aa219a4d08
- Add shared/ module: config, db, models, schemas, redis utilities - Add Auth Service (services/auth/): register, login, refresh, me, ForwardAuth /verify endpoint for Traefik - Add Traefik config: ACME/Cloudflare DNS-01, dynamic routing, ForwardAuth middleware, sticky sessions for WS Gateway - Add service scaffolds: ws-gateway, chat, batch-agent, billing (READMEs) - Add redis>=5.0.0 to requirements.txt - Monolith app/ is untouched — strangler fig migration
40 lines
810 B
YAML
40 lines
810 B
YAML
# Traefik static configuration for microservices gateway
|
|
|
|
api:
|
|
dashboard: true
|
|
insecure: true # Dashboard on :8080 (internal only in prod)
|
|
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: websecure
|
|
scheme: https
|
|
websecure:
|
|
address: ":443"
|
|
http:
|
|
tls:
|
|
certResolver: cloudflare
|
|
|
|
providers:
|
|
docker:
|
|
exposedByDefault: false
|
|
file:
|
|
directory: /etc/traefik/dynamic
|
|
watch: true
|
|
|
|
# Automatic TLS via Let's Encrypt + Cloudflare DNS-01 challenge
|
|
certificatesResolvers:
|
|
cloudflare:
|
|
acme:
|
|
email: "${ACME_EMAIL}"
|
|
storage: /etc/traefik/acme/acme.json
|
|
dnsChallenge:
|
|
provider: cloudflare
|
|
delayBeforeCheck: 10
|
|
resolvers:
|
|
- "1.1.1.1:53"
|
|
- "8.8.8.8:53"
|