fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00
parent 85c369e846
commit 36ef2a1e2c
1366 changed files with 104925 additions and 28719 deletions
--- a/deployment/ansible/roles/traefik/tasks/logs.yml
+++ b/deployment/ansible/roles/traefik/tasks/logs.yml
@@ -0,0 +1,135 @@
+---
+# Check Traefik Logs and ACME Challenge Status
+
+- name: Check if Traefik stack directory exists
+  ansible.builtin.stat:
+    path: "{{ traefik_stack_path }}"
+  register: traefik_stack_exists
+
+- name: Fail if Traefik stack directory does not exist
+  ansible.builtin.fail:
+    msg: "Traefik stack directory not found at {{ traefik_stack_path }}"
+  when: not traefik_stack_exists.stat.exists
+
+- name: Get recent Traefik logs
+  ansible.builtin.shell: |
+    cd {{ traefik_stack_path }}
+    docker compose logs {{ traefik_container_name }} --tail={{ traefik_logs_tail | default(100) }} 2>&1
+  register: traefik_logs
+  changed_when: false
+  failed_when: false
+
+- name: Check for ACME challenge errors in container logs
+  ansible.builtin.shell: |
+    cd {{ traefik_stack_path }}
+    docker compose logs {{ traefik_container_name }} 2>&1 | grep -iE "acme.*challenge|Cannot retrieve.*ACME" | tail -{{ traefik_logs_error_tail | default(20) }} || echo "No ACME challenge errors found in recent logs"
+  register: acme_errors
+  changed_when: false
+  failed_when: false
+
+- name: Check for ACME challenge errors in log file
+  ansible.builtin.shell: |
+    tail -n {{ traefik_logs_tail | default(100) }} {{ traefik_stack_path }}/logs/traefik.log 2>/dev/null | grep -iE "acme.*challenge|Cannot retrieve.*ACME" | tail -{{ traefik_logs_error_tail | default(20) }} || echo "No ACME challenge errors found in log file"
+  register: acme_errors_file
+  changed_when: false
+  failed_when: false
+  ignore_errors: yes
+
+- name: Get logs from last N minutes
+  ansible.builtin.shell: |
+    cd {{ traefik_stack_path }}
+    docker compose logs {{ traefik_container_name }} --since {{ traefik_logs_since_minutes | default(10) }}m 2>&1 | tail -{{ traefik_logs_recent_tail | default(50) }}
+  register: recent_logs
+  changed_when: false
+  failed_when: false
+  when: traefik_logs_since_minutes is defined
+
+- name: Count ACME challenge errors in last hour
+  ansible.builtin.shell: |
+    cd {{ traefik_stack_path }}
+    docker compose logs {{ traefik_container_name }} --since 1h 2>&1 | grep -c "Cannot retrieve.*ACME challenge" || echo "0"
+  register: acme_error_count
+  changed_when: false
+  failed_when: false
+
+- name: Display ACME challenge error summary
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      Traefik ACME Challenge Status
+      ========================================
+      ACME Errors (last hour): {{ acme_error_count.stdout }}
+      ========================================
+      
+      {% if acme_error_count.stdout | int > 0 %}
+      ⚠️  ACME challenge errors still occurring
+      {% else %}
+      ✅ No ACME challenge errors in the last hour!
+      {% endif %}
+  when: traefik_show_status | default(true) | bool
+
+- name: Display ACME challenge errors from container logs
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      ACME Challenge Errors (Container Logs):
+      ========================================
+      {{ acme_errors.stdout }}
+      ========================================
+  when: traefik_show_status | default(true) | bool
+
+- name: Display ACME challenge errors from log file
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      ACME Challenge Errors (Log File):
+      ========================================
+      {{ acme_errors_file.stdout }}
+      ========================================
+  when: traefik_show_status | default(true) | bool
+
+- name: Display recent Traefik logs
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      Recent Traefik Logs (last {{ traefik_logs_since_minutes | default(10) }} minutes):
+      ========================================
+      {{ recent_logs.stdout | default('No recent logs') }}
+      ========================================
+  when:
+    - traefik_logs_since_minutes is defined
+    - traefik_show_status | default(true) | bool
+
+- name: Display all Traefik logs
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      Traefik Container Logs (last {{ traefik_logs_tail | default(100) }} lines):
+      ========================================
+      {{ traefik_logs.stdout | default('No logs available') }}
+      ========================================
+  when:
+    - traefik_show_all_logs | default(false) | bool
+    - traefik_show_status | default(true) | bool
+
+- name: Display final summary
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      Summary
+      ========================================
+      {% if acme_error_count.stdout | int == 0 %}
+      ✅ SUCCESS: No ACME challenge errors in the last hour!
+      
+      The Traefik configuration fix appears to be working. Monitor the logs
+      for the next certificate renewal attempt (usually hourly) to confirm.
+      {% else %}
+      ⚠️  WARNING: {{ acme_error_count.stdout }} ACME challenge errors found in the last hour.
+      
+      The errors may be from before the configuration fix was applied.
+      Monitor the logs for the next certificate renewal attempt to see if
+      the errors have stopped.
+      {% endif %}
+      ========================================
+  when: traefik_show_status | default(true) | bool
+