josedario87
5c6fd8fef3
Some checks failed
build-and-deploy / build-and-deploy (push) Failing after 9s
- Implementado mcp-metabase-server con TypeScript - 9 herramientas para interactuar con Metabase API - Soporta listar/buscar cards, ejecutar queries con parámetros - Soporta crear y actualizar cards - Autenticación con API Key - Agregado servicio al docker-compose.yml - Configurado en Traefik sin autenticación Authentik - Actualizado README con documentación completa - Variables y secrets configurados en Gitea
152 lines
6.8 KiB
YAML
152 lines
6.8 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
app:
|
|
image: ${REG}/${REPO_OWNER}/${APP_NAME}:latest
|
|
container_name: ${APP_NAME}
|
|
restart: unless-stopped
|
|
environment:
|
|
# Node Environment
|
|
- NODE_ENV=production
|
|
- NUXT_HOST=0.0.0.0
|
|
- NUXT_PORT=3000
|
|
# Public URL
|
|
- NUXT_PUBLIC_APP_URL=${NUXT_PUBLIC_APP_URL}
|
|
networks:
|
|
- principal
|
|
- traefik-network
|
|
labels:
|
|
# Traefik labels
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=traefik-network"
|
|
|
|
# Service (shared by both routers)
|
|
- "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
|
|
|
|
# Router 1: Public PWA resources (no auth) - Higher priority
|
|
# Incluye .well-known para scope extensions
|
|
- "traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/.well-known`) || PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`) || PathPrefix(`/offline.html`) || PathPrefix(`/api/_nuxt_icon/`))"
|
|
- "traefik.http.routers.${APP_NAME}-public.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}-public.priority=100"
|
|
- "traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}"
|
|
- "traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers,${APP_NAME}-cors"
|
|
|
|
# Router 2: Protected application (with auth) - Normal priority
|
|
- "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)"
|
|
- "traefik.http.routers.${APP_NAME}.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}.priority=10"
|
|
- "traefik.http.routers.${APP_NAME}.service=${APP_NAME}"
|
|
- "traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers"
|
|
|
|
# Custom headers middleware
|
|
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
|
|
# CORS middleware for public resources
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolalloworiginlist=https://${APP_DOMAIN}"
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolmaxage=100"
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.addvaryheader=true"
|
|
|
|
mcp-docker:
|
|
image: ${REG}/${REPO_OWNER}/mcp-docker-server:latest
|
|
container_name: ${APP_NAME}-mcp-docker
|
|
restart: unless-stopped
|
|
environment:
|
|
- PORT=3000
|
|
volumes:
|
|
# Montar el socket de Docker para acceso al daemon
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- principal
|
|
- traefik-network
|
|
labels:
|
|
# Traefik labels - Exposición sin autenticación
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=traefik-network"
|
|
|
|
# Service
|
|
- "traefik.http.services.${APP_NAME}-mcp.loadbalancer.server.port=3000"
|
|
|
|
# Router sin autenticación para /mcp en dominio dedicado
|
|
- "traefik.http.routers.${APP_NAME}-mcp.rule=Host(`${DOCKER_DOMAIN}`) && PathPrefix(`/mcp`)"
|
|
- "traefik.http.routers.${APP_NAME}-mcp.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}-mcp.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}-mcp.priority=200"
|
|
- "traefik.http.routers.${APP_NAME}-mcp.service=${APP_NAME}-mcp"
|
|
|
|
# Middlewares para MCP
|
|
- "traefik.http.middlewares.${APP_NAME}-mcp-stripprefix.stripprefix.prefixes=/mcp"
|
|
- "traefik.http.middlewares.${APP_NAME}-mcp-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.routers.${APP_NAME}-mcp.middlewares=${APP_NAME}-mcp-stripprefix,${APP_NAME}-mcp-headers"
|
|
|
|
mcp-gitea:
|
|
image: ${REG}/${REPO_OWNER}/mcp-gitea-server:latest
|
|
container_name: ${APP_NAME}-mcp-gitea
|
|
restart: unless-stopped
|
|
environment:
|
|
- PORT=3000
|
|
- GIT_INTERNAL_URL=http://gitea:3000
|
|
- GIT_URL=${GIT_URL}
|
|
- GIT_TOKEN=${GIT_TOKEN}
|
|
networks:
|
|
- principal
|
|
- traefik-network
|
|
labels:
|
|
# Traefik labels - Exposición sin autenticación
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=traefik-network"
|
|
|
|
# Service
|
|
- "traefik.http.services.${APP_NAME}-mcp-gitea.loadbalancer.server.port=3000"
|
|
|
|
# Router sin autenticación para /mcp en gitea.nucleoriofrio.com
|
|
- "traefik.http.routers.${APP_NAME}-mcp-gitea.rule=Host(`${GIT_DOMAIN}`) && PathPrefix(`/mcp`)"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-gitea.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-gitea.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-gitea.priority=200"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-gitea.service=${APP_NAME}-mcp-gitea"
|
|
|
|
# Middlewares para MCP Gitea
|
|
- "traefik.http.middlewares.${APP_NAME}-mcp-gitea-stripprefix.stripprefix.prefixes=/mcp"
|
|
- "traefik.http.middlewares.${APP_NAME}-mcp-gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-gitea.middlewares=${APP_NAME}-mcp-gitea-stripprefix,${APP_NAME}-mcp-gitea-headers"
|
|
|
|
mcp-metabase:
|
|
image: ${REG}/${REPO_OWNER}/mcp-metabase-server:latest
|
|
container_name: ${APP_NAME}-mcp-metabase
|
|
restart: unless-stopped
|
|
environment:
|
|
- PORT=3000
|
|
- METABASE_URL=${METABASE_INTERNAL_URL}
|
|
- METABASE_API_KEY=${METABASE_API_KEY}
|
|
networks:
|
|
- principal
|
|
- traefik-network
|
|
labels:
|
|
# Traefik labels - Exposición sin autenticación
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=traefik-network"
|
|
|
|
# Service
|
|
- "traefik.http.services.${APP_NAME}-mcp-metabase.loadbalancer.server.port=3000"
|
|
|
|
# Router sin autenticación para /mcp en metabase domain
|
|
- "traefik.http.routers.${APP_NAME}-mcp-metabase.rule=Host(`${METABASE_DOMAIN}`) && PathPrefix(`/mcp`)"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-metabase.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-metabase.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-metabase.priority=200"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-metabase.service=${APP_NAME}-mcp-metabase"
|
|
|
|
# Middlewares para MCP Metabase
|
|
- "traefik.http.middlewares.${APP_NAME}-mcp-metabase-stripprefix.stripprefix.prefixes=/mcp"
|
|
- "traefik.http.middlewares.${APP_NAME}-mcp-metabase-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.routers.${APP_NAME}-mcp-metabase.middlewares=${APP_NAME}-mcp-metabase-stripprefix,${APP_NAME}-mcp-metabase-headers"
|
|
|
|
networks:
|
|
principal:
|
|
external: true
|
|
traefik-network:
|
|
external: true
|