noisedestroyers/localgenai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Open OpenHands UI to all interfaces

Browse Source 
Was bound to 127.0.0.1:3030 — overcautious on a Tailscale-only box
where Phoenix/Beszel/OpenWebUI are all reached the same way. Updated
the homepage tile description and added a security note in the README
for the case where the host ever leaves the tailnet.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
noisedestroyers
2026-05-08 12:04:35 -04:00
parent 178d7d3c0f
commit 5d3fce22a1
4 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -42,7 +42,7 @@ Tailscale. Coding agents, monitoring, voice — all self-hosted.
| `11434` | Ollama | ROCm with `HSA_OVERRIDE_GFX_VERSION=11.0.0` | | `11434` | Ollama | ROCm with `HSA_OVERRIDE_GFX_VERSION=11.0.0` |
| `3000` | OpenWebUI | ChatGPT-style UI in front of Ollama | | `3000` | OpenWebUI | ChatGPT-style UI in front of Ollama |
| `3001` | OpenLIT | LLM fleet metrics dashboard | | `3001` | OpenLIT | LLM fleet metrics dashboard |
| `3030` | OpenHands | Loopback only — SSH-tunnel from your laptop | | `3030` | OpenHands | Autonomous agent + sandbox runtime — Tailscale-only by design |
| `4317` | Phoenix OTLP/gRPC | Trace ingestion | | `4317` | Phoenix OTLP/gRPC | Trace ingestion |
| `6006` | Phoenix UI / OTLP/HTTP | Per-trace agent waterfall (also `:6006/v1/traces`) | | `6006` | Phoenix UI / OTLP/HTTP | Per-trace agent waterfall (also `:6006/v1/traces`) |
| `8090` | Beszel | Host + container + AMD GPU dashboard | | `8090` | Beszel | Host + container + AMD GPU dashboard |

32
pyinfra/framework/README.md
View File

@@ -169,25 +169,23 @@ based on how you like to drive the agent:
Bring-up: `cd /srv/docker/openwebui && docker compose up -d`. Bring-up: `cd /srv/docker/openwebui && docker compose up -d`.
- **OpenHands** (`/srv/docker/openhands`, http://framework:3030, - **OpenHands** (`/srv/docker/openhands`, http://framework:3030) —
loopback-only) — autonomous agent in a Docker sandbox. Spawns a autonomous agent in a Docker sandbox. Spawns a per-conversation
per-conversation `agent-server` container that can write code, run `agent-server` container that can write code, run tests, browse the
tests, browse the web. Pre-configured for Ollama at web. Pre-configured for Ollama at `openai/qwen3-coder:30b` over the
`openai/qwen3-coder:30b` over the OpenAI-compatible endpoint; OpenAI-compatible endpoint; ships traces to Phoenix.
ships traces to Phoenix.
Bring-up: Bring-up: `cd /srv/docker/openhands && docker compose up -d`. First
```sh run pulls the agent-server image (~2 GB) lazily on first conversation,
cd /srv/docker/openhands && docker compose up -d not at startup, so the orchestrator comes up fast but your first
# Tunnel the loopback-bound UI from your laptop: message takes 3060 s. Pre-0.44 state path was `~/.openhands-state`;
ssh -L 3030:127.0.0.1:3030 noise@framework not relevant on a fresh install.
open http://localhost:3030
```
First run pulls the agent-server image (~2 GB) lazily on first > **Security note:** the orchestrator container has docker-socket
conversation, not at startup, so the orchestrator comes up fast but > access and spawns code-running sandboxes. Fine to expose on a
your first message takes 3060 s. Pre-0.44 state path was > Tailscale-only box; **change the compose port mapping back to
`~/.openhands-state`; not relevant on a fresh install. > `127.0.0.1:3030:3000` and tunnel in** if this host ever sees LAN
> or internet traffic.
Tool-call quality with local models is much better when Ollama's Tool-call quality with local models is much better when Ollama's
context is bumped — the compose at `/srv/docker/ollama` already sets context is bumped — the compose at `/srv/docker/ollama` already sets

2
pyinfra/framework/compose/homepage/services.yaml
View File

@@ -47,7 +47,7 @@
- OpenHands: - OpenHands:
icon: mdi-robot icon: mdi-robot
href: http://framework:3030 href: http://framework:3030
description: Autonomous coding agent (loopback — needs SSH tunnel) description: Autonomous coding agent in a Docker sandbox
server: localhost-docker server: localhost-docker
container: openhands container: openhands

9
pyinfra/framework/compose/openhands.yml
View File

@@ -18,10 +18,13 @@ services:
restart: unless-stopped restart: unless-stopped
# 3030 host-side because :3000 is OpenWebUI and :3001 is OpenLIT. # 3030 host-side because :3000 is OpenWebUI and :3001 is OpenLIT.
# Loopback-only — reach via SSH tunnel or Tailscale, don't expose # Bound to all interfaces — fine on a Tailscale-only box where every
# this directly. # other service is reached the same way. If you ever expose this
# host to the LAN/internet, change this to "127.0.0.1:3030:3000"
# and tunnel in (this orchestrator has docker.sock access and
# spawns code-running sandboxes — not something you want public).
ports: ports:
- "127.0.0.1:3030:3000" - "3030:3000"
volumes: volumes:
# Required: orchestrator spawns sandbox containers via the host daemon. # Required: orchestrator spawns sandbox containers via the host daemon.