feat(deployment): update Semaphore stack and Traefik configuration

- Add QUICKSTART.md and SETUP_REPOSITORY.md for Semaphore stack - Add playbooks directory for Semaphore deployment - Update Semaphore docker-compose.yml, env.example, and README - Add Traefik local configuration files - Disable semaphore.yml in Traefik dynamic config - Update docker-compose.local.yml and build-image workflow
2025-11-02 22:55:51 +01:00
parent 0c4ff1283c
commit 77c656af62
15 changed files with 1280 additions and 77 deletions
--- a/deployment/stacks/traefik/traefik.local.yml
+++ b/deployment/stacks/traefik/traefik.local.yml
@@ -0,0 +1,98 @@
+# Local Development Configuration for Traefik
+# This configuration is optimized for local development without Let's Encrypt/ACME
+
+# Global Configuration
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: false
+
+# API and Dashboard
+# For local development, we enable insecure access on port 8080
+# Dashboard automatically accessible at:
+#   - http://localhost:8080/dashboard/ (with trailing slash)
+#   - http://localhost:8080/api/rawdata
+#   - http://localhost:8080/api/http/routers
+api:
+  dashboard: true
+  insecure: true  # HTTP-only for local development - enables direct dashboard access
+  # Note: With insecure=true, dashboard is accessible at:
+  # - http://localhost:8080/dashboard/
+  # - http://localhost:8080/api/rawdata
+  # - http://localhost:8080/api/http/routers
+  # The insecure mode works directly on the entrypoint (web) without needing router labels
+
+# Entry Points
+entryPoints:
+  web:
+    address: ":80"
+    # No redirects for local development - HTTP is acceptable
+
+  websecure:
+    address: ":443"
+    # Note: Even though we don't use HTTPS locally, we need this entrypoint
+    # because dynamic configurations (gitea.yml, semaphore.yml) reference it
+    # We use HTTP only, but the entrypoint must exist to avoid errors
+
+  traefik:
+    address: ":8080"
+    # This entrypoint is used by api.insecure=true for dashboard access
+    # It must be on port 8080 (which maps to host port 8080) to match our port mapping
+
+# Certificate Resolvers
+# Note: For local development, we don't configure ACME/Let's Encrypt
+# Dynamic configs (gitea.yml, semaphore.yml) that reference letsencrypt will show errors
+# but won't break Traefik functionality. We can ignore these errors for local dev.
+# If you need to test with real certificates locally, configure ACME manually.
+# certificatesResolvers:
+#   letsencrypt:
+#     acme:
+#       email: your-email@example.com
+#       storage: /tmp/acme.json
+#       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+# Providers
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    # Use Docker bridge network for local development
+    network: traefik-public
+    watch: true
+
+  file:
+    directory: /dynamic
+    watch: true
+    # Note: Dynamic configs (gitea.yml, semaphore.yml) will show errors
+    # because they reference letsencrypt resolver which we don't configure locally
+    # These errors are harmless and won't affect local development
+
+# Forwarded Headers Configuration
+# Simplified for local development
+forwardedHeaders:
+  trustedIPs:
+    - "127.0.0.1/32"     # Localhost
+    - "172.17.0.0/16"    # Docker bridge network
+    - "172.18.0.0/16"    # Docker user-defined networks
+  insecure: true  # Allow insecure forwarded headers for local dev
+
+# Logging - Console output for local development (easier to debug)
+log:
+  level: INFO
+  format: common  # Human-readable format for local development
+
+# Access Logs - Console output for local development
+accessLog:
+  format: common  # Human-readable format for local development
+
+# Metrics (optional for local development)
+# Can be enabled if needed for monitoring
+# metrics:
+#   prometheus:
+#     addEntryPointsLabels: true
+#     addRoutersLabels: true
+#     addServicesLabels: true
+
+# Ping endpoint for health checks
+ping:
+  entryPoint: web
+