fix: Gitea Traefik routing and connection pool optimization
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
This commit is contained in:
@@ -11,10 +11,9 @@ Traefik acts as the central reverse proxy for all services, handling:
|
||||
|
||||
## Services
|
||||
|
||||
- **traefik.michaelschiemer.de** - Traefik Dashboard (VPN-only + BasicAuth protected)
|
||||
- ?? **Nur ?ber WireGuard VPN erreichbar** (10.8.0.0/24)
|
||||
- Zus?tzlich durch BasicAuth gesch?tzt
|
||||
- ?ffentlicher Zugriff ist blockiert
|
||||
- **traefik.michaelschiemer.de** - Traefik Dashboard (BasicAuth protected)
|
||||
- Protected by BasicAuth authentication
|
||||
- Accessible via HTTPS with Let's Encrypt certificate
|
||||
|
||||
## Local Development
|
||||
|
||||
@@ -33,7 +32,8 @@ docker compose -f docker-compose.local.yml up -d
|
||||
# Check logs
|
||||
docker compose -f docker-compose.local.yml logs -f
|
||||
|
||||
# Access dashboard at http://localhost:8080/dashboard/
|
||||
# Access dashboard at http://localhost:8093/dashboard/
|
||||
# Note: Dashboard is served on the API port (8093) when api.insecure=true
|
||||
```
|
||||
|
||||
### Local Development Configuration
|
||||
@@ -41,11 +41,12 @@ docker compose -f docker-compose.local.yml logs -f
|
||||
The local configuration (`docker-compose.local.yml` and `traefik.local.yml`) differs from production:
|
||||
|
||||
- **Bridge network** instead of `host` mode (avoids port conflicts)
|
||||
- **Port mappings**: `8080:80` only (HTTP-only for local development)
|
||||
- **Port mappings**: `8081:80` (HTTP) and `8093:8080` (API/Dashboard)
|
||||
- Note: HTTPS not needed locally - avoids port conflicts with web container (8443:443)
|
||||
- **HTTP-only** (no ACME/Let's Encrypt) for local development
|
||||
- **Dashboard**: Accessible at `http://localhost:8080/dashboard/` (HTTP, no authentication)
|
||||
- Also available: `http://localhost:8080/api/rawdata` and `http://localhost:8080/api/http/routers`
|
||||
- **Dashboard**: Accessible at `http://localhost:8093/dashboard/` (HTTP, no authentication)
|
||||
- Also available: `http://localhost:8093/api/rawdata` and `http://localhost:8093/api/http/routers`
|
||||
- Note: Dashboard is served on the API port (8093) when `api.insecure=true` in `traefik.local.yml`
|
||||
- **No `acme.json`** required
|
||||
- **Console logging** (human-readable) instead of JSON file logs
|
||||
|
||||
@@ -53,18 +54,18 @@ The local configuration (`docker-compose.local.yml` and `traefik.local.yml`) dif
|
||||
|
||||
| Feature | Local (`docker-compose.local.yml`) | Production (`docker-compose.yml`) |
|
||||
|---------|-----------------------------------|----------------------------------|
|
||||
| Network Mode | Bridge | Host |
|
||||
| Ports | 8080:80 (HTTP only) | Direct binding (80, 443) |
|
||||
| Network Mode | Bridge | Bridge |
|
||||
| Ports | 8081:80, 8093:8080 (HTTP only) | 80:80, 443:443, 2222:2222 |
|
||||
| SSL/TLS | HTTP-only | HTTPS with Let's Encrypt |
|
||||
| Dashboard | `http://localhost:8080/dashboard/` | `https://traefik.michaelschiemer.de` |
|
||||
| Authentication | None (local dev) | VPN + BasicAuth |
|
||||
| Dashboard | `http://localhost:8093/dashboard/` | `https://traefik.michaelschiemer.de` |
|
||||
| Authentication | None (local dev) | BasicAuth |
|
||||
| Logging | Console (human-readable) | JSON files |
|
||||
| ACME | Disabled | Enabled |
|
||||
|
||||
### Troubleshooting Local Development
|
||||
|
||||
**Container restarts in loop:**
|
||||
- Check if port 8080 is already in use: `netstat -tlnp | grep ':8080' || ss -tlnp | grep ':8080'`
|
||||
- Check if ports 8081 or 8093 are already in use: `netstat -tlnp | grep -E ':(8081|8093)' || ss -tlnp | grep -E ':(8081|8093)'`
|
||||
- Verify Docker network exists: `docker network ls | grep traefik-public`
|
||||
- Check logs: `docker compose -f docker-compose.local.yml logs -f traefik`
|
||||
|
||||
|
||||
Reference in New Issue
Block a user