fix(traefik): set Logto router priority=1 to prevent route hijacking
Traefik auto-calculates router priority from rule string length. When deployed with a domain longer than 23 chars (e.g. app.cameleer.io), Host(`app.cameleer.io`) (25 chars) outranks PathPrefix(`/platform`) (23 chars), causing ALL requests — including /platform/* — to route to Logto instead of the SaaS app. This breaks login because the sign-in UI loads without an OIDC interaction session. Setting priority=1 makes Logto a true catch-all, matching the intent documented in docker/CLAUDE.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -94,6 +94,7 @@ services:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- "traefik.http.routers.cameleer-logto.rule=Host(`${AUTH_HOST:-localhost}`)"
|
||||
- traefik.http.routers.cameleer-logto.priority=1
|
||||
- traefik.http.routers.cameleer-logto.entrypoints=websecure
|
||||
- traefik.http.routers.cameleer-logto.tls=true
|
||||
- traefik.http.routers.cameleer-logto.service=cameleer-logto
|
||||
|
||||
@@ -41,6 +41,7 @@ services:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- "traefik.http.routers.cameleer-logto.rule=Host(`${AUTH_HOST:-localhost}`)"
|
||||
- traefik.http.routers.cameleer-logto.priority=1
|
||||
- traefik.http.routers.cameleer-logto.entrypoints=websecure
|
||||
- traefik.http.routers.cameleer-logto.tls=true
|
||||
- traefik.http.routers.cameleer-logto.service=cameleer-logto
|
||||
|
||||
Reference in New Issue
Block a user