feat(infra): add Traefik labels and network topology for homelab ingress
Some checks failed
Build & Publish Docker Image / build-and-push (push) Failing after 27s
Some checks failed
Build & Publish Docker Image / build-and-push (push) Failing after 27s
- kochwas service gets Traefik v2 labels matching the project's conventions: websecure entrypoint, cloudflareResolver, Host(`kochwas.siegeln.net`). - Service port 3000 exposed to Traefik only; the external port binding is gone. - Dual network: external 'proxy' (for Traefik ingress) and internal 'internal' (for kochwas ↔ searxng). traefik.docker.network hint is set. - SearXNG has no Traefik labels — intentionally only reachable from kochwas. Note: the 'proxy' network name must match the existing external Traefik network (change via 'name:' field if your homelab uses a different one like 'traefik'). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,8 +4,6 @@ services:
|
|||||||
# Tag-Override per Umgebungsvariable: KOCHWAS_TAG=sha-abcd1234 docker compose pull
|
# Tag-Override per Umgebungsvariable: KOCHWAS_TAG=sha-abcd1234 docker compose pull
|
||||||
image: gitea.siegeln.net/claude/kochwas:${KOCHWAS_TAG:-latest}
|
image: gitea.siegeln.net/claude/kochwas:${KOCHWAS_TAG:-latest}
|
||||||
pull_policy: always
|
pull_policy: always
|
||||||
ports:
|
|
||||||
- '3000:3000'
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/data
|
- ./data:/data
|
||||||
environment:
|
environment:
|
||||||
@@ -16,8 +14,22 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
- searxng
|
- searxng
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
# Router for HTTPS traffic
|
||||||
|
- "traefik.http.routers.kochwas.rule=Host(`kochwas.siegeln.net`)"
|
||||||
|
- "traefik.http.routers.kochwas.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.kochwas.tls.certresolver=cloudflareResolver"
|
||||||
|
# Specify which port Traefik should forward traffic to inside the container
|
||||||
|
- "traefik.http.services.kochwas.loadbalancer.server.port=3000"
|
||||||
|
# Explicitly tell Traefik which network to use (since kochwas is on two networks)
|
||||||
|
- "traefik.docker.network=proxy"
|
||||||
|
|
||||||
searxng:
|
searxng:
|
||||||
|
# Absichtlich nur intern erreichbar — keine Traefik-Labels, kein externer Port.
|
||||||
image: searxng/searxng:latest
|
image: searxng/searxng:latest
|
||||||
volumes:
|
volumes:
|
||||||
- ./searxng:/etc/searxng
|
- ./searxng:/etc/searxng
|
||||||
@@ -25,3 +37,13 @@ services:
|
|||||||
- BASE_URL=http://searxng:8080/
|
- BASE_URL=http://searxng:8080/
|
||||||
- INSTANCE_NAME=kochwas-search
|
- INSTANCE_NAME=kochwas-search
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
# Muss dem Namen des externen Traefik-Netzwerks entsprechen (ggf. in `name:` ändern).
|
||||||
|
external: true
|
||||||
|
internal:
|
||||||
|
# Eigenes internes Netz für kochwas ↔ searxng. Wird von Compose automatisch angelegt.
|
||||||
|
driver: bridge
|
||||||
|
|||||||
Reference in New Issue
Block a user