From 081e1466f242553397ced296743215696ea73857 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Thu, 12 Feb 2026 21:25:04 +0100 Subject: [PATCH] fix(infra): whitelist OG images in Traefik to bypass Gatekeeper Added public router labels to ensure OG images, sitemaps, and health checks are accessible on testing/staging environments for crawlers and CI tests. --- docker-compose.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index d3e0ff6b..4a936a6b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,6 +21,15 @@ services: - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.service=${PROJECT_NAME:-klz-cables}" - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.middlewares=${AUTH_MIDDLEWARE:-${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${PROJECT_NAME:-klz-cables}-compress}" + # Public Router (Whitelist for OG Images, Sitemaps, Health) + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.rule=(${TRAEFIK_HOST_RULE:-Host(`klz-cables.com`)}) && (PathPrefix(`/health`, `/sitemap.xml`, `/robots.txt`, `/manifest.webmanifest`) || PathRegexp(`^/.*/api/og/.*`) || PathRegexp(`^/.*/opengraph-image$`))" + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.entrypoints=websecure" + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.tls.certresolver=le" + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.tls=true" + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.service=${PROJECT_NAME:-klz-cables}" + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.middlewares=${AUTH_MIDDLEWARE_UNPROTECTED:-${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${PROJECT_NAME:-klz-cables}-compress}" + - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.priority=1000" + - "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.port=3000" - "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.scheme=http" - "traefik.docker.network=infra"