feat(deployment): update Semaphore stack and Traefik configuration

- Add QUICKSTART.md and SETUP_REPOSITORY.md for Semaphore stack - Add playbooks directory for Semaphore deployment - Update Semaphore docker-compose.yml, env.example, and README - Add Traefik local configuration files - Disable semaphore.yml in Traefik dynamic config - Update docker-compose.local.yml and build-image workflow
2025-11-02 22:55:51 +01:00
parent 0c4ff1283c
commit 77c656af62
15 changed files with 1280 additions and 77 deletions
--- a/deployment/stacks/traefik/docker-compose.local.yml
+++ b/deployment/stacks/traefik/docker-compose.local.yml
@@ -0,0 +1,59 @@
+# Local Development Configuration for Traefik
+# Usage: docker compose -f docker-compose.local.yml up -d
+#
+# This configuration is optimized for local development:
+# - Bridge network instead of host mode
+# - Port mapping: 8080:80 (HTTP only - HTTPS not needed for local dev)
+#   Note: 8443:443 is used by the web container, and we don't need HTTPS for Traefik locally
+# - No ACME/Let's Encrypt (HTTP-only)
+# - Simplified healthcheck
+
+services:
+  traefik:
+    image: traefik:v3.0
+    container_name: traefik-local
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    # Use bridge network for local development (avoids port conflicts)
+    # Ports 80/443 might be in use by other services
+    # For local development, we only use HTTP (no HTTPS needed)
+    # Note: 8443:443 is used by the web container
+    ports:
+      - "8080:80"   # HTTP on port 80 (mapped to host port 8080)
+      - "8080:8080" # Traefik API entrypoint (for api.insecure=true dashboard)
+    environment:
+      - TZ=Europe/Berlin
+    volumes:
+      # Docker socket for service discovery
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Static configuration for local development
+      - ./traefik.local.yml:/traefik.yml:ro
+      # Dynamic configuration (shared with production config)
+      # Note: These configs reference letsencrypt resolver which we don't configure locally
+      # This will cause harmless errors in logs but won't break functionality
+      - ./dynamic:/dynamic:ro
+    networks:
+      - traefik-public
+    labels:
+      # Note: With api.insecure=true, Traefik should automatically serve the dashboard
+      # at /dashboard/ and /api/ without needing router labels.
+      # However, if this doesn't work in bridge network mode, we may need explicit routing.
+      # For now, we'll try without labels and see if api.insecure=true works directly.
+      - "traefik.enable=true"
+    healthcheck:
+      # Use wget or curl to check Traefik ping endpoint
+      # The ping endpoint is configured in traefik.local.yml on the 'web' entrypoint
+      # Try ping endpoint first, if that fails, try API endpoint
+      test: ["CMD-SHELL", "wget --quiet --spider http://localhost:80/ping || wget --quiet --spider http://localhost:80/api/rawdata || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 15s
+
+networks:
+  traefik-public:
+    external: true
+    # Create this network if it doesn't exist:
+    # docker network create traefik-public
+