version: "3.9" services: radiusnucleo-node: build: context: . dockerfile: node-api/Dockerfile image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo:latest container_name: radiusnucleo-node-1 environment: - VLAN_ID=2 - MAX_UP=10000000 - MAX_DOWN=10000000 - RADIUS_HOST=freeradius - RADIUS_AUTH_PORT=1812 - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} - PGHOST=postgres - PGPORT=5432 - PGDATABASE=radius - PGUSER=radius - PGPASSWORD=radius networks: principal: radiusnucleo_radius_net: aliases: - node labels: # Habilitar Traefik - "traefik.enable=true" - "traefik.docker.network=principal" # Service - Puerto y configuraciones SSE (compartido por ambos routers) - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@file" # Router 1: Público (assets, manifest, icons, callback de Authentik) - SIN autenticación - ALTA PRIORIDAD - "traefik.http.routers.wifi-nucleoriofrio-public.rule=Host(`wifi.nucleoriofrio.com`) && (PathPrefix(`/assets`) || PathPrefix(`/.well-known`) || PathPrefix(`/icons`) || PathPrefix(`/outpost.goauthentik.io`) || Path(`/manifest.webmanifest`) || Path(`/favicon.ico`) || Path(`/vite.svg`) || Path(`/sw.js`))" - "traefik.http.routers.wifi-nucleoriofrio-public.entrypoints=websecure" - "traefik.http.routers.wifi-nucleoriofrio-public.tls.certresolver=letsencrypt" - "traefik.http.routers.wifi-nucleoriofrio-public.service=wifi-nucleoriofrio-service" - "traefik.http.routers.wifi-nucleoriofrio-public.priority=100" - "traefik.http.routers.wifi-nucleoriofrio-public.middlewares=wifi-headers@docker" # Router 2: Principal (todo lo demás) - CON autenticación - BAJA PRIORIDAD - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" - "traefik.http.routers.wifi-nucleoriofrio.priority=10" - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" # Middleware: wifi-headers - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" freeradius: build: ./freeradius image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest depends_on: - radiusnucleo-node - postgres restart: unless-stopped ports: - "1812:1812/udp" - "1813:1813/udp" - "3799:3799/udp" environment: - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24} - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} networks: - radiusnucleo_radius_net - principal postgres: image: postgres:16-alpine environment: - POSTGRES_DB=radius - POSTGRES_USER=radius - POSTGRES_PASSWORD=radius volumes: - postgres_data:/var/lib/postgresql/data - ./postgres/init:/docker-entrypoint-initdb.d:ro networks: - radiusnucleo_radius_net - principal networks: principal: external: true radiusnucleo_radius_net: external: true volumes: postgres_data: