josedario87
db4a79e617
This fixes ETIMEDOUT errors when exchanging OAuth tokens. The container now uses the Docker internal service name (authentiknucleo-server-1:9000) for server-to-server API calls while keeping the public URL for browser redirects. Changes: - Add NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL env var - Use internal URL for token exchange and userinfo endpoints - Update docker-compose.yml and Gitea workflow
44 lines
1.7 KiB
YAML
44 lines
1.7 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
seguidor-lotes:
|
|
image: gitea.nucleoriofrio.com/nucleo000/seguidor-lotes:latest
|
|
container_name: seguidor-lotes
|
|
restart: unless-stopped
|
|
environment:
|
|
# OAuth Authentik
|
|
- NUXT_OAUTH_AUTHENTIK_CLIENT_ID=${NUXT_OAUTH_AUTHENTIK_CLIENT_ID}
|
|
- NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET=${NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET}
|
|
- NUXT_OAUTH_AUTHENTIK_SERVER_URL=${NUXT_OAUTH_AUTHENTIK_SERVER_URL}
|
|
- NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL=${NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL}
|
|
- NUXT_OAUTH_AUTHENTIK_REDIRECT_URL=${NUXT_OAUTH_AUTHENTIK_REDIRECT_URL}
|
|
# Public URL
|
|
- NUXT_PUBLIC_APP_URL=${NUXT_PUBLIC_APP_URL}
|
|
# Session Secret
|
|
- NUXT_SESSION_PASSWORD=${NUXT_SESSION_PASSWORD}
|
|
# Node Environment
|
|
- NODE_ENV=production
|
|
networks:
|
|
- principal
|
|
labels:
|
|
# Traefik labels
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=principal"
|
|
|
|
# HTTP Router
|
|
- "traefik.http.routers.seguidor-lotes.rule=Host(`${APP_DOMAIN}`)"
|
|
- "traefik.http.routers.seguidor-lotes.entrypoints=websecure"
|
|
- "traefik.http.routers.seguidor-lotes.tls.certresolver=letsencrypt"
|
|
|
|
# Service
|
|
- "traefik.http.services.seguidor-lotes.loadbalancer.server.port=3000"
|
|
|
|
# Middleware (opcional: puedes añadir rate limiting, compression, etc.)
|
|
- "traefik.http.routers.seguidor-lotes.middlewares=seguidor-lotes-headers"
|
|
- "traefik.http.middlewares.seguidor-lotes-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.middlewares.seguidor-lotes-headers.headers.customrequestheaders.X-Forwarded-For=$${REMOTE_ADDR}"
|
|
|
|
networks:
|
|
principal:
|
|
external: true
|