Dstack-TEE
diff --git a/‎Cargo.lock‎
Lines changed: 2 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 8 additions & 14 deletions b/‎README.md‎
Lines changed: 8 additions & 14 deletions
diff --git a/‎basefiles/app-compose.service‎
Lines changed: 2 additions & 2 deletions b/‎basefiles/app-compose.service‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎basefiles/dstack-guest-agent.service‎
Lines changed: 1 addition & 1 deletion b/‎basefiles/dstack-guest-agent.service‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/assets/app-dns-a.png‎
27.6 KB b/‎docs/assets/app-dns-a.png‎
27.6 KB
diff --git a/‎docs/assets/app-dns-txt.png‎
58.5 KB b/‎docs/assets/app-dns-txt.png‎
58.5 KB
diff --git a/‎docs/assets/tapp-dns-a.png‎
-60.4 KB b/‎docs/assets/tapp-dns-a.png‎
-60.4 KB
diff --git a/‎docs/assets/tapp-dns-txt.png‎
-72 KB b/‎docs/assets/tapp-dns-txt.png‎
-72 KB
diff --git a/‎docs/deployment.md‎
Lines changed: 7 additions & 7 deletions b/‎docs/deployment.md‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎dstack-types/src/lib.rs‎
Lines changed: 9 additions & 0 deletions b/‎dstack-types/src/lib.rs‎
Lines changed: 9 additions & 0 deletions
@@ -227,35 +227,29 @@ $ curl 'http://0.0.0.0:9190/logs/zk-provider-server?text&timestamps'
 
 ## Reverse proxy: TLS Passthrough
 
-The build configuration for TLS Passthrough is:
-
-```bash
-GATEWAY_LISTEN_PORT_PASSTHROUGH=9008
-```
-
-With this configuration, dstack-gateway listens port `9008` for incoming TLS connections and forwards them to the appropriate Tapp based on `SNI`, where SNI represents your custom domain and the forwarding destination is determined by your DNS records.
+dstack-gateway listens for incoming TLS connections and forwards them to the appropriate app based on `SNI`. If the SNI is your custom domain, dstack-gateway queries the TXT DNS record `_dstack-app-address.<custom_domain>` to determine the forwarding destination.
 
 For example, assuming I've deployed an app at `3327603e03f5bd1f830812ca4a789277fc31f577`, as shown below:
 
 ![appid](./docs/assets/appid.png)
 
-Now, I want to use my custom domain `tapp-nginx.kvin.wang` to access the Tapp. I need to set up two DNS records with my DNS provider (Cloudflare in my case):
+Now, I want to use my custom domain `myapp.kvin.wang` to access the app. I need to set up two DNS records with my DNS provider (Cloudflare in my case):
 
 1. `A` or `CNAME` record to point the domain to the tdx machine:
 
-    ![tapp-dns-a](./docs/assets/tapp-dns-a.png)
+    ![app-dns-a](./docs/assets/app-dns-a.png)
 
-2. `TXT` record to instruct the dstack-gateway to direct the request to the specified Tapp:
+2. `TXT` record to instruct the dstack-gateway to direct the request to the specified app:
 
-    ![tapp-dns-txt](./docs/assets/tapp-dns-txt.png)
+    ![app-dns-txt](./docs/assets/app-dns-txt.png)
 
 Where
 
-`_tapp-address.tapp-nginx.kvin.wang` means configuring the tapp destination address of domain `tapp-nginx.kvin.wang`.
+`_dstack-app-address.myapp.kvin.wang` means configuring the app destination address of domain `myapp.kvin.wang`.
 
-The TXT record value `3327603e03f5bd1f830812ca4a789277fc31f577:8043` means that requests sent to `tapp-nginx.kvin.wang` will be processed by Tapp `3327603e03f5bd1f830812ca4a789277fc31f577` on port `8043`
+The TXT record value `3327603e03f5bd1f830812ca4a789277fc31f577:8043` means that requests sent to `myapp.kvin.wang` will be processed by app `3327603e03f5bd1f830812ca4a789277fc31f577` on port `8043`
 
-Given the config `GATEWAY_LISTEN_PORT_PASSTHROUGH=9008`, now we can go to [`https://tapp-nginx.kvin.wang:9008`](https://tapp-nginx.kvin.wang:9008) and the request will be handled by the service listening on `8043` in Tapp `3327603e03f5bd1f830812ca4a789277fc31f577`.
+Now we can go to [`https://myapp.kvin.wang`](https://myapp.kvin.wang) and the request will be handled by the service listening on `8043` in app `3327603e03f5bd1f830812ca4a789277fc31f577`.
 
 ## Upgrade an App
 
 
@@ -6,8 +6,8 @@ After=docker.service tboot.service dstack-guest-agent.service
 [Service]
 Type=oneshot
 RemainAfterExit=true
-EnvironmentFile=-/tapp/.host-shared/.decrypted-env
-WorkingDirectory=/tapp
+EnvironmentFile=-/dstack/.host-shared/.decrypted-env
+WorkingDirectory=/dstack
 ExecStart=/bin/app-compose.sh
 ExecStop=/bin/docker compose stop
 StandardOutput=journal+console
 
@@ -4,7 +4,7 @@ After=network.target tboot.service
 
 [Service]
 OOMScoreAdjust=-1000
-ExecStart=/bin/dstack-guest-agent --watchdog -c /tapp/agent.json
+ExecStart=/bin/dstack-guest-agent --watchdog -c /dstack/agent.json
 Restart=always
 User=root
 Group=root
 
@@ -78,10 +78,10 @@ Transaction hash: 0xd413d01a0640b6193048b0e98afb7c173abe58c74d9cf01f368166bc53f4
 ```
 
 ## Deploy KMS into CVM
-The dstack-vmm is running now. Open another terminal and go to the `kms/tapp/` directory and run the following command:
+The dstack-vmm is running now. Open another terminal and go to the `kms/dstack-app/` directory and run the following command:
 
 ```bash
-cd dstack/kms/tapp/
+cd dstack/kms/dstack-app/
 ./deploy-to-vmm.sh 
 ```
 It will create a template `.env` file. Edit the `.env` file and set the required variables.
@@ -118,7 +118,7 @@ tail -f run/vm/f5299298-bf4f-43c0-839c-88c755391f3c/serial.log
 Wait until the KMS CVM is ready:
 ```
 br-1df48b1c448a: port 2(veth36ab5cb) entered forwarding state
-app-compose.sh[882]:  Container tapp-kms-1  Started
+app-compose.sh[882]:  Container dstack-kms-1  Started
 app-compose.sh[688]: Pruning unused images
 app-compose.sh[8347]: Total reclaimed space: 0B
 app-compose.sh[688]: Pruning unused volumes
@@ -144,7 +144,7 @@ The KMS info should be then set to the kms-auth-contract [here for this example]
 The KMS instance is now ready to use.
 
 ## Deploy dstack-gateway in CVM
-dstack-gateway can be deployed as a Tapp in the same host as the KMS or in a different host.
+dstack-gateway can be deployed as a dstack app in the same host as the KMS or in a different host.
 
 ### Add base image MRs to the KMS whitelist
 In order to run user workloads that use the KMS, the OS image MRs must be added to the KMS whitelist.
@@ -161,7 +161,7 @@ npx hardhat kms:add-system --network phala --mr <mr-value>
 ```
 
 ### Register dstack-gateway in KMS
-As a normal Tapp, it requires the app to be registered in the KmsAuth contract first.
+As a normal dstack app, it requires the app to be registered in the KmsAuth contract first.
 
 ```bash
 cd dstack/kms/auth-eth
@@ -182,9 +182,9 @@ App registered in KMS successfully
 Registered AppId: 0x31884c4b7775affe4c99735f6c2aff7d7bc6cfcd
 ```
 
-Now go to the `gateway/tapp/` directory and run the following command:
+Now go to the `gateway/dstack-app/` directory and run the following command:
 ```bash
-cd ../../gateway/tapp/
+cd ../../gateway/dstack-app/
 ./deploy-to-vmm.sh 
 ```
 
 
@@ -133,3 +133,12 @@ impl KeyProviderInfo {
 }
 
 pub mod shared_filenames;
+
+/// Get the address of the dstack agent
+pub fn dstack_agent_address() -> String {
+    // Check env DSTACK_AGENT_ADDRESS
+    if let Ok(address) = std::env::var("DSTACK_AGENT_ADDRESS") {
+        return address;
+    }
+    "unix:/var/run/dstack.sock".into()
+}