From ee4eca6db3caf9b4cae45ebb6014b127de5f12f3 Mon Sep 17 00:00:00 2001
From: Dennis Postma <dennis@directonline.io>
Date: Sat, 8 Feb 2025 14:56:39 +0100
Subject: [PATCH] Added traefik

---
 docker-compose.yml | 43 ++++++++++++++++++---------------
 nginx.conf         | 41 --------------------------------
 traefik.toml       | 59 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 83 insertions(+), 60 deletions(-)
 delete mode 100644 nginx.conf
 create mode 100644 traefik.toml

diff --git a/docker-compose.yml b/docker-compose.yml
index b423184..8d4a7d3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,26 +1,10 @@
 services:
-  nginx:
-    image: nginx:alpine
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./docker/data/certbot/conf:/etc/letsencrypt
-      - ./docker/data/certbot/www:/var/www/certbot
-    depends_on:
-      - app
-    networks:
-      - app-network
-    restart: unless-stopped
   app:
     build:
       context: .
       dockerfile: Dockerfile
-#    ports:
-#      - "${PORT}:${PORT}"
-    expose:
-      - "${PORT}"
+    ports:
+      - "${PORT}:${PORT}"
     environment:
       - ENV=${ENV}
       - HOST=${HOST}
@@ -50,6 +34,26 @@ services:
     restart: unless-stopped
     networks:
       - app-network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`${HOST}`)"
+      - "traefik.http.routers.app.entrypoints=websecure"
+      - "traefik.http.routers.app.tls.certresolver=le"
+      - "traefik.http.services.app.loadbalancer.server.port=${PORT}"
+      - "traefik.http.routers.app.middlewares=websocket"
+
+  traefik:
+    image: traefik:v2.10
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - traefik_data:/data
+      - ./traefik.toml:/etc/traefik/traefik.toml
+    restart: unless-stopped
+    networks:
+      - app-network
 
   mariadb:
     image: mariadb:lts
@@ -86,4 +90,5 @@ volumes:
   app-public:
   app-logs:
   mariadb-data:
-  redis-data:
\ No newline at end of file
+  redis-data:
+  traefik_data:
\ No newline at end of file
diff --git a/nginx.conf b/nginx.conf
deleted file mode 100644
index 8ce9ffc..0000000
--- a/nginx.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-events {
-    worker_connections 1024;
-}
-
-http {
-    upstream socketio_backend {
-        server app:${PORT};
-    }
-
-    server {
-        listen 80;
-        server_name ${HOST};
-
-        location /.well-known/acme-challenge/ {
-            root /var/www/certbot;
-        }
-
-        location / {
-            return 301 https://$host$request_uri;
-        }
-    }
-
-    server {
-        listen 443 ssl;
-        server_name ${HOST};
-
-        ssl_certificate /etc/letsencrypt/live/${HOST}/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/${HOST}/privkey.pem;
-
-        location / {
-            proxy_pass http://socketio_backend;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-        }
-    }
-}
\ No newline at end of file
diff --git a/traefik.toml b/traefik.toml
new file mode 100644
index 0000000..df463ac
--- /dev/null
+++ b/traefik.toml
@@ -0,0 +1,59 @@
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http.redirections.entryPoint]
+      to = "websecure"
+      scheme = "https"
+
+  [entryPoints.websecure]
+    address = ":443"
+
+[providers.docker]
+  endpoint = "unix:///var/run/docker.sock"
+  exposedByDefault = false
+
+[certificatesResolvers.le.acme]
+  email = "your-email@example.com"
+  storage = "/data/acme.json"
+  [certificatesResolvers.le.acme.tlsChallenge]
+
+[api]
+  dashboard = true
+
+[ping] # Health check
+  entryPoint = "websecure"
+
+[http.routers.api]
+  rule = "PathPrefix(`/api`)"
+  service = "api"
+  entryPoints = ["websecure"]
+
+[http.services.api.loadBalancer]
+  [[http.services.api.loadBalancer.servers]]
+    url = "http://app:${PORT}"
+
+# Added for websocket
+[http.services.app.loadBalancer]
+  sticky = true
+  [[http.services.app.loadBalancer.servers]]
+    url = "http://app:${PORT}"
+
+# Added for websocket
+[http.routers.app]
+    rule = "Host(`${HOST}`)"
+    entrypoints = ["websecure"]
+    service = "app"
+
+    [http.routers.app.tls]
+      certresolver = "le"
+
+    [http.routers.app.middlewares]
+      # Enable websockets
+      - "websocket"
+
+[http.middlewares]
+  [http.middlewares.websocket.headers]
+      accessControlAllowHeaders = ["Origin", "Content-Type", "Accept", "Authorization"]
+      accessControlAllowMethods = ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
+      accessControlAllowOrigin = ["*"]
+      accessControlExposeHeaders = ["Content-Length", "Content-Range"]
\ No newline at end of file