From b15dfc4a99c066be88406df259bd6367a26b48e4 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 4 May 2025 15:13:29 -0700
Subject: Whatever. Few seconds of downtime for each traefik instance isnt bad
 since the important stuff is on other ports

---
 .../roles/traefik/templates/stacks/docker-compose.yml  | 18 ++++++++++--------
 playbooks/roles/traefik/templates/stacks/traefik.yml   |  2 ++
 2 files changed, 12 insertions(+), 8 deletions(-)

(limited to 'playbooks')

diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
index ad5e228..6362b31 100644
--- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
@@ -29,16 +29,18 @@ services:
         parallelism: 1
         order: start-first
         failure_action: rollback
-        monitor: 8s
+        monitor: 2s
   traefik:
     image: traefik:v3
     depends_on:
       - headscale-client
     ports:
-      # TODO: FIGURE OUT HOW TO READ X-FORWARDED-FOR CORRECTLY
-      # http
-      - "80:80"
-      - "443:443"
+      - target: 80
+        published: 80
+        mode: host
+      - target: 443
+        published: 443
+        mode: host # to get x-forwarded-for correctly, see https://github.com/moby/moby/issues/25526
     healthcheck:
       test: traefik healthcheck --ping
       interval: 10s
@@ -57,12 +59,12 @@ services:
       - proxy
       - headnet
     deploy:
-      mode: replicated
+      mode: global
       update_config:
         parallelism: 1
-        order: start-first
+        order: stop-first # only one service eating 80/443 per host, since
         failure_action: rollback
-        monitor: 8s
+        monitor: 2s # go go go.
       labels:
         - traefik.enable=true
         - traefik.http.routers.dashboard.rule=Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
diff --git a/playbooks/roles/traefik/templates/stacks/traefik.yml b/playbooks/roles/traefik/templates/stacks/traefik.yml
index e677a60..3b9f680 100644
--- a/playbooks/roles/traefik/templates/stacks/traefik.yml
+++ b/playbooks/roles/traefik/templates/stacks/traefik.yml
@@ -12,6 +12,7 @@ entryPoints:
     forwardedHeaders:
       trustedIPs:
         - "{{ homelab_network }}"
+        - "{{ docker_network }}"
     http:
       redirections:
         entryPoint:
@@ -22,6 +23,7 @@ entryPoints:
     forwardedHeaders:
       trustedIPs:
         - "{{ homelab_network }}"
+        - "{{ docker_network }}"
 
 serversTransport:
   insecureSkipVerify: true
-- 
cgit v1.2.3-70-g09d2