Add uplink.tel and sequela.tel routing via ubuntu-prod proxy

- Add uplink.yml: Routes nitter, invidious, searx, freshrss, rsshub, radio
  through ubuntu-prod to docker-public backend
- Add sequela.yml: Routes wiki and matomo through ubuntu-prod to docker-public
- Update traefik.yml: Add proxyProtocol insecure:true for VPS HAProxy
  send-proxy compatibility

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

stacks/traefik/conf.d/sequela.yml

@@ -0,0 +1,33 @@
+http:
+  routers:
+    # Wiki.js
+    wikijs:
+      entrypoints:
+        - http
+        - https
+      rule: "Host(`wiki.sequela.tel`) || Host(`wiki.sequela.uk`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+    # Matomo Analytics
+    matomo:
+      entrypoints:
+        - http
+        - https
+      rule: "Host(`matomo.sequela.tel`) || Host(`matomo.sequela.uk`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+  services:
+    docker-public:
+      loadBalancer:
+        passHostHeader: true
+        serversTransport: insecure-transport
+        servers:
+          - url: "https://192.168.5.46:443"
+
+  serversTransports:
+    insecure-transport:
+      insecureSkipVerify: true

stacks/traefik/conf.d/uplink.yml

@@ -0,0 +1,75 @@
+http:
+  routers:
+    # Nitter - Twitter frontend
+    nitter:
+      entrypoints:
+        - https
+      rule: "Host(`nitter.uplink.tel`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+    # Invidious - YouTube frontend
+    invidious-uplink:
+      entrypoints:
+        - https
+      rule: "Host(`invidious.uplink.tel`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+    # SearXNG - Search engine
+    searx:
+      entrypoints:
+        - https
+      rule: "Host(`searx.uplink.tel`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+    # FreshRSS - RSS reader
+    freshrss:
+      entrypoints:
+        - https
+      rule: "Host(`freshrss.uplink.tel`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+    # RSSHub
+    rsshub:
+      entrypoints:
+        - https
+      rule: "Host(`rsshub.uplink.tel`)"
+      service: docker-public
+      tls:
+        certResolver: http
+
+    # Radio (wunder - currently offline)
+    radio:
+      entrypoints:
+        - https
+      rule: "Host(`radio.uplink.tel`)"
+      service: radio-wunder
+      tls:
+        certResolver: http
+
+  services:
+    # Proxy to docker-public's traefik (HTTPS)
+    docker-public:
+      loadBalancer:
+        passHostHeader: true
+        serversTransport: insecure-transport
+        servers:
+          - url: "https://192.168.5.46:443"
+
+    # Radio points to wunder (offline)
+    radio-wunder:
+      loadBalancer:
+        passHostHeader: true
+        servers:
+          - url: "http://100.64.0.8:3000"
+
+  serversTransports:
+    insecure-transport:
+      insecureSkipVerify: true

stacks/traefik/traefik.yml

@@ -8,8 +8,12 @@ api:
 entryPoints:
   http:
     address: ":80"
+    proxyProtocol:
+      insecure: true
   https:
     address: ":443"
+    proxyProtocol:
+      insecure: true
 
 providers:
   providersThrottleDuration: 2s