Documents what the server is, how request flow works end-to-end, and the
two SDK gotchas we hit (lifespan-not-mounted + DNS-rebinding 421s) so
future-us doesn't have to rediscover them. Adds explicit per-client
config snippets for LibreChat, Claude Desktop (native http transport
plus mcp-remote stdio bridge fallback), and 'claude mcp add' for Claude
Code. Troubleshooting table covers the actual failures from this deploy.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The MCP SDK ships with DNS-rebinding protection that 421s any request whose
Host header isn't in an allowlist (default: 127.0.0.1, localhost). Once
ProxyPreserveHost is On, Apache forwards the real Host (optical-dev.…) to
the container, which the SDK then rejects.
Two changes:
- email_server.py: pass TransportSecuritySettings(allowed_hosts=[...]) to
FastMCP, sourced from PUBLIC_HOSTS env var (defaults to the optical-dev
hostname)
- apache-mg-mcp.conf.tmpl: add ProxyPreserveHost On so the container sees
the real hostname instead of 127.0.0.1:9080
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When FastMCP's streamable_http_app is mounted as a Starlette sub-app, its
session manager's task group is never started — Starlette doesn't propagate
lifespan to mounts. First request hits handle_request() and raises
RuntimeError: Task group is not initialized.
Wrap mcp.session_manager.run() in the parent FastAPI app's lifespan so the
task group starts at uvicorn boot and stops at shutdown.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Containerized FastAPI + FastMCP server exposing send_email tool, backed
by Mailgun (mg.oliver.solutions). Bearer-token auth. Deployable to
/opt/mg-mcp/ on optical-dev.oliver.solutions behind the shared Apache vhost,
following the same pattern as adeo-maturity-tool / oliver-sales-ops-platform.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
