxy auth-gateway:8090 {
+        # Health check for upstream
+        health_uri /health
+        health_interval 30s
+        health_timeout 10s
+        
+        # Forward original client information
+        header_up Host {host}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+        header_up X-Forwarded-Port {server_port}
+    }
+
+    # Request/response logging for debugging (optional)
+    log {
+        output stdout
+        format console
+        level INFO
+    }
+
+    # Security headers
+    header {
+        # Remove server identification
+        -Server
+        # Basic security headers
+        X-Content-Type-Options nosniff
+        X-Frame-Options DENY
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy strict-origin-when-cross-origin
+    }
+
+    # Handle specific endpoints with better error pages
+    handle_errors {
+        @502 expression {http.error.status_code} == 502
+        @503 expression {http.error.status_code} == 503
+        @504 expression {http.error.status_code} == 504
+        
+        respond @502 "Service temporarily unavailable - auth-gateway not ready" 502
+        respond @503 "Service temporarily unavailable - please try again" 503
+        respond @504 "Service timeout - request took too long" 504
+    }
+}
+
+# Optional: Redirect HTTP to HTTPS if needed
+# :80 {
+#     redir https://{host}:23434{uri} permanent
+# }

dockerize/docker-compose copy.yaml

@@ -0,0 +1,138 @@
+services:
+  torchserve:
+    # build:
+    #   context: .
+    #   dockerfile: Dockerfile
+    #   target: production
+    image: monai-breast-density:latest
+    container_name: torchserve
+    privileged: true
+    
+    # GPU support
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: all
+              capabilities: [gpu]
+        limits:
+          memory: 32G
+
+    runtime: nvidia
+    environment:
+      - NVIDIA_VISIBLE_DEVICES=all
+      - NVIDIA_DRIVER_CAPABILITIES=compute,utility
+      - LOCAL_EXECUTION=true
+      - PYTHONUNBUFFERED=1
+    
+    # Port mappings (bind to localhost for security)
+    ports:
+      - "127.0.0.1:8085:8085"  # Inference API
+      - "127.0.0.1:8086:8086"  # Management API  
+      - "127.0.0.1:8082:8082"  # Metrics API
+      - "127.0.0.1:7070:7070"  # gRPC Inference
+      - "127.0.0.1:7071:7071"  # gRPC Management
+    
+    # Volume mounts
+    volumes:
+      # Mount the specific MAR file directly into the model store
+      # This assumes the MAR file is available on the host at the specified location
+      - /mnt/secure/.fetch/model-core/monai-breast-density-classification_model-store_monai-breast-density-classification.mar:/home/model-server/model-store/monai-breast-density-classification_model-store_monai-breast-density-classification.mar:ro
+      # Logs
+      - ./logs:/home/model-server/logs
+      # Temporary files
+      - ./temp:/home/model-server/temp
+      # Config overrides (optional)
+      - ./config/config-docker.properties:/home/model-server/config/config-docker.properties:ro
+      # Share point for keys
+      - torchserve-tokens:/home/model-server
+      # Input/Output exchange
+      - shared-workspace:/home/model-server/workspace:rw
+        
+    # Memory and shared memory settings for deep learning
+    shm_size: 2gb
+    ulimits:
+      memlock: -1
+      stack: 67108864
+    
+    # Token-based health check - checks for key_file.json presence
+    healthcheck:
+      test: ["CMD", "test", "-f", "/home/model-server/key_file.json"]
+      interval: 30s
+      timeout: 10s
+      start_period: 120s
+      retries: 3
+    
+    # Restart policy
+    restart: unless-stopped
+        
+    # Logging configuration
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "100m"
+        max-file: "5"
+
+    networks:
+      - monai-network
+
+  # FastAPI Authentication & Gateway Service
+  auth-gateway:
+    image: monai-secretai:dev
+    # build:
+    #   context: ./secretai
+    #   dockerfile: Dockerfile
+    container_name: auth-gateway
+    
+    environment:
+      - TORCHSERVE_URL=http://torchserve:8085
+      - PYTHONUNBUFFERED=1
+    
+    # External ports (exposed to host)
+    ports:
+      - "127.0.0.1:8090:8090"  # Auth/Gateway API
+    
+    # Wait for TorchServe to be healthy before starting
+    depends_on:
+      torchserve:
+        condition: service_healthy
+    
+    # Health check
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8090/health"]
+      interval: 30s
+      timeout: 10s
+      start_period: 30s
+      retries: 3
+    
+    # Restart policy
+    restart: unless-stopped
+    
+    # Logging configuration
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "50m"
+        max-file: "3"
+
+    networks:
+      - monai-network
+
+    volumes:
+      - torchserve-tokens:/app/tokens:ro
+      - shared-workspace:/app/workspace:rw
+
+# Networks
+networks:
+  monai-network:
+    driver: bridge
+
+# Volumes for persistent data
+volumes:
+  temp:
+    driver: local
+  torchserve-tokens:
+    driver: local
+  shared-workspace:
+    driver: local

dockerize/docker-compose.yaml

@@ -1,4 +1,51 @@
 services:
+  # Caddy Reverse Proxy - Single Entry Point
+  caddy:
+    image: caddy:2.7-alpine
+    container_name: caddy-proxy
+    
+    # Only port exposed to host
+    ports:
+      - "23434:23434"  # HTTPS entry point
+    
+    # Volume mounts for certificates and configuration
+    volumes:
+      # SSL certificates from host
+      - /mnt/secure/cert:/etc/ssl/certs:ro
+      - /mnt/secure/cert:/etc/ssl/private:ro
+      # Caddyfile configuration
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      # Caddy data directory for automatic HTTPS (if needed)
+      - caddy-data:/data
+      - caddy-config:/config
+    
+    # Wait for auth-gateway to be healthy before starting
+    depends_on:
+      auth-gateway:
+        condition: service_healthy
+    
+    # Health check
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:23434/health"]
+      interval: 30s
+      timeout: 10s
+      start_period: 15s
+      retries: 3
+    
+    # Restart policy
+    restart: unless-stopped
+    
+    # Logging configuration
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "50m"
+        max-file: "3"
+
+    # Network configuration - Caddy on internal network only
+    networks:
+      - monai-network
+
   torchserve:
     # build:
     #   context: .
@@ -26,13 +73,8 @@ services:
       - LOCAL_EXECUTION=true
       - PYTHONUNBUFFERED=1
 
-    # Port mappings (bind to localhost for security)
-    ports:
-      - "127.0.0.1:8085:8085"  # Inference API
-      - "127.0.0.1:8086:8086"  # Management API  
-      - "127.0.0.1:8082:8082"  # Metrics API
-      - "127.0.0.1:7070:7070"  # gRPC Inference
-      - "127.0.0.1:7071:7071"  # gRPC Management
+    # NO EXTERNAL PORTS - Internal network only
+    # ports: removed - all communication goes through Caddy
 
     # Volume mounts
     volumes:
@@ -77,7 +119,7 @@ services:
     networks:
       - monai-network
 
-  # FastAPI Authentication & Gateway Service
+  # FastAPI Gateway Service (No Authentication)
   auth-gateway:
     image: monai-secretai:dev
     # build:
@@ -89,9 +131,8 @@ services:
       - TORCHSERVE_URL=http://torchserve:8085
       - PYTHONUNBUFFERED=1
 
-    # External ports (exposed to host)
-    ports:
-      - "127.0.0.1:8090:8090"  # Auth/Gateway API
+    # NO EXTERNAL PORTS - Internal network only
+    # ports: removed - all communication goes through Caddy
 
     # Wait for TorchServe to be healthy before starting
     depends_on:
@@ -135,4 +176,9 @@ volumes:
   torchserve-tokens:
     driver: local
   shared-workspace:
+    driver: local
+  # Caddy volumes for automatic HTTPS and configuration
+  caddy-data:
+    driver: local
+  caddy-config:
     driver: local

dockerize/howto.md

@@ -0,0 +1,7 @@
+
+
+# Run an example
+
+```bash
+curl -k -X POST -F "file=@sample_A1.jpg" https://fetch.scrtlabs.com:23434/predict/breast-density --output report.pdf
+```