added fix for docker-compose.yml

2025-11-30 17:45:48 +00:00 · 2025-11-30 17:45:48 +00:00 · c3e26bd98c
parent 54caa66067
commit c3e26bd98c
1 changed files with 31 additions and 11 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -34,34 +34,53 @@ services:
    # Traefik Reverse Proxy Labels
    # -----------------------------
    labels:
-      # Enable Traefik
+      # ──────────────────────────────
+      # Enable Traefik for this container
+      # ──────────────────────────────
      - "traefik.enable=true"

-      # HTTP → HTTPS redirect (recommended)
+      # ──────────────────────────────
+      # HTTP → HTTPS redirect router
+      # ──────────────────────────────
      - "traefik.http.routers.mealie-http.entrypoints=web"
      - "traefik.http.routers.mealie-http.rule=Host(`mealie.rozic-dev.com`)"
-      - "traefik.http.routers.mealie-http.middlewares=redirect-to-https"
-      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
+      - "traefik.http.routers.mealie-http.middlewares=mealie-redirect"

-      # HTTPS router
+      # ──────────────────────────────
+      # HTTPS router (the real one)
+      # ──────────────────────────────
      - "traefik.http.routers.mealie.entrypoints=websecure"
      - "traefik.http.routers.mealie.rule=Host(`mealie.rozic-dev.com`)"
-      - "traefik.http.routers.mealie.tls.certresolver=letsencrypt"
      - "traefik.http.routers.mealie.tls=true"
+      - "traefik.http.routers.mealie.tls.certresolver=letsencrypt"   # ← change only if your resolver has a different name
+      - "traefik.http.routers.mealie.middlewares=mealie-chain"

-      # Service port
+      # ──────────────────────────────
+      # Service (where Traefik forwards the traffic)
+      # ──────────────────────────────
      - "traefik.http.services.mealie.loadbalancer.server.port=9000"

-      # Security headers middleware (improved)
-      - "traefik.http.middlewares.mealie-security.headers.customResponseHeaders.X-Robots-Tag=none"
+      # ──────────────────────────────
+      # Middleware: redirect HTTP → HTTPS
+      # ──────────────────────────────
+      - "traefik.http.middlewares.mealie-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.mealie-redirect.redirectscheme.permanent=true"
+
+      # ──────────────────────────────
+      # Middleware: security headers
+      # ──────────────────────────────
      - "traefik.http.middlewares.mealie-security.headers.stsSeconds=63072000"
      - "traefik.http.middlewares.mealie-security.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.mealie-security.headers.stsPreload=true"
      - "traefik.http.middlewares.mealie-security.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.mealie-security.headers.browserXssFilter=true"
      - "traefik.http.middlewares.mealie-security.headers.referrerPolicy=same-origin"
-      - "traefik.http.routers.mealie.middlewares=mealie-security"
+      - "traefik.http.middlewares.mealie-security.headers.customResponseHeaders.X-Robots-Tag=none"
+
+      # ──────────────────────────────
+      # Chain: redirect + security headers (applied only to HTTPS router)
+      # ──────────────────────────────
+      - "traefik.http.middlewares.mealie-chain.chain.middlewares=mealie-security"
    deploy:
      resources:
        limits:
@ -74,6 +93,7 @@ services:
    restart: always
    networks:
      - internal
+      - traefik
    environment:
      POSTGRES_DB: mealie
      POSTGRES_USER: mealie