services: app: image: registry.infra.mintel.me/mintel/klz-cables.com:latest restart: always networks: - infra healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "-L", "http://localhost:3000/health"] interval: 10s timeout: 5s retries: 5 start_period: 30s # Shared platform services are reachable on the `infra` network. # Pick an app-specific Redis DB index. environment: # Umami - NEXT_PUBLIC_UMAMI_WEBSITE_ID=${NEXT_PUBLIC_UMAMI_WEBSITE_ID} - NEXT_PUBLIC_UMAMI_SCRIPT_URL=${NEXT_PUBLIC_UMAMI_SCRIPT_URL:-https://analytics.infra.mintel.me/script.js} # GlitchTip (Sentry protocol) - SENTRY_DSN=${SENTRY_DSN} - NEXT_PUBLIC_SENTRY_DSN=${NEXT_PUBLIC_SENTRY_DSN:-${SENTRY_DSN}} - REDIS_URL=${REDIS_URL:-redis://redis:6379/2} - REDIS_KEY_PREFIX=${REDIS_KEY_PREFIX:-klz:} labels: - "traefik.enable=true" # HTTP → HTTPS redirect (ohne ACME-Challenge) - "traefik.http.routers.klz-cables-web.rule=(Host(`klz-cables.com`) || Host(`www.klz-cables.com`)) && !PathPrefix(`/.well-known/acme-challenge/`)" - "traefik.http.routers.klz-cables-web.entrypoints=web" - "traefik.http.routers.klz-cables-web.middlewares=redirect-https" # HTTPS router - "traefik.http.routers.klz-cables.rule=Host(`klz-cables.com`) || Host(`www.klz-cables.com`)" - "traefik.http.routers.klz-cables.entrypoints=websecure" - "traefik.http.routers.klz-cables.tls.certresolver=le" - "traefik.http.routers.klz-cables.tls=true" - "traefik.http.services.klz-cables.loadbalancer.server.port=3000" - "traefik.http.services.klz-cables.loadbalancer.server.scheme=http" # Forwarded Headers (für Apps, die HTTPS erwarten) - "traefik.http.middlewares.klz-forward.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.klz-forward.headers.customrequestheaders.X-Forwarded-Ssl=on" # Middlewares anhängen - "traefik.http.routers.klz-cables.middlewares=klz-forward,compress" networks: infra: external: true