From d9c8b7d6619adf7cde01cef2078cc956b8ffceb2 Mon Sep 17 00:00:00 2001
From: "Dejan R." <drozic1989@gmail.com>
Date: Mon, 1 Dec 2025 09:10:43 +0000
Subject: [PATCH] fix docler-compsoe labales

---
 docker-compose.yml | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 77a5fac..476ad74 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -44,27 +44,34 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=traefik_default"
-      
-      # HTTP → HTTPS redirect
-      - "traefik.http.routers.nextcloud.entrypoints=web"
-      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.rozic-dev.com`)"
-      - "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect"
-      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.permanent=true"
-      
-      # HTTPS Router
+
+      # -------------------------------
+      # HTTP router (for ACME challenge)
+      # -------------------------------
+      - "traefik.http.routers.nextcloud-http.entrypoints=web"
+      - "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.rozic-dev.com`)"
+      - "traefik.http.routers.nextcloud-http.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.nextcloud-http.service=noop@internal"
+
+      # -------------------------------
+      # HTTPS router (real traffic)
+      # -------------------------------
       - "traefik.http.routers.nextcloud-secure.entrypoints=websecure"
       - "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.rozic-dev.com`)"
       - "traefik.http.routers.nextcloud-secure.tls=true"
       - "traefik.http.routers.nextcloud-secure.tls.certresolver=letsencrypt"
       - "traefik.http.routers.nextcloud-secure.service=nextcloud"
       - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-headers"
-      
-      # Nextcloud-specific security headers
+
+      # -------------------------------
+      # Security headers middleware
+      # -------------------------------
       - "traefik.http.middlewares.nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"
       - "traefik.http.middlewares.nextcloud-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains"
-      
-      # Internal port inside container
+
+      # -------------------------------
+      # Service (internal port)
+      # -------------------------------
       - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
 
   mariadb:
@@ -107,4 +114,4 @@ services:
       timeout: 5s
       retries: 5
     volumes:
-      - redis:/data
\ No newline at end of file
+      - redis:/data