Agregar integración con Traefik y consolidar workflow

- Agregar labels de Traefik al servicio radiusnucleo-node para exposición en wifi.nucleoriofrio.com
- Configurar autenticación con Authentik y soporte para SSE/WebSocket
- Renombrar servicio node a radiusnucleo-node con container_name explícito
- Actualizar redes a radiusnucleo_radius_net como externa
- Consolidar workflow de Gitea en un solo job build-and-deploy
- Agregar creación automática de red radiusnucleo_radius_net en workflow

.gitea/workflows/build-and-deploy.yml

@@ -5,11 +5,12 @@ on:
     branches: [ main ]
 
 jobs:
-  #───────────────── build & push ─────────────────
+  build-and-deploy:
-  build:
     runs-on: docker
     env:
       REG: gitea.nucleoriofrio.com/nucleo000
+      RADIUS_CLIENTS_CIDR: 192.168.87.0/24
+      RADIUS_SHARED_SECRET: tamosbien
     steps:
       - uses: actions/checkout@v3
       - uses: docker/setup-buildx-action@v2
@@ -31,23 +32,10 @@ jobs:
           docker push $REG/radiusnucleo-freeradius:${{ github.sha }}
           docker push $REG/radiusnucleo-freeradius:latest
 
-  #───────────────── deploy ─────────────────
+      - name: Ensure external docker networks exist
-  deploy:
-    needs: build
-    runs-on: docker
-    env:
-      REG: gitea.nucleoriofrio.com/nucleo000
-      RADIUS_CLIENTS_CIDR: 192.168.87.0/24
-      RADIUS_SHARED_SECRET: tamosbien
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Login to registry
-        run: docker login gitea.nucleoriofrio.com -u nucleo000 -p 7bc7b2fcd283bd6a251bef3ede368b7f897c919d
-
-      - name: Ensure external docker network exists
         run: |
           docker network inspect principal >/dev/null 2>&1 || docker network create principal
+          docker network inspect radiusnucleo_radius_net >/dev/null 2>&1 || docker network create radiusnucleo_radius_net
 
       - name: Pull fresh images used in compose
         run: docker compose -f docker-compose.yml pull
@@ -60,19 +48,3 @@ jobs:
 
       - name: Show service status
         run: docker compose -f docker-compose.yml --project-name radiusnucleo ps
-
-      - name: Tail freeradius logs (last 2m)
-        run: docker compose -f docker-compose.yml --project-name radiusnucleo logs --since=2m freeradius || true
-
-      - name: Inspect freeradius published ports
-        run: |
-          CID=$(docker compose -f docker-compose.yml --project-name radiusnucleo ps -q freeradius)
-          echo "Container: $CID"
-          docker inspect "$CID" --format '{{json .NetworkSettings.Ports}}'
-          echo "docker port output:" || true
-          docker port "$CID" || true
-
-      - name: Check sockets inside freeradius container
-        run: |
-          CID=$(docker compose -f docker-compose.yml --project-name radiusnucleo ps -q freeradius)
-          docker exec "$CID" sh -lc 'ss -ulpen | egrep ":(1812|1813|3799)\\b" || netstat -ulpen | egrep ":(1812|1813|3799)\\b" || true'

docker-compose.yml

@@ -1,11 +1,12 @@
 version: "3.9"
 
 services:
-  node:
+  radiusnucleo-node:
     build:
       context: .
       dockerfile: node-api/Dockerfile
     image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo:latest
+    container_name: radiusnucleo-node-1
     environment:
       - VLAN_ID=2
       - MAX_UP=10000000
@@ -19,16 +20,42 @@ services:
       - PGUSER=radius
       - PGPASSWORD=radius
     networks:
-      radius_net:
+      - principal
-      principal:
+      - radiusnucleo_radius_net
-        aliases:
+    labels:
-          - radiusnucleo-node
+      # Habilitar Traefik
+      - "traefik.enable=true"
+      - "traefik.docker.network=principal"
+
+      # Router principal
+      - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)"
+      - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure"
+      - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service"
+      - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker"
+
+      # Service - Puerto y configuraciones SSE
+      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000"
+      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true"
+      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms"
+      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@docker"
+
+      # Middleware: wifi-headers
+      - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
+
+      # ServersTransport para SSE/WebSocket
+      - "traefik.http.serverstransports.wifi-transport.servername=radiusnucleo-node-1"
+      - "traefik.http.serverstransports.wifi-transport.insecureskipverify=false"
+      - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.dialtimeout=30s"
+      - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.responseheadertimeout=0s"
+      - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.idleconntimeout=90s"
 
   freeradius:
     build: ./freeradius
     image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest
     depends_on:
-      - node
+      - radiusnucleo-node
       - postgres
     restart: unless-stopped
     ports:
@@ -39,7 +66,7 @@ services:
       - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24}
       - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
     networks:
-      - radius_net
+      - radiusnucleo_radius_net
       - principal
 
   postgres:
@@ -52,14 +79,14 @@ services:
       - postgres_data:/var/lib/postgresql/data
       - ./postgres/init:/docker-entrypoint-initdb.d:ro
     networks:
-      - radius_net
+      - radiusnucleo_radius_net
       - principal
 
 networks:
-  radius_net:
-    driver: bridge
   principal:
     external: true
+  radiusnucleo_radius_net:
+    external: true
 
 volumes:
   postgres_data: