Michael Schiemer
36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
61 lines
2.3 KiB
YAML
61 lines
2.3 KiB
YAML
# Local Development Configuration for Traefik
|
|
# Usage: docker compose -f docker-compose.local.yml up -d
|
|
#
|
|
# This configuration is optimized for local development:
|
|
# - Bridge network instead of host mode
|
|
# - Port mappings: 8081:80 (HTTP) and 8093:8080 (API/Dashboard)
|
|
# Note: 8443:443 is used by the web container, and we don't need HTTPS for Traefik locally
|
|
# - No ACME/Let's Encrypt (HTTP-only)
|
|
# - Simplified healthcheck
|
|
|
|
services:
|
|
traefik:
|
|
image: traefik:v3.0
|
|
container_name: traefik-local
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
# Use bridge network for local development (avoids port conflicts)
|
|
# Ports 80/443 might be in use by other services
|
|
# For local development, we only use HTTP (no HTTPS needed)
|
|
# Note: 8443:443 is used by the web container
|
|
ports:
|
|
- "8081:80" # HTTP on port 80 (mapped to host port 8081)
|
|
- "8093:8080" # Traefik API entrypoint (for api.insecure=true dashboard)
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
command:
|
|
# Load static configuration file
|
|
- "--configFile=/traefik.yml"
|
|
volumes:
|
|
# Docker socket for service discovery
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
# Static configuration for local development
|
|
- ./traefik.local.yml:/traefik.yml:ro
|
|
# Dynamic configuration (shared with production config)
|
|
# Note: These configs reference letsencrypt resolver which we don't configure locally
|
|
# This will cause harmless errors in logs but won't break functionality
|
|
- ./dynamic:/dynamic:ro
|
|
networks:
|
|
- traefik-public
|
|
labels:
|
|
# Note: With api.insecure=true, Traefik should automatically serve the dashboard
|
|
# at /dashboard/ and /api/ without needing router labels.
|
|
# However, if this doesn't work in bridge network mode, we may need explicit routing.
|
|
# For now, we'll try without labels and see if api.insecure=true works directly.
|
|
- "traefik.enable=true"
|
|
healthcheck:
|
|
# Use Traefik's built-in healthcheck command (works in minimal image)
|
|
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 15s
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|
|
# Create this network if it doesn't exist:
|
|
# docker network create traefik-public
|
|
|