fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de

deployment/ansible/roles/traefik/tasks/deploy.yml

@@ -0,0 +1,82 @@
+---
+- name: Check for existing Traefik containers
+  shell: docker ps -a --filter "name=traefik" --format "{{ '{{' }}.ID{{ '}}' }}"
+  register: existing_traefik_containers
+  changed_when: false
+  failed_when: false
+
+- name: Stop and remove existing Traefik containers
+  shell: docker stop {{ item }} && docker rm {{ item }}
+  loop: "{{ existing_traefik_containers.stdout_lines }}"
+  when: existing_traefik_containers.stdout_lines | length > 0
+  ignore_errors: yes
+
+- name: Check if ports 80 and 443 are in use
+  shell: |
+    if sudo ss -tlnp 'sport = :80' 2>/dev/null | grep -q LISTEN; then
+      echo "port_80_in_use"
+    fi
+    if sudo ss -tlnp 'sport = :443' 2>/dev/null | grep -q LISTEN; then
+      echo "port_443_in_use"
+    fi
+  register: port_check
+  changed_when: false
+  failed_when: false
+
+- name: Display port status
+  debug:
+    msg:
+      - "Port 80 status: {{ 'IN USE' if 'port_80_in_use' in port_check.stdout else 'FREE' }}"
+      - "Port 443 status: {{ 'IN USE' if 'port_443_in_use' in port_check.stdout else 'FREE' }}"
+      - "Note: docker-proxy listening on ports is normal when Traefik container is running"
+
+- name: Warn if ports are blocked by non-docker processes
+  debug:
+    msg: "WARNING: Ports 80/443 appear to be in use. This may prevent Traefik from starting. Check with: sudo ss -tlnp 'sport = :80'"
+  when: ('port_80_in_use' in port_check.stdout or 'port_443_in_use' in port_check.stdout) and existing_traefik_containers.stdout_lines | length == 0
+
+- name: Check if acme.json exists
+  stat:
+    path: "{{ traefik_stack_path }}/acme.json"
+  register: acme_json_stat
+
+- name: Remove acme.json if it's a directory (should be a file)
+  shell: |
+    if [ -d "{{ traefik_stack_path }}/acme.json" ]; then
+      rm -rf "{{ traefik_stack_path }}/acme.json"
+    fi
+  become: yes
+  when: acme_json_stat.stat.exists and acme_json_stat.stat.isdir
+
+- name: Ensure Traefik acme.json exists and has correct permissions
+  file:
+    path: "{{ traefik_stack_path }}/acme.json"
+    state: touch
+    mode: '0600'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+  become: yes
+  when: not acme_json_stat.stat.exists or (acme_json_stat.stat.exists and acme_json_stat.stat.isdir)
+
+- name: Deploy Traefik stack
+  community.docker.docker_compose_v2:
+    project_src: "{{ traefik_stack_path }}"
+    state: present
+    pull: always
+  register: traefik_compose_result
+
+- name: Check Traefik container status
+  shell: |
+    docker compose -f {{ traefik_stack_path }}/docker-compose.yml ps traefik | grep -Eiq "Up|running"
+  register: traefik_state
+  changed_when: false
+  until: traefik_state.rc == 0
+  retries: "{{ ((traefik_wait_timeout | int) + (traefik_wait_interval | int) - 1) // (traefik_wait_interval | int) }}"
+  delay: "{{ traefik_wait_interval | int }}"
+  failed_when: traefik_state.rc != 0
+  when: not ansible_check_mode
+
+- name: Record Traefik deployment facts
+  set_fact:
+    traefik_stack_changed: "{{ traefik_compose_result.changed | default(false) }}"
+    traefik_log_hint: ""