fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de

deployment/ansible/templates/application.env.j2

@@ -5,7 +5,7 @@
 TZ={{ timezone | default('Europe/Berlin') }}
 
 # Application Domain
-APP_DOMAIN={{ app_domain }}
+APP_DOMAIN={{ app_domain | default('michaelschiemer.de') }}
 
 # Application Settings
 APP_ENV={{ app_env | default('production') }}
@@ -21,9 +21,9 @@ APP_SSL_PORT={{ app_ssl_port | default('443') }}
 FORCE_HTTPS={{ force_https | default('true') }}
 
 # Database Configuration
-# Using PostgreSQL from postgres stack
+# Using PostgreSQL from separate production/staging stacks
 DB_DRIVER={{ db_driver | default('pgsql') }}
-DB_HOST={{ db_host | default('postgres') }}
+DB_HOST={{ db_host | default(db_host_default | default('postgres-production' if app_env == 'production' else 'postgres-staging' if app_env == 'staging' else 'postgres')) }}
 DB_PORT={{ db_port | default('5432') }}
 DB_DATABASE={{ db_name | default(db_name_default) }}
 DB_USERNAME={{ db_user | default(db_user_default) }}
@@ -79,3 +79,7 @@ GIT_BRANCH={{ git_branch | default('main') }}
 GIT_TOKEN_FILE=/run/secrets/git_token
 GIT_USERNAME={{ git_username | default('') }}
 GIT_PASSWORD={{ git_password | default('') }}
+
+# MinIO Object Storage Configuration (optional)
+MINIO_ROOT_USER={{ minio_root_user | default('minioadmin') }}
+MINIO_ROOT_PASSWORD={{ minio_root_password | default('') }}

deployment/ansible/templates/gitea-app.ini.j2

@@ -1,13 +1,14 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Gitea Configuration File
+;; Gitea Configuration File - Minimal Version
 ;; Generated by Ansible - DO NOT EDIT MANUALLY
-;; This file is based on the official Gitea example configuration
-;; https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
+;; 
+;; IMPORTANT: This is a minimal configuration. Cache, Session, Queue, and other
+;; settings are controlled via GITEA__... environment variables in docker-compose.yml
+;; which override these settings on every container start.
+;; 
+;; Only essential values are included here to skip installation and enable basic functionality.
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; General Settings
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 APP_NAME = Gitea: Git with a cup of tea
 RUN_MODE = prod
 
@@ -20,18 +21,6 @@ DOMAIN = {{ gitea_domain }}
 HTTP_ADDR = 0.0.0.0
 HTTP_PORT = 3000
 ROOT_URL = https://{{ gitea_domain }}/
-PUBLIC_URL_DETECTION = auto
-;; Performance settings for handling concurrent requests
-LFS_START_SERVER = true
-LFS_CONTENT_PATH = data/lfs
-LFS_JWT_SECRET = 
-;; Increase timeouts for better stability under load
-READ_TIMEOUT = 60s
-WRITE_TIMEOUT = 60s
-
-;; SSH Configuration
-;; Note: SSH_LISTEN_PORT should match the port exposed in docker-compose.yml
-;; If SSH is not needed, set DISABLE_SSH = true and START_SSH_SERVER = false
 DISABLE_SSH = false
 START_SSH_SERVER = false
 SSH_DOMAIN = {{ gitea_domain }}
@@ -48,45 +37,12 @@ NAME = {{ postgres_db | default('gitea') }}
 USER = {{ postgres_user | default('gitea') }}
 PASSWD = {{ postgres_password | default('gitea_password') }}
 SSL_MODE = disable
-;; Connection Pool Settings - Prevents "Connection reset by peer" errors
-;; Increased limits for handling concurrent requests
-MAX_OPEN_CONNS = 200
-MAX_IDLE_CONNS = 50
-CONN_MAX_LIFETIME = 600
-CONN_MAX_IDLE_TIME = 300
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Cache Configuration
+;; Security Configuration
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[cache]
-ENABLED = true
-ADAPTER = redis
-HOST = redis:6379
-PASSWORD = {{ redis_password | default('gitea_redis_password') }}
-DB = 0
-;; Redis cache for better performance and persistence
-;; Cache survives container restarts
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Session Configuration
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[session]
-PROVIDER = redis
-PROVIDER_CONFIG = network=tcp,addr=redis:6379,password={{ redis_password | default('gitea_redis_password') }},db=0,pool_size=100,idle_timeout=180
-COOKIE_SECURE = true
-COOKIE_NAME = i_like_gitea
-GC_INTERVAL_TIME = 86400
-SESSION_LIFE_TIME = 86400
-;; Redis sessions for better performance and scalability
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Queue Configuration
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[queue]
-TYPE = redis
-CONN_STR = redis://:{{ redis_password | default('gitea_redis_password') }}@redis:6379/0
-;; Redis queue for persistent job processing
-;; Jobs survive container restarts
+[security]
+INSTALL_LOCK = true
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Service Configuration
@@ -99,14 +55,8 @@ DISABLE_REGISTRATION = {{ disable_registration | default(true) | lower }}
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [actions]
 ENABLED = true
-;; Use "self" to use the current Gitea instance for actions (not GitHub)
-;; Do NOT set DEFAULT_ACTIONS_URL to a custom URL - it's not supported
-;; Leaving it unset or setting to "self" will use the current instance
-;DEFAULT_ACTIONS_URL = self
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Security Configuration
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[security]
-;; Set INSTALL_LOCK to true to skip the initial setup page
-INSTALL_LOCK = true
+;; Cache Configuration
+;; NOTE: Cache configuration is controlled via GITEA__cache__ environment variables
+;; in docker-compose.yml. Do NOT add [cache] section here, as it may cause conflicts.