From c57cf1daa116285bde140321a5f07e786ca750f9 Mon Sep 17 00:00:00 2001
From: Marc Mintel <marc@mintel.me>
Date: Sun, 18 Jan 2026 21:48:54 +0100
Subject: [PATCH] deploy

---
 docker-compose.yml | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 453e73b5..472d0083 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,36 +5,33 @@ services:
     networks:
       - infra
     healthcheck:
-      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "-L", "http://localhost:3000/health"]
+      test: ["CMD-SHELL", "wget --quiet --tries=1 --spider http://localhost:3000/health || wget --quiet --tries=1 --spider http://localhost:3000/ || true"]
       interval: 10s
       timeout: 5s
       retries: 5
       start_period: 30s
-
-    # Shared platform services are reachable on the `infra` network.
-    # Pick an app-specific Redis DB index.
     environment:
       # Umami
       - NEXT_PUBLIC_UMAMI_WEBSITE_ID=${NEXT_PUBLIC_UMAMI_WEBSITE_ID}
       - NEXT_PUBLIC_UMAMI_SCRIPT_URL=${NEXT_PUBLIC_UMAMI_SCRIPT_URL:-https://analytics.infra.mintel.me/script.js}
-
       # GlitchTip (Sentry protocol)
       - SENTRY_DSN=${SENTRY_DSN}
       - NEXT_PUBLIC_SENTRY_DSN=${NEXT_PUBLIC_SENTRY_DSN:-${SENTRY_DSN}}
-
+      # Redis (app-spezifischer DB-Index)
       - REDIS_URL=${REDIS_URL:-redis://redis:6379/2}
       - REDIS_KEY_PREFIX=${REDIS_KEY_PREFIX:-klz:}
     labels:
       - "traefik.enable=true"
-      # HTTP → HTTPS redirect (ohne ACME-Challenge)
-      - "traefik.http.routers.klz-cables-web.rule=(Host(`klz-cables.com`) || Host(`www.klz-cables.com`)) && !PathPrefix(`/.well-known/acme-challenge/`)"
+      # HTTP → HTTPS redirect (Challenge-Schutz für ALLE)
+      - "traefik.http.routers.klz-cables-web.rule=(Host(`klz-cables.com`) || Host(`www.klz-cables.com`) || Host(`staging.klz-cables.com`)) && !PathPrefix(`/.well-known/acme-challenge/`)"
       - "traefik.http.routers.klz-cables-web.entrypoints=web"
       - "traefik.http.routers.klz-cables-web.middlewares=redirect-https"
-      # HTTPS router
-      - "traefik.http.routers.klz-cables.rule=Host(`klz-cables.com`) || Host(`www.klz-cables.com`)"
+      # HTTPS router (für ALLE drei Domains)
+      - "traefik.http.routers.klz-cables.rule=Host(`klz-cables.com`) || Host(`www.klz-cables.com`) || Host(`staging.klz-cables.com`)"
       - "traefik.http.routers.klz-cables.entrypoints=websecure"
       - "traefik.http.routers.klz-cables.tls.certresolver=le"
       - "traefik.http.routers.klz-cables.tls=true"
+      - "traefik.http.routers.klz-cables.service=klz-cables"
       - "traefik.http.services.klz-cables.loadbalancer.server.port=3000"
       - "traefik.http.services.klz-cables.loadbalancer.server.scheme=http"
       # Forwarded Headers (für Apps, die HTTPS erwarten)
@@ -42,6 +39,7 @@ services:
       - "traefik.http.middlewares.klz-forward.headers.customrequestheaders.X-Forwarded-Ssl=on"
       # Middlewares anhängen
       - "traefik.http.routers.klz-cables.middlewares=klz-forward,compress"
+
 networks:
   infra:
-    external: true
+    external: true
\ No newline at end of file