Cortex-vLLM Configuration Flow¶
๐ฏ For Administrators: No Manual IP Configuration Needed!¶
This document explains how Cortex automatically configures itself for network access.
๐ TL;DR¶
make quick-start
# โ IP detected automatically
# โ CORS configured automatically
# โ Network access works automatically
# โ No manual configuration required!
๐ Complete Configuration Flow¶
Startup Sequence¶
STEP 1: Administrator runs command
โ
make quick-start
โ
STEP 2: IP Detection
โ
scripts/detect-ip.sh executes
โโ Scans all network interfaces
โโ Filters out Docker bridges (172.17-31.x.x)
โโ Filters out loopback (127.0.0.1)
โโ Scores remaining IPs
โโ Selects best: 192.168.1.181
โ
STEP 3: Makefile receives IP
โ
HOST_IP=192.168.1.181
โ
STEP 4: Pass to Docker Compose
โ
HOST_IP=192.168.1.181 docker compose -f docker.compose.dev.yaml up -d
โ
STEP 5: Docker Compose interpolation
โ
CORS_ALLOW_ORIGINS: http://${HOST_IP}:3001,http://localhost:3001,...
Becomes: http://192.168.1.181:3001,http://localhost:3001,...
โ
STEP 6: Gateway container starts
โ
Environment variable set:
CORS_ALLOW_ORIGINS=http://192.168.1.181:3001,http://localhost:3001,http://127.0.0.1:3001
โ
STEP 7: FastAPI reads environment
โ
CORS middleware configured to allow:
- http://192.168.1.181:3001 โ
- http://localhost:3001 โ
- http://127.0.0.1:3001 โ
โ
STEP 8: Frontend container starts
โ
Next.js dev server runs on port 3001
Bound to 0.0.0.0:3001 (all interfaces)
โ
STEP 9: User accesses frontend
โ
Browser โ http://192.168.1.181:3001
โ
STEP 10: Frontend auto-detects gateway
โ
Frontend code: window.location.hostname = "192.168.1.181"
Gateway URL: http://192.168.1.181:8084
โ
STEP 11: API calls work!
โ
Frontend โ http://192.168.1.181:8084/v1/*
CORS check: Origin http://192.168.1.181:3001 โ Allowed!
Request succeeds โ
๐ Configuration Sources (Priority Order)¶
1. Runtime Detection (Highest Priority)¶
Makefile โ detect-ip.sh โ HOST_IP variable
make
- Always uses current IP
- No caching, always fresh
2. Docker Compose Environment¶
# docker.compose.dev.yaml
environment:
CORS_ALLOW_ORIGINS: http://${HOST_IP}:3001,http://localhost:3001,http://127.0.0.1:3001
HOST_IP from Makefile
- Interpolates into environment variables
- Passes to containers
3. Backend Config Defaults¶
# backend/src/config.py
CORS_ALLOW_ORIGINS: str = "http://localhost:3001,http://127.0.0.1:3001"
make up (Docker Compose overrides)
4. Frontend Auto-Detection¶
// frontend/src/lib/api-clients.ts
const host = window.location.hostname; // Gets IP from browser
return `http://${host}:8084`; // Calls gateway at same IP
โ What Admins DON'T Need to Configure¶
โ You DON'T Need to Edit:¶
- IP addresses - Auto-detected
- CORS settings - Auto-configured
- Frontend gateway URL - Auto-detected
- Network settings - Pre-configured for network access
โ You DON'T Need to Create:¶
.envfiles - Optional, defaults work- CORS configuration files - Handled automatically
- Network configuration - Already set up
โ๏ธ What Admins MIGHT Configure (Optional)¶
Only Configure These If You Have Specific Needs:¶
1. Model Storage Paths (if not using defaults)¶
Edit docker.compose.dev.yaml:
environment:
CORTEX_MODELS_DIR_HOST: /mnt/models # Your custom path
HF_CACHE_DIR_HOST: /mnt/hf-cache # Your custom cache
2. Port Mappings (if ports conflict)¶
Edit docker.compose.dev.yaml:
gateway:
ports: ["8085:8084"] # Change external port
frontend:
ports: ["3002:3001"] # Change external port
3. Database Credentials (for production)¶
Edit docker.compose.prod.yaml:
postgres:
environment:
POSTGRES_PASSWORD: your-strong-password
gateway:
environment:
DATABASE_URL: postgresql+asyncpg://cortex:your-strong-password@postgres:5432/cortex
4. Security Settings (for production)¶
Edit docker.compose.prod.yaml:
gateway:
environment:
GATEWAY_DEV_ALLOW_ALL_KEYS: "false" # Enforce API keys
INTERNAL_VLLM_API_KEY: "your-secret-key" # Strong random key
๐งช Validation Commands¶
Verify Everything is Configured Correctly¶
# Complete validation (recommended)
make validate
# Individual checks
make ip # Check detected IP
make info # Check full configuration
make status # Check containers running
make health # Check service health
Manual Verification¶
# 1. Check IP detection
bash scripts/detect-ip.sh
# Expected: Your LAN IP (e.g., 192.168.1.181)
# 2. Check Makefile uses IP
make -n up | grep HOST_IP
# Expected: HOST_IP=192.168.1.181 docker compose ...
# 3. Check CORS in gateway
docker exec cortex-gateway-1 printenv CORS_ALLOW_ORIGINS
# Expected: http://192.168.1.181:3001,http://localhost:3001,http://127.0.0.1:3001
# 4. Test gateway health
curl http://192.168.1.181:8084/health
# Expected: {"status":"ok"}
# 5. Test frontend access
curl -I http://192.168.1.181:3001/login
# Expected: HTTP/1.1 200 OK
๐ง Configuration Override Scenarios¶
Scenario 1: Static IP Override¶
If you want to force a specific IP:
# Temporary (one command)
HOST_IP=10.1.10.241 make up
# Persistent (for terminal session)
export HOST_IP=10.1.10.241
make up
make info # Verify
# Permanent (add to your .bashrc or .zshrc)
echo 'export HOST_IP=10.1.10.241' >> ~/.bashrc
source ~/.bashrc
Scenario 2: Multiple Network Interfaces¶
If your host has multiple IPs and detection picks the wrong one:
# Check all available IPs
ip addr show | grep 'inet ' | grep -v '127.0.0.1'
# Identify the correct one for your use case
# Override:
export HOST_IP=192.168.1.181 # The one you want
make restart
Scenario 3: Behind NAT/Firewall¶
If Cortex is behind NAT with port forwarding:
# docker.compose.dev.yaml
# No changes needed internally!
# Just configure your router to forward ports:
# External:12345 โ Internal:192.168.1.181:3001 (frontend)
# External:12346 โ Internal:192.168.1.181:8084 (gateway)
Users outside your network access:
- http://YOUR_PUBLIC_IP:12345 (maps to frontend)
- http://YOUR_PUBLIC_IP:12346 (maps to gateway)
๐ Configuration File Reference¶
Files That Control Configuration¶
| File | Purpose | Edit? |
|---|---|---|
Makefile |
IP detection & commands | โ No (unless adding features) |
scripts/detect-ip.sh |
IP detection logic | โ ๏ธ Only if detection fails |
docker.compose.dev.yaml |
Dev environment | โ Yes (for paths, ports) |
docker.compose.prod.yaml |
Production env | โ Yes (for security) |
backend/src/config.py |
Default settings | โ No (Docker Compose overrides) |
Configuration Variables Flow¶
โโโโโโโโโโโโโโโโโโโโโโโ
โ make quick-start โ
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ detect-ip.sh โ
โ Returns: 192.168... โ
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ Makefile โ
โ HOST_IP=192.168... โ
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ Docker Compose โ
โ ${HOST_IP} โ value โ
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ Gateway Container โ
โ CORS_ALLOW_ORIGINS โ
โ = http://192.168... โ
โโโโโโโโโโโโโโโโโโโโโโโ
โจ Best Practices for Administrators¶
DO These Things:¶
- โ
Run
make validateafter startup to verify configuration - โ
Use
make ipto see your access URLs - โ
Run
make db-backupbefore making changes - โ
Check
make healthregularly - โ
Review
make logsfor errors
DON'T Do These Things:¶
- โ Don't hardcode IPs in configuration files
- โ Don't edit CORS manually - it's auto-configured
- โ Don't use localhost for network access
- โ Don't skip
make validateafter changes - โ Don't expose to internet without security review
๐ Understanding the Magic¶
Why This Works So Well¶
Traditional approach (manual):
# Admin has to:
1. Find their IP: ifconfig
2. Edit docker.compose.yaml: CORS_ALLOW_ORIGINS=http://192.168.1.181:3001
3. Edit frontend config: NEXT_PUBLIC_GATEWAY_URL=http://192.168.1.181:8084
4. Restart containers
5. IP changes? Repeat all steps!
Cortex approach (automatic):
# Admin does:
make quick-start
# System does:
- Detects IP automatically
- Configures CORS automatically
- Frontend auto-detects gateway
- Works from any IP without reconfiguration!
The Multi-Tier Auto-Detection System¶
- Makefile IP Detection โ Finds your LAN IP via
detect-ip.sh - Docker Compose Interpolation โ Sets CORS with detected IP
- Gateway Entrypoint Fallback โ Detects IP if not provided by Makefile
- Frontend Browser Detection โ Calls gateway at correct IP
Result: Works whether you use make or docker compose directly! ๐
๐ Debugging Configuration Issues¶
If CORS Errors Occur¶
# 1. Check what IP was detected
make ip
# Expected: Your LAN IP
# 2. Check what CORS is configured
docker exec cortex-gateway-1 printenv CORS_ALLOW_ORIGINS
# Expected: Should include your detected IP
# 3. If they don't match, restart
make restart
make validate
# 4. If still broken, check Docker Compose received IP
make -n up | grep HOST_IP
# Expected: HOST_IP=192.168.1.181 docker compose ...
If IP Detection Fails¶
# 1. Test detection script
bash scripts/detect-ip.sh
# Expected: Your LAN IP, not "localhost"
# 2. If returns "localhost", check your network
ip addr show
# Look for your LAN interface (usually starts with 192.168 or 10.x)
# 3. Manual override
export HOST_IP=192.168.1.181
make restart
make validate
๐ Quick Reference¶
Essential Commands¶
make quick-start # Complete auto-configuration
make validate # Verify everything is correct
make ip # Show detected IP and URLs
make info # Show full configuration
make health # Check service health
Verification Checklist¶
-
make ipshows correct LAN IP (not localhost) -
make statusshows all containers running -
make healthreturns 200 OK -
docker exec cortex-gateway-1 printenv CORS_ALLOW_ORIGINSincludes your IP - Can access
http://YOUR_IP:3001in browser - Can access
http://YOUR_IP:8084/healthvia curl
๐ Summary¶
Cortex-vLLM uses a three-tier automatic configuration system:
- Tier 1: IP Detection (finds your IP)
- Tier 2: Docker Compose (configures CORS with your IP)
- Tier 3: Frontend (auto-detects gateway URL)
Admin responsibility: Just run make quick-start
System responsibility: Everything else!
For detailed technical information, see:
- docs/architecture/ip-detection.md - How IP detection works
- docs/operations/makefile-guide.md - All Makefile commands
- docs/getting-started/admin-setup.md - Step-by-step setup
Quick help: make help or make validate