feat(deployment): update semaphore configuration and deployment workflows

2025-11-02 20:46:18 +01:00
parent 24cbbccf4c
commit a5cd49bde7
8 changed files with 109 additions and 41 deletions
--- a/deployment/stacks/semaphore/docker-compose.yml
+++ b/deployment/stacks/semaphore/docker-compose.yml
@@ -41,6 +41,22 @@ services:
      # Only bind to localhost, not external interfaces
      # Default port 3001 to avoid conflict with Gitea (port 3000)
      - "127.0.0.1:${SEMAPHORE_PORT:-3001}:3000"
+    labels:
+      # Traefik configuration
+      - "traefik.enable=true"
+      # HTTP Router (redirects to HTTPS)
+      - "traefik.http.routers.semaphore.rule=Host(`semaphore.michaelschiemer.de`)"
+      - "traefik.http.routers.semaphore.entrypoints=web"
+      - "traefik.http.routers.semaphore.middlewares=redirect-to-https"
+      # HTTPS Router
+      - "traefik.http.routers.semaphore-secure.rule=Host(`semaphore.michaelschiemer.de`)"
+      - "traefik.http.routers.semaphore-secure.entrypoints=websecure"
+      - "traefik.http.routers.semaphore-secure.tls=true"
+      - "traefik.http.routers.semaphore-secure.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.semaphore-secure.service=semaphore"
+      # Service definition (use container IP in host network mode)
+      - "traefik.http.services.semaphore.loadbalancer.server.scheme=http"
+      - "traefik.http.services.semaphore.loadbalancer.server.port=3000"
    environment:
      - TZ=Europe/Berlin
      # Database Configuration
@@ -68,7 +84,7 @@ services:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"]
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/"]
      interval: 30s
      timeout: 10s
      retries: 3
--- a/deployment/stacks/traefik/dynamic/semaphore.yml
+++ b/deployment/stacks/traefik/dynamic/semaphore.yml
@@ -0,0 +1,18 @@
+http:
+  routers:
+    semaphore:
+      rule: Host(`semaphore.michaelschiemer.de`)
+      entrypoints:
+        - websecure
+      service: semaphore
+      tls:
+        certResolver: letsencrypt
+      priority: 100
+  services:
+    semaphore:
+      loadBalancer:
+        # Use localhost port binding since Semaphore binds to 127.0.0.1
+        # Check actual port with: docker ps | grep semaphore
+        # Default is 3001, but may be 9300 if SEMAPHORE_PORT env var is set differently
+        servers:
+          - url: http://127.0.0.1:3001