josedario87
00c5657b0a
- Detect CORS/redirect errors from Authentik and interpret them as "no session" instead of generic error - When session expires, Authentik returns 302 redirect to login which causes CORS error in fetch requests - Add /api/_nuxt_icon/ to public routes to prevent icon load failures after logout This fixes the issue where logout in Authentik showed "Error" instead of "Sin Sesión" when checking session status.
56 lines
2.5 KiB
YAML
56 lines
2.5 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
app:
|
|
image: ${REG}/${REPO_OWNER}/${APP_NAME}:latest
|
|
container_name: ${APP_NAME}
|
|
restart: unless-stopped
|
|
environment:
|
|
# Node Environment
|
|
- NODE_ENV=production
|
|
- NUXT_HOST=0.0.0.0
|
|
- NUXT_PORT=3000
|
|
# Public URL
|
|
- NUXT_PUBLIC_APP_URL=${NUXT_PUBLIC_APP_URL}
|
|
networks:
|
|
- principal
|
|
- traefik-network
|
|
labels:
|
|
# Traefik labels
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=traefik-network"
|
|
|
|
# Service (shared by both routers)
|
|
- "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
|
|
|
|
# Router 1: Public PWA resources (no auth) - Higher priority
|
|
- "traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`) || PathPrefix(`/api/_nuxt_icon/`))"
|
|
- "traefik.http.routers.${APP_NAME}-public.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}-public.priority=100"
|
|
- "traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}"
|
|
- "traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers,${APP_NAME}-cors"
|
|
|
|
# Router 2: Protected application (with auth) - Normal priority
|
|
- "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)"
|
|
- "traefik.http.routers.${APP_NAME}.entrypoints=websecure"
|
|
- "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.${APP_NAME}.priority=10"
|
|
- "traefik.http.routers.${APP_NAME}.service=${APP_NAME}"
|
|
- "traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers"
|
|
|
|
# Custom headers middleware
|
|
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
|
|
# CORS middleware for public resources
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolalloworiginlist=https://${APP_DOMAIN}"
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolmaxage=100"
|
|
- "traefik.http.middlewares.${APP_NAME}-cors.headers.addvaryheader=true"
|
|
|
|
networks:
|
|
principal:
|
|
external: true
|
|
traefik-network:
|
|
external: true
|