nucleo000/cataRio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

probar configuracionj labels traefik
All checks were successful
build-and-deploy / build-and-deploy (push) Successful in 17s
Details

Browse Source
This commit is contained in:
josedario87
2025-10-19 16:33:43 -06:00
parent be1a1e971b
commit 7216e4c43f
1 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
docker-compose.yml
View File

@@ -45,44 +45,44 @@ services:
networks: networks:
- principal - principal
- traefik-network - traefik-network
labels: labels:
# Traefik labels - traefik.enable=true
- "traefik.enable=true" - traefik.docker.network=traefik-network
- "traefik.docker.network=traefik-network"
# Service (shared by both routers) - traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000
- "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
# Router 1: Public PWA resources (no auth) - Higher priority # Public PWA (sin auth)
- "traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`) || PathPrefix(`/offline.html`) || PathPrefix(`/api/_nuxt_icon/`))" - traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`) || PathPrefix(`/offline.html`) || PathPrefix(`/api/_nuxt_icon/`))
- "traefik.http.routers.${APP_NAME}-public.entrypoints=websecure" - traefik.http.routers.${APP_NAME}-public.entrypoints=websecure
- "traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt" - traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt
- "traefik.http.routers.${APP_NAME}-public.priority=100" - traefik.http.routers.${APP_NAME}-public.priority=100
- "traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}" - traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}
- "traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers,${APP_NAME}-cors" - traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers,${APP_NAME}-cors
# Router 2: Protected application (with auth) - Normal priority # App protegida (con auth)
- "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)" - traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)
- "traefik.http.routers.${APP_NAME}.entrypoints=websecure" - traefik.http.routers.${APP_NAME}.entrypoints=websecure
- "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt" - traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt
- "traefik.http.routers.${APP_NAME}.priority=10" - traefik.http.routers.${APP_NAME}.priority=10
- "traefik.http.routers.${APP_NAME}.service=${APP_NAME}" - traefik.http.routers.${APP_NAME}.service=${APP_NAME}
- "traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-authentik,${APP_NAME}-headers" - traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-authentik,${APP_NAME}-headers
# Middleware de autenticación usando outpost exteriorlvl2 # ForwardAuth → Outpost exteriorlvl2
- "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.address=http://ak-outpost-exterior-lvl2:9000/outpost.goauthentik.io/auth/traefik" - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.address=https://exteriorlvl2.nucleoriofrio.com/outpost.goauthentik.io/auth/traefik
- "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.trustForwardHeader=true" - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.trustForwardHeader=true
- "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-groups,X-authentik-entitlements,Set-Cookie" - traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.authResponseHeaders=X-Authentik-Username,X-Authentik-Email,X-Authentik-Name,X-Authentik-Uid,X-Authentik-Groups,X-Authentik-Entitlements
# Custom headers middleware # Headers
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" - traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Scheme=https
# CORS para públicos
- traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS
- traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolalloworiginlist=https://${APP_DOMAIN}
- traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolmaxage=100
- traefik.http.middlewares.${APP_NAME}-cors.headers.addvaryheader=true
# CORS middleware for public resources
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolalloworiginlist=https://${APP_DOMAIN}"
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.${APP_NAME}-cors.headers.addvaryheader=true"
volumes: volumes:
postgres_data: postgres_data: