fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de

deployment/stacks/traefik/docker-compose.local.yml

@@ -3,7 +3,7 @@
 #
 # This configuration is optimized for local development:
 # - Bridge network instead of host mode
-# - Port mapping: 8080:80 (HTTP only - HTTPS not needed for local dev)
+# - Port mappings: 8081:80 (HTTP) and 8093:8080 (API/Dashboard)
 #   Note: 8443:443 is used by the web container, and we don't need HTTPS for Traefik locally
 # - No ACME/Let's Encrypt (HTTP-only)
 # - Simplified healthcheck
@@ -24,6 +24,9 @@ services:
       - "8093:8080" # Traefik API entrypoint (for api.insecure=true dashboard)
     environment:
       - TZ=Europe/Berlin
+    command:
+      # Load static configuration file
+      - "--configFile=/traefik.yml"
     volumes:
       # Docker socket for service discovery
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -42,10 +45,8 @@ services:
       # For now, we'll try without labels and see if api.insecure=true works directly.
       - "traefik.enable=true"
     healthcheck:
-      # Use wget or curl to check Traefik ping endpoint
-      # The ping endpoint is configured in traefik.local.yml on the 'web' entrypoint
-      # Try ping endpoint first, if that fails, try API endpoint
-      test: ["CMD-SHELL", "wget --quiet --spider http://localhost:80/ping || wget --quiet --spider http://localhost:80/api/rawdata || exit 1"]
+      # Use Traefik's built-in healthcheck command (works in minimal image)
+      test: ["CMD", "traefik", "healthcheck", "--ping"]
       interval: 30s
       timeout: 10s
       retries: 3