The meshmonitor container is running on ubuntu-dev, not docker-dev.
Having both instances fight over the same Meshtastic node TCP connection
was causing repeated ECONNRESET disconnects.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The fix for YouTube API 400 errors (PR #5614) was merged Feb 3, 2026
but hasn't been included in a tagged release yet. Using master tag
to get the fix now.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sharp requires fontconfig and fonts to render SVG text elements.
Added ttf-dejavu for the dynamically generated favicon.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Static nginx container serving the main ghost.tel homepage.
Includes restart policy and /watch redirect to invidious.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- accessLog: field filtering to drop sensitive headers (Authorization)
while keeping useful ones (User-Agent, Content-Type, Referer)
- metrics: Prometheus endpoint with latency buckets (0.1, 0.3, 1.2, 5.0s)
Aligned with core's observability config.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All HTTP traffic now redirects to HTTPS at the entrypoint level,
eliminating the need for per-service redirect middleware.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The sequela.uk domain doesn't have DNS configured, causing ACME
certificate generation to fail. Removed from wikijs and matomo
routing rules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add analoggallery-public stack for analog.uplink.tel
- Update uplink.yml: remove routes now handled by Docker labels
(nitter, freshrss, rsshub, searx, analog)
- Update sequela.yml: remove routes now handled by Docker labels
(wiki.sequela.tel, matomo.sequela.tel)
- File routes now only contain external proxies (docker-public for
invidious.uplink.tel, radio.uplink.tel)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Pin postgres to 12-alpine to match existing data directory
that was initialized with PostgreSQL 12.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- deploy-prod (master → ubuntu-prod): Only deploys prod and public stacks
- deploy-dev (dev → ubuntu-dev): Only deploys dev-only stacks
- Skips stacks without stack-type labels (with warning)
- Fixed: Only create .env from template if .env doesn't exist
This prevents dev-only experimental stacks from being deployed to
production, even if they're in the master branch.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add com.ghost.tel/stack-type labels to all stacks:
- prod (17): Production services from core
- dev-only (11): Experimental/device-specific services
- public (8): Public-facing services (uplink.tel, sequela.tel)
New public stacks from docker-public:
- nitter-public: Nitter instance for uplink.tel
- freshrss-public: FreshRSS for uplink.tel
- rsshub-public: RSSHub for uplink.tel
- searx-public: SearXNG for uplink.tel
- wikijs-public: Wiki.js for sequela.tel
- matomo-public: Matomo analytics for sequela.tel
Also fixes:
- Remove obsolete 'version' key from compose files
- Fix snowflake to remove duplicate watchtower service
- Standardize compose file formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- zerotier: Change exposed port from 3180 to 3000 (actual UI port)
- zerotier: Add loadbalancer.server.port label for traefik
- traefik: Add basicAuth volume mount for dashboard-auth middleware
- test-services.sh: Fix registry URL to use /v2/ endpoint
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add registry-ui container with dockerhub.${DOMAIN} hostname
- Registry API available at registry.${DOMAIN}
- UI available at dockerhub.${DOMAIN}/ui
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests all configured service URLs and reports HTTP status.
Useful for verifying deployments and identifying routing issues.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add traefik labels to perilous docker-compose.yml for web and code-server
- Remove stacks/traefik/conf.d/perilous.yml (no longer needed)
- Changed from host ports to expose (traefik routes directly to container)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update traefik route to use Docker container names instead of host IPs
- Update Dockerfile to build full app with sharp, ejs, marked dependencies
- Simplify docker-compose.yml (remove traefik labels, use file provider routing)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add uplink.yml: Routes nitter, invidious, searx, freshrss, rsshub, radio
through ubuntu-prod to docker-public backend
- Add sequela.yml: Routes wiki and matomo through ubuntu-prod to docker-public
- Update traefik.yml: Add proxyProtocol insecure:true for VPS HAProxy
send-proxy compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Gitea: Add port 3001:3000 for external access
- Gitea: Add GITEA_RUNNER_LABELS=ubuntu-prod:host for runner
- Authentik: Add port 9000:9000 for external access
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace inv_sig_helper with invidious-companion for better YouTube API handling
- Add healthcheck for main container
- Add resource limits for all containers
- Add SQL init scripts for fresh database setup
- Update README with invidious secrets documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
