nucleo000/RepoDructor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98fb972a4e590edf2d23bc127d12b06715f4bf91
RepoDructor/docker-compose.yml
josedario87 c56f06034e
All checks were successful
build-and-deploy / build (push) Successful in 23s
Details
build-and-deploy / deploy (push) Successful in 2s
Details
seguimos
2025-10-11 18:43:53 -06:00

91 lines
5.5 KiB
YAML
Raw Blame History

services:
repodructor:
image: gitea.nucleoriofrio.com/nucleo000/repodructor:latest
container_name: repodructor
restart: unless-stopped
volumes:
# Mount music directory from server
- /srv/repodructor/musica:/app/public/music:ro
environment:
- NODE_ENV=production
- NUXT_HOST=0.0.0.0
- NUXT_PORT=3000
networks:
- principal
labels:
# Habilitar Traefik
- "traefik.enable=true"
# ==========================================
# Router público para recursos PWA ESTÁTICOS (sin autenticación)
# IMPORTANTE: Solo assets estáticos (JS, CSS, iconos, manifest, SW)
# Las APIs (/api/*) NO están aquí - están protegidas abajo
# ==========================================
- "traefik.http.routers.musica-nucleoriofrio-public.rule=Host(`musica.nucleoriofrio.com`) && (PathPrefix(`/_nuxt`) || PathPrefix(`/assets`) || Path(`/sw.js`) || PathPrefix(`/workbox-`) || Path(`/manifest.webmanifest`) || Path(`/manifest.json`) || Path(`/robots.txt`) || Path(`/favicon.ico`) || Path(`/logo.png`) || Path(`/logo-192.png`) || Path(`/logo-512.png`) || Path(`/logo-maskable-512.png`) || Path(`/icon.svg`)) && !PathPrefix(`/api/`)"
- "traefik.http.routers.musica-nucleoriofrio-public.entrypoints=websecure"
- "traefik.http.routers.musica-nucleoriofrio-public.tls.certresolver=letsencrypt"
- "traefik.http.routers.musica-nucleoriofrio-public.priority=100"
# Solo headers de seguridad y cache para assets PWA
- "traefik.http.routers.musica-nucleoriofrio-public.middlewares=musica-pwa-headers"
- "traefik.http.routers.musica-nucleoriofrio-public.service=musica-nucleoriofrio-service"
# ==========================================
# Router protegido para el resto de la app (incluye /api/music)
# ==========================================
# IMPORTANTE: Todas las APIs (/api/*) pasan por aquí
# - /api/music → Lista de canciones (requiere auth)
# - /api/music/:name → Descarga de canción (requiere auth)
# - Página principal (/) → Requiere auth
#
# Flujo PWA + Authentik:
# 1. Usuario sin auth intenta acceder → Authentik redirige a login
# 2. Usuario con auth accede → Puede listar y descargar música
# 3. Música descargada se guarda en IndexedDB (stores/music.ts)
# 4. Usuario offline → Service Worker sirve desde cache
# 5. Usuario offline SIN cache → Falla graciosamente (no puede descargar sin auth)
- "traefik.http.routers.musica-nucleoriofrio.rule=Host(`musica.nucleoriofrio.com`)"
- "traefik.http.routers.musica-nucleoriofrio.entrypoints=websecure"
- "traefik.http.routers.musica-nucleoriofrio.tls.certresolver=letsencrypt"
- "traefik.http.routers.musica-nucleoriofrio.priority=50"
# Middlewares (orden: auth -> headers -> body-size)
- "traefik.http.routers.musica-nucleoriofrio.middlewares=authentik-forward-auth@file,musica-headers,musica-body-size"
- "traefik.http.routers.musica-nucleoriofrio.service=musica-nucleoriofrio-service"
# ==========================================
# Middleware: Headers para assets PWA (sin cache agresivo)
# ==========================================
- "traefik.http.middlewares.musica-pwa-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.musica-pwa-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
- "traefik.http.middlewares.musica-pwa-headers.headers.customresponseheaders.X-Content-Type-Options=nosniff"
- "traefik.http.middlewares.musica-pwa-headers.headers.customresponseheaders.X-XSS-Protection=1; mode=block"
# Cache controlado por el Service Worker, no por Traefik
- "traefik.http.middlewares.musica-pwa-headers.headers.customresponseheaders.Cache-Control=public, max-age=0, must-revalidate"
# Permitir CORS para PWA
- "traefik.http.middlewares.musica-pwa-headers.headers.accesscontrolallowmethods=GET,OPTIONS"
- "traefik.http.middlewares.musica-pwa-headers.headers.accesscontrolalloworiginlist=https://musica.nucleoriofrio.com"
- "traefik.http.middlewares.musica-pwa-headers.headers.accesscontrolmaxage=100"
# ==========================================
# Middleware: Headers personalizados para app protegida
# ==========================================
- "traefik.http.middlewares.musica-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.musica-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
- "traefik.http.middlewares.musica-headers.headers.customresponseheaders.X-Frame-Options=SAMEORIGIN"
- "traefik.http.middlewares.musica-headers.headers.customresponseheaders.X-Content-Type-Options=nosniff"
- "traefik.http.middlewares.musica-headers.headers.customresponseheaders.X-XSS-Protection=1; mode=block"
# Removed global cache header - let app control caching
# ==========================================
# Middleware: Tamaño máximo de body (100MB para subir archivos)
# ==========================================
- "traefik.http.middlewares.musica-body-size.buffering.maxrequestbodybytes=104857600"
# ==========================================
# Service
# ==========================================
- "traefik.http.services.musica-nucleoriofrio-service.loadbalancer.server.port=3000"
- "traefik.http.services.musica-nucleoriofrio-service.loadbalancer.passhostheader=true"
networks:
principal:
external: true
Reference in New Issue View Git Blame Copy Permalink