- accessLog: field filtering to drop sensitive headers (Authorization)
while keeping useful ones (User-Agent, Content-Type, Referer)
- metrics: Prometheus endpoint with latency buckets (0.1, 0.3, 1.2, 5.0s)
Aligned with core's observability config.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All HTTP traffic now redirects to HTTPS at the entrypoint level,
eliminating the need for per-service redirect middleware.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add analoggallery-public stack for analog.uplink.tel
- Update uplink.yml: remove routes now handled by Docker labels
(nitter, freshrss, rsshub, searx, analog)
- Update sequela.yml: remove routes now handled by Docker labels
(wiki.sequela.tel, matomo.sequela.tel)
- File routes now only contain external proxies (docker-public for
invidious.uplink.tel, radio.uplink.tel)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add com.ghost.tel/stack-type labels to all stacks:
- prod (17): Production services from core
- dev-only (11): Experimental/device-specific services
- public (8): Public-facing services (uplink.tel, sequela.tel)
New public stacks from docker-public:
- nitter-public: Nitter instance for uplink.tel
- freshrss-public: FreshRSS for uplink.tel
- rsshub-public: RSSHub for uplink.tel
- searx-public: SearXNG for uplink.tel
- wikijs-public: Wiki.js for sequela.tel
- matomo-public: Matomo analytics for sequela.tel
Also fixes:
- Remove obsolete 'version' key from compose files
- Fix snowflake to remove duplicate watchtower service
- Standardize compose file formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- zerotier: Change exposed port from 3180 to 3000 (actual UI port)
- zerotier: Add loadbalancer.server.port label for traefik
- traefik: Add basicAuth volume mount for dashboard-auth middleware
- test-services.sh: Fix registry URL to use /v2/ endpoint
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add traefik labels to perilous docker-compose.yml for web and code-server
- Remove stacks/traefik/conf.d/perilous.yml (no longer needed)
- Changed from host ports to expose (traefik routes directly to container)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update traefik route to use Docker container names instead of host IPs
- Update Dockerfile to build full app with sharp, ejs, marked dependencies
- Simplify docker-compose.yml (remove traefik labels, use file provider routing)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add uplink.yml: Routes nitter, invidious, searx, freshrss, rsshub, radio
through ubuntu-prod to docker-public backend
- Add sequela.yml: Routes wiki and matomo through ubuntu-prod to docker-public
- Update traefik.yml: Add proxyProtocol insecure:true for VPS HAProxy
send-proxy compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
