mmintel/klz-cables.com
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(infra): guaranteed Traefik bypass for OG images and sitemaps
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 10s
Details
Build & Deploy / 🧪 QA (push) Successful in 1m20s
Details
Build & Deploy / 🏗️ Build (push) Has started running
Details
Build & Deploy / 🚀 Deploy (push) Has been cancelled
Details
Build & Deploy / 🧪 Smoke Test (push) Has been cancelled
Details
Build & Deploy / 🔔 Notify (push) Has been cancelled
Details

Browse Source 
- Added explicit Host match and PathPrefixes to public router in docker-compose.yml.
- Increased priority of public router to 2000.
- Updated middleware.ts to bypass next-intl for OG images and API routes.
- Verified local rendering of OG images.
This commit is contained in:
Marc Mintel
2026-02-12 22:18:21 +01:00
parent 459716d09c
commit 0fff5ae52a
4 changed files with 2903 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.yml
View File

@@ -22,13 +22,13 @@ services:
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}.middlewares=${AUTH_MIDDLEWARE:-${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${PROJECT_NAME:-klz-cables}-compress}"
# Public Router (Whitelist for OG Images, Sitemaps, Health)
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.rule=PathPrefix(`/health`, `/sitemap.xml`, `/robots.txt`, `/manifest.webmanifest`) || PathRegexp(`.*api/og/.*`) || PathRegexp(`.*opengraph-image$`) || PathRegexp(`.*opengraph-image\\?.*`)"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.rule=(${TRAEFIK_HOST_RULE:-Host(`klz-cables.com`)}) && (PathPrefix(`/health`, `/sitemap.xml`, `/robots.txt`, `/manifest.webmanifest`, `/api/og`) || PathPrefix(`/de/opengraph-image`, `/en/opengraph-image`, `/de/blog/opengraph-image`, `/en/blog/opengraph-image`, `/de/products/opengraph-image`, `/en/products/opengraph-image`) || PathRegexp(`^/.*opengraph-image.*$`))"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.entrypoints=websecure"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.tls.certresolver=le"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.tls=true"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.service=${PROJECT_NAME:-klz-cables}"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.middlewares=${AUTH_MIDDLEWARE_UNPROTECTED:-${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${PROJECT_NAME:-klz-cables}-compress}"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.priority=1000"
- "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.priority=2000"
- "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.port=3000"
- "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.scheme=http"