fix(infra): whitelist OG images in Traefik to bypass Gatekeeper

Added public router labels to ensure OG images, sitemaps, and health checks are accessible on testing/staging environments for crawlers and CI tests.
2026-02-12 21:25:04 +01:00
parent fc9746335d
commit 9746416146
1 changed files with 9 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,6 +21,15 @@ services:
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.service=${PROJECT_NAME:-klz-cables}"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.middlewares=${AUTH_MIDDLEWARE:-${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${PROJECT_NAME:-klz-cables}-compress}"

+      # Public Router (Whitelist for OG Images, Sitemaps, Health)
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.rule=(${TRAEFIK_HOST_RULE:-Host(`klz-cables.com`)}) && (PathPrefix(`/health`, `/sitemap.xml`, `/robots.txt`, `/manifest.webmanifest`) || PathRegexp(`^/.*/api/og/.*`) || PathRegexp(`^/.*/opengraph-image$`))"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.tls.certresolver=le"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.service=${PROJECT_NAME:-klz-cables}"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.middlewares=${AUTH_MIDDLEWARE_UNPROTECTED:-${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${PROJECT_NAME:-klz-cables}-compress}"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-public.priority=1000"
+
      - "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.port=3000"
      - "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.scheme=http"
      - "traefik.docker.network=infra"