From 2448f5a7be45c1a03c0cb789f369a12d61806b62 Mon Sep 17 00:00:00 2001
From: josedario87 <jodarioel87@gmail.com>
Date: Sun, 19 Oct 2025 16:40:09 -0600
Subject: [PATCH] fix docker compose 2

---
 docker-compose.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index dc46734..cfe0131 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -48,11 +48,10 @@ services:
       
     labels:
       - traefik.enable=true
-      - traefik.docker.network=traefik-network
-
+      - traefik.docker.network=principal
       - traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000
 
-      # Public PWA (sin auth)
+      # Públicos PWA (sin auth)
       - traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`) || PathPrefix(`/offline.html`) || PathPrefix(`/api/_nuxt_icon/`))
       - traefik.http.routers.${APP_NAME}-public.entrypoints=websecure
       - traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt
@@ -60,7 +59,7 @@ services:
       - traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}
       - traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers,${APP_NAME}-cors
 
-      # App protegida (con auth)
+      # App protegida
       - traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)
       - traefik.http.routers.${APP_NAME}.entrypoints=websecure
       - traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt
@@ -68,22 +67,23 @@ services:
       - traefik.http.routers.${APP_NAME}.service=${APP_NAME}
       - traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-authentik,${APP_NAME}-headers
 
-      # ForwardAuth → Outpost exteriorlvl2
-      - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.address=https://exteriorlvl2.nucleoriofrio.com/outpost.goauthentik.io/auth/traefik
+      # ForwardAuth interno → sidecar
+      - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.address=http://ak-outpost-exterior-lvl2:9000/outpost.goauthentik.io/auth/traefik
       - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.trustForwardHeader=true
       - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.authResponseHeaders=X-Authentik-Username,X-Authentik-Email,X-Authentik-Name,X-Authentik-Uid,X-Authentik-Groups,X-Authentik-Entitlements
 
-      # Headers
+      # X-Forwarded-*
       - traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https
       - traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Scheme=https
 
-      # CORS para públicos
+      # CORS para assets públicos
       - traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS
       - traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolalloworiginlist=https://${APP_DOMAIN}
       - traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolmaxage=100
       - traefik.http.middlewares.${APP_NAME}-cors.headers.addvaryheader=true
 
 
+
 volumes:
   postgres_data:
     name: ${APP_NAME}_postgres_data