diff --git a/docker-compose.yml b/docker-compose.yml index e031332..2989f1a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,19 +27,28 @@ services: - "traefik.enable=true" - "traefik.docker.network=principal" - # Router principal - - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" - - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" - - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" - - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" - - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" - - # Service - Puerto y configuraciones SSE + # Service - Puerto y configuraciones SSE (compartido por ambos routers) - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@docker" + # Router 1: Público (assets estáticos, manifest, icons) - SIN autenticación - ALTA PRIORIDAD + - "traefik.http.routers.wifi-nucleoriofrio-public.rule=Host(`wifi.nucleoriofrio.com`) && (PathPrefix(`/assets`) || PathPrefix(`/.well-known`) || PathPrefix(`/icons`) || Path(`/manifest.webmanifest`) || Path(`/favicon.ico`) || Path(`/vite.svg`))" + - "traefik.http.routers.wifi-nucleoriofrio-public.entrypoints=websecure" + - "traefik.http.routers.wifi-nucleoriofrio-public.tls.certresolver=letsencrypt" + - "traefik.http.routers.wifi-nucleoriofrio-public.service=wifi-nucleoriofrio-service" + - "traefik.http.routers.wifi-nucleoriofrio-public.priority=100" + - "traefik.http.routers.wifi-nucleoriofrio-public.middlewares=wifi-headers@docker" + + # Router 2: Principal (todo lo demás) - CON autenticación - BAJA PRIORIDAD + - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" + - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" + - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" + - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" + - "traefik.http.routers.wifi-nucleoriofrio.priority=10" + - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" + # Middleware: wifi-headers - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"