michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Gitea Traefik routing and connection pool optimization
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
Details
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Details
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Details
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Details

Browse Source 
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de
This commit is contained in:
Michael Schiemer
2025-11-09 14:46:15 +01:00
parent 85c369e846
commit 36ef2a1e2c
1366 changed files with 104925 additions and 28719 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
docker-compose.production.yml
View File

@@ -13,8 +13,8 @@
services:
web:
# Use pre-built image from registry (override build from base)
image: git.michaelschiemer.de:5000/framework:latest
build: null # Explicitly remove build section from base
image: localhost:5000/framework:latest
# Build section removed - production-base.yml has no build sections
# Production restart policy
restart: always
@@ -34,14 +34,18 @@ services:
- APP_DEBUG=false
# Security hardening
security_opt:
- no-new-privileges:true
# Note: no-new-privileges prevents PHP-FPM from switching to www-data
# We need to allow privilege escalation for PHP-FPM user switching
# security_opt:
# - no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- NET_BIND_SERVICE # Required for binding to ports 80/443
- SETGID # Required for PHP-FPM to switch to www-data
- SETUID # Required for PHP-FPM to switch to www-data
# Stricter health checks for production
healthcheck:
@@ -78,8 +82,8 @@ services:
php:
# Use pre-built image from registry (override build from base)
image: git.michaelschiemer.de:5000/framework:latest
build: null # Explicitly remove build section from base
image: localhost:5000/framework:latest
# Build section removed - production-base.yml has no build sections
# Production restart policy
restart: always
@@ -97,6 +101,10 @@ services:
- CHOWN
- DAC_OVERRIDE
# Load environment variables from .env file (generated by Ansible)
# Use absolute path to ensure .env is found regardless of working directory
env_file:
- /home/deploy/deployment/stacks/production/.env
environment:
- APP_ENV=production
- APP_DEBUG=false
@@ -155,8 +163,8 @@ services:
queue-worker:
# Use pre-built image from registry (override build from base)
image: git.michaelschiemer.de:5000/framework:latest
build: null # Explicitly remove build section from base
image: localhost:5000/framework:latest
# Build section removed - production-base.yml has no build sections
# Production restart policy
restart: always
@@ -165,7 +173,9 @@ services:
# The entrypoint script will use gosu to switch to appuser after setup
user: "root"
# No entrypoint override - queue-worker runs worker.php directly
# Override entrypoint to skip PHP-FPM/Nginx startup - queue-worker only needs PHP CLI
entrypoint: ""
# Worker command - direct PHP execution
command: ["php", "/var/www/html/worker.php"]
@@ -174,6 +184,10 @@ services:
# Mount application code from rsync deployment (read-write for storage/var directories)
- /home/deploy/michaelschiemer/current:/var/www/html:rw
# Load environment variables from .env file (generated by Ansible)
# Use absolute path to ensure .env is found regardless of working directory
env_file:
- /home/deploy/deployment/stacks/production/.env
environment:
- APP_ENV=production
- WORKER_DEBUG=false
@@ -220,10 +234,18 @@ services:
condition: service_healthy
# Note: PostgreSQL and Redis are external services, connection via app-internal network
# php-test service removed for production (test profiles not used in production)
php-test:
image: localhost:5000/framework:latest
# Build section removed - production-base.yml has no build sections
profiles:
- never # Disable php-test in production
# Scheduler (Cron Jobs)
scheduler:
# Use same build as php service (has application code copied)
image: git.michaelschiemer.de:5000/framework:latest
# Use pre-built image from registry (override build from base if exists)
image: localhost:5000/framework:latest
# Build section removed - production-base.yml has no build sections
container_name: scheduler
# Production restart policy
@@ -233,6 +255,9 @@ services:
# The entrypoint script will use gosu to switch to appuser after setup
user: "root"
# Override entrypoint to skip PHP-FPM/Nginx startup - scheduler only needs PHP CLI
entrypoint: ""
# Scheduler command - direct PHP execution
command: php console.php scheduler:run
@@ -241,6 +266,10 @@ services:
# Mount application code from rsync deployment (read-write for storage/var directories)
- /home/deploy/michaelschiemer/current:/var/www/html:rw
# Load environment variables from .env file (generated by Ansible)
# Use absolute path to ensure .env is found regardless of working directory
env_file:
- /home/deploy/deployment/stacks/production/.env
environment:
- TZ=Europe/Berlin
- APP_ENV=production