fix(analytics): bypass gatekeeper and middleware for tracking endpoints

2026-02-06 23:16:52 +01:00
parent 333111f03b
commit d5eb20a341
2 changed files with 17 additions and 8 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,19 +28,24 @@ services:
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-web.rule=Host(`${TRAEFIK_HOST}`) && !PathPrefix(`/.well-known/acme-challenge/`)"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-web.entrypoints=web"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-web.middlewares=redirect-https"
-      # HTTPS router
-      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.rule=Host(`${TRAEFIK_HOST}`)"
+      # HTTPS router (Protected)
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.rule=Host(`${TRAEFIK_HOST}`) && !PathPrefix(`/stats`, `/errors`)"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.entrypoints=websecure"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.tls.certresolver=le"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.tls=true"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.service=${PROJECT_NAME:-klz-cables}"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.middlewares=${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${AUTH_MIDDLEWARE:-compress}"
+
+      # HTTPS router (Unprotected - for Analytics & Errors)
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-unprotected.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/stats`, `/errors`)"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-unprotected.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-unprotected.tls.certresolver=le"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-unprotected.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-unprotected.service=${PROJECT_NAME:-klz-cables}"
+      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-unprotected.middlewares=${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,compress"
+
      - "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.port=80"
      - "traefik.http.services.${PROJECT_NAME:-klz-cables}.loadbalancer.server.scheme=http"
-      # Forwarded Headers
-      - "traefik.http.middlewares.${PROJECT_NAME:-klz-cables}-forward.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.middlewares.${PROJECT_NAME:-klz-cables}-forward.headers.customrequestheaders.X-Forwarded-Ssl=on"
-      # Middlewares
-      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}.middlewares=${PROJECT_NAME:-klz-cables}-ratelimit,${PROJECT_NAME:-klz-cables}-forward,${AUTH_MIDDLEWARE:-compress}"
      - "traefik.docker.network=infra"

      # Gatekeeper Router (to show the login page)
@@ -50,6 +55,10 @@ services:
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-gatekeeper.tls=true"
      - "traefik.http.routers.${PROJECT_NAME:-klz-cables}-gatekeeper.service=${PROJECT_NAME:-klz-cables}-gatekeeper"

+      # Forwarded Headers
+      - "traefik.http.middlewares.${PROJECT_NAME:-klz-cables}-forward.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.${PROJECT_NAME:-klz-cables}-forward.headers.customrequestheaders.X-Forwarded-Ssl=on"
+
      # Middleware Definitions
      - "traefik.http.middlewares.${PROJECT_NAME:-klz-cables}-ratelimit.ratelimit.average=100"
      - "traefik.http.middlewares.${PROJECT_NAME:-klz-cables}-ratelimit.ratelimit.burst=50"
--- a/middleware.ts
+++ b/middleware.ts
@@ -62,5 +62,5 @@ export default function middleware(request: NextRequest) {

 export const config = {
  // Match only internationalized pathnames
-  matcher: ['/((?!api|_next|_vercel|health|.*\\..*).*)', '/', '/(de|en)/:path*'],
+  matcher: ['/((?!api|_next|_vercel|stats|errors|health|.*\\..*).*)', '/', '/(de|en)/:path*'],
 };