Disable traefik temporarily

stacks/apps/adminer/stack.yml

@@ -4,12 +4,12 @@ services:
     networks:
     - homelab
     ports:
-      - "8091:8080"
+    - "8091:8080"
     environment:
     - ADMINER_DEFAULT_SERVER=10.0.4.10
     - ADMINER_DESIGN=nette
     healthcheck:
-      test: ["CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);"]
+      test: [ "CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);" ]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -21,13 +21,14 @@ services:
           memory: 512M
         reservations:
           memory: 128M
-      # labels: # Local route
+      labels:
-      # - "traefik.enable=true"
+      # Local route
-      # - "traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`)"
+      - traefik.enable=false
-      # - "traefik.http.routers.adminer.entrypoints=websecure"
+      - traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`)
-      # - "traefik.http.routers.adminer.tls.certresolver=cloudflare"
+      - traefik.http.routers.adminer.entrypoints=websecure
-      # - "traefik.http.services.adminer.loadbalancer.server.port=8080"
+      - traefik.http.routers.adminer.tls.certresolver=cloudflare
-      # - "traefik.swarm.network=homelab"
+      - traefik.http.services.adminer.loadbalancer.server.port=8080
+      - traefik.swarm.network=homelab
 networks:
   homelab:
     external: true

stacks/apps/authentik/stack.yml

@@ -9,7 +9,7 @@ services:
     networks:
     - homelab
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: [ "CMD", "redis-cli", "ping" ]
       interval: 30s
       timeout: 5s
       retries: 3
@@ -45,7 +45,7 @@ services:
     networks:
     - homelab
     healthcheck:
-      test: ["CMD-SHELL", "ak healthcheck"]
+      test: [ "CMD-SHELL", "ak healthcheck" ]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -59,12 +59,12 @@ services:
         reservations:
           memory: 512M
       labels:
-        - "traefik.enable=true"
+      - "traefik.enable=false"
-        - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
+      - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
-        - "traefik.http.routers.authentik.entrypoints=websecure"
+      - "traefik.http.routers.authentik.entrypoints=websecure"
-        - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
+      - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
-        - "traefik.http.services.authentik.loadbalancer.server.port=9000"
+      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
-        - "traefik.swarm.network=homelab"
+      - "traefik.swarm.network=homelab"
     depends_on:
     - redis
 

stacks/apps/outline/stack.yml

@@ -9,35 +9,35 @@ services:
   outline:
     image: outlinewiki/outline:latest
     environment:
-      - PGSSLMODE=disable
+    - PGSSLMODE=disable
-      - SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323
+    - SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323
-      - UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4
+    - UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4
-      - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline
+    - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline
-      - REDIS_URL=redis://redis:6379
+    - REDIS_URL=redis://redis:6379
-      - URL=https://flow.frostlabs.me
+    - URL=https://flow.frostlabs.me
-      - PORT=3000
+    - PORT=3000
-      - FILE_STORAGE=local
+    - FILE_STORAGE=local
-      - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
+    - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
-      - FILE_STORAGE_UPLOAD_MAX_SIZE=26214400
+    - FILE_STORAGE_UPLOAD_MAX_SIZE=26214400
-      # OIDC/SSO Configuration for Authentik
+    # OIDC/SSO Configuration for Authentik
-      - OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST
+    - OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST
-      - OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG
+    - OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG
-      - OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/
+    - OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/
-      - OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/
+    - OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/
-      - OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/
+    - OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/
-      - OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/
+    - OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/
-      - OIDC_USERNAME_CLAIM=preferred_username
+    - OIDC_USERNAME_CLAIM=preferred_username
-      - OIDC_DISPLAY_NAME=Authentik
+    - OIDC_DISPLAY_NAME=Authentik
-      - OIDC_SCOPES=openid profile email
+    - OIDC_SCOPES=openid profile email
     volumes:
-      - /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data
+    - /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data
     networks:
-      - homelab
+    - homelab
     deploy:
       replicas: 1
       placement:
         constraints:
-          - node.hostname == p0
+        - node.hostname == p0
       restart_policy:
         condition: any
       # resources:
@@ -47,15 +47,15 @@ services:
       #   reservations:
       #     memory: 512M
       labels:
-        - "traefik.enable=true"
+      - "traefik.enable=falso"
-        - "traefik.docker.network=homelab"
+      - "traefik.docker.network=homelab"
-        - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
+      - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
-        - "traefik.http.routers.outline.entrypoints=websecure"
+      - "traefik.http.routers.outline.entrypoints=websecure"
-        - "traefik.http.routers.outline.tls=true"
+      - "traefik.http.routers.outline.tls=true"
-        - "traefik.http.routers.outline.tls.certresolver=cloudflare"
+      - "traefik.http.routers.outline.tls.certresolver=cloudflare"
-        - "traefik.http.services.outline.loadbalancer.server.port=3000"
+      - "traefik.http.services.outline.loadbalancer.server.port=3000"
     depends_on:
-      - redis
+    - redis
 
   # postgres:
   #   image: postgres:16-alpine
@@ -91,14 +91,14 @@ services:
   redis:
     image: redis:7-alpine
     volumes:
-      - /home/doc/projects/swarm-data/appdata/outline/redis:/data
+    - /home/doc/projects/swarm-data/appdata/outline/redis:/data
     networks:
-      - homelab
+    - homelab
     deploy:
       replicas: 1
       placement:
         constraints:
-          - node.hostname == p0
+        - node.hostname == p0
     #   restart_policy:
     #     condition: on-failure
     #     delay: 5s

stacks/apps/paperless/stack.yml

@@ -4,7 +4,7 @@ services:
     networks:
     - homelab
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: [ "CMD", "redis-cli", "ping" ]
       interval: 30s
       timeout: 5s
       retries: 3
@@ -30,7 +30,7 @@ services:
     - paperless-admin-pass
     environment:
     - PAPERLESS_DBPASS_FILE=/run/secrets/postgres-master
-    - PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key  
+    - PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key
     - PAPERLESS_ADMIN_PASSWORD_FILE=/run/secrets/paperless-admin-pass
     # - PAPERLESS_URLS=https://docs.frostlabs.me
     # - PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home
@@ -39,7 +39,7 @@ services:
     - PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me
     - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me
     - PAPERLESS_REDIS=redis://paperless_redis:6379
-    - PAPERLESS_DBHOST=10.0.4.10                    # Fixed: removed http://
+    - PAPERLESS_DBHOST=10.0.4.10
     - PAPERLESS_DBPORT=5432
     - PAPERLESS_DBNAME=paperless
     - PAPERLESS_DBUSER=admin
@@ -56,7 +56,7 @@ services:
     networks:
     - homelab
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8000"]
+      test: [ "CMD", "curl", "-f", "http://localhost:8000" ]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -70,14 +70,14 @@ services:
         reservations:
           memory: 1G
       labels:
-      - "traefik.enable=true"
+      - "traefik.enable=false"
       - "traefik.swarm.network=homelab"
       - "traefik.http.routers.paperless.rule=Host(`docs.home.frostlabs.me`)"
       - "traefik.http.routers.paperless.entrypoints=websecure"
       - "traefik.http.routers.paperless.tls=true"
       - "traefik.http.routers.paperless.service=paperless"
       - "traefik.http.services.paperless.loadbalancer.server.port=8000"
-    depends_on:                                      # Fixed: removed postgres dependency
+    depends_on:
     - paperless_redis
 
 networks:
@@ -90,4 +90,4 @@ secrets:
   paperless-secret-key:
     external: true
   postgres-master:
-    external: true
+    external: true

stacks/apps/uptime/stack.yml

@@ -2,13 +2,13 @@ services:
   uptime-kuma:
     image: louislam/uptime-kuma:1.23.16
     volumes:
-      - /home/doc/projects/swarm-data/appdata/uptime:/app/data
+    - /home/doc/projects/swarm-data/appdata/uptime:/app/data
     environment:
-      - TZ=America/New_York
+    - TZ=America/New_York
     networks:
-      - homelab
+    - homelab
     healthcheck:
-      test: ["CMD", "node", "/app/extra/healthcheck.js"]
+      test: [ "CMD", "node", "/app/extra/healthcheck.js" ]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -28,13 +28,13 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "traefik.enable=true"
+      - "traefik.enable=false"
-        - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)"
+      - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)"
-        - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
+      - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
-        - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"
+      - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"
-        - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
+      - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
-        - "traefik.docker.network=homelab"
+      - "traefik.docker.network=homelab"
 
 networks:
   homelab:
-    external: true
+    external: true

stacks/core/portainer/stack.yml

@@ -12,10 +12,10 @@ services:
       mode: replicated
       replicas: 1
       placement:
-        constraints: 
+        constraints:
-          - node.hostname == p0
+        - node.hostname == p0
       labels:
-      - "traefik.enable=true"
+      - "traefik.enable=false"
       - "traefik.swarm.network=homelab"
       - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
       - "traefik.http.routers.portainer.entrypoints=websecure"

stacks/core/traefik-test/stack.yml

@@ -0,0 +1,118 @@
+services:
+  traefik:
+    image: traefik:v3.5
+
+    networks:
+    # Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
+    - homelab-local
+
+    ports:
+    # Expose Traefik's entry points to the Swarm
+    # Swarm requires the long syntax for ports.
+    - target: 80 # Container port (Traefik web entry point)
+      published: 80 # Host port exposed on the nodes
+      protocol: tcp
+      # 'host' mode binds directly to the node's IP where the task runs.
+      # 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes).
+      # Choose based on your load balancing strategy. 'host' is often simpler if using an external LB.
+      mode: host
+    - target: 443 # Container port ( Traefik websecure entry point)
+      published: 443 # Host port
+      protocol: tcp
+      mode: host
+
+    volumes:
+    # Mount the Docker socket for the Swarm provider
+    # This MUST be run from a manager node to access the Swarm API via the socket.
+    - /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket
+    - /home/doc/projects/swarm-data/appdata/traefik/certificates/local:/certs:ro
+    - /home/doc/projects/swarm/conf/traefik-local-conf:/dynamic:ro
+    # Traefik Static configuration via command-line arguments
+    command:
+    # HTTP EntryPoint
+    - "--entrypoints.web.address=:80"
+
+    # Configure HTTP to HTTPS Redirection
+    - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+    - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+    - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+
+    # HTTPS EntryPoint
+    - "--entrypoints.websecure.address=:443"
+    - "--entrypoints.websecure.http.tls=true"
+
+    # Attach dynamic TLS file
+    - "--providers.file.filename=/dynamic/tls.yaml"
+
+    # Providers
+
+    # Enable the Docker Swarm provider (instead of Docker provider)
+    - "--providers.swarm.endpoint=unix:///var/run/docker.sock"
+
+    # Watch for Swarm service changes (requires socket access)
+    - "--providers.swarm.watch=true"
+
+    # Recommended: Don't expose services by default; require explicit labels
+    - "--providers.swarm.exposedbydefault=false"
+
+    # Specify the default network for Traefik to connect to services
+    - "--providers.swarm.network=homelab-local"
+
+    # API & Dashboard
+    - "--api.dashboard=true" # Enable the dashboard
+    - "--api.insecure=false" # Explicitly disable insecure API mod
+
+    # Observability
+    - "--log.level=INFO" # Set the Log Level e.g INFO, DEBUG
+    - "--accesslog=true" # Enable Access Logs
+    - "--metrics.prometheus=falso" # Enable Prometheus
+
+    deploy:
+      replicas: 1
+      placement:
+
+        # Placement constraints restrict where Traefik tasks can run.
+        # Running on manager nodes is common for accessing the Swarm API via the socket.
+        constraints:
+        - node.hostname == p0
+
+      # Traefik Dynamic configuration via labels
+      # In Swarm, labels on the service definition configure Traefik routing for that service.
+      labels:
+      - "traefik.enable=true"
+
+      # Dashboard router
+      - "traefik.http.routers.dashboard.rule=Host(`dashboard.swarm.localhost`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+
+      # Basic‑auth middleware
+      - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$KWe9YrFZ$$pCQuQTJD16kxFTrVOtL8f."
+      - "traefik.http.routers.dashboard.middlewares=dashboard-auth@swarm"
+
+      # Service hint
+      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
+
+  # Deploy the Whoami application
+  whoami:
+    image: traefik/whoami
+    networks:
+    - homelab-local
+    deploy:
+      labels:
+      # Enable Service discovery for Traefik
+      - "traefik.enable=true"
+      # Define the WHoami router rule
+      - "traefik.http.routers.whoami.rule=Host(`whoami.swarm.localhost`)"
+      # Expose Whoami on the HTTPS entrypoint
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      # Enable TLS
+      - "traefik.http.routers.whoami.tls=true"
+      # Expose the whoami port number to Traefik
+      - traefik.http.services.whoami.loadbalancer.server.port=80
+
+# Define the overlay network for Swarm
+networks:
+  homelab-local:
+    external: true

stacks/core/traefik/stack.yml

@@ -1,80 +0,0 @@
-services:
-  traefik:
-    image: traefik:v3.5
-    command:
-    - --api.dashboard=true
-    - --api.insecure=true
-    - --ping=true
-    - --entrypoints.web.address=:80
-    - --entrypoints.websecure.address=:443
-    - --entrypoints.local.address=:8443
-    - --entrypoints.web.http.redirections.entrypoint.to=websecure
-    - --entrypoints.web.http.redirections.entrypoint.scheme=https
-    - --providers.swarm=true
-    - --providers.swarm.exposedByDefault=false
-    - --providers.swarm.network=homelab
-    - --providers.swarm.watch=true
-    - --providers.file.directory=/etc/traefik/dynamic
-    - --providers.file.watch=true
-    - --certificatesresolvers.cloudflare.acme.dnschallenge=true
-    - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
-    - --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com
-    - --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json
-    - --log.level=DEBUG
-    - --accesslog=true
-    ports:
-    - target: 80
-      published: 80
-      mode: host
-    - target: 443
-      published: 443
-      mode: host
-    - target: 8443
-      published: 8443
-      mode: host
-    - target: 8080
-      published: 8082
-      mode: host
-    environment:
-    - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
-    volumes:
-    - /var/run/docker.sock:/var/run/docker.sock:ro
-    - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
-    - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
-    secrets:
-    - cloudflare_api_token
-    networks:
-    - homelab
-    healthcheck:
-      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
-      interval: 30s
-      timeout: 5s
-      retries: 3
-      start_period: 30s
-    deploy:
-      mode: replicated
-      replicas: 1
-      placement:
-        constraints:
-        - node.hostname == p0
-      resources:
-        limits:
-          memory: 512M
-          cpus: '0.5'
-        reservations:
-          memory: 256M
-      labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)"
-      - "traefik.http.routers.traefik.entrypoints=websecure"
-      - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
-      - "traefik.http.routers.traefik.service=api@internal"
-      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
-
-networks:
-  homelab:
-    external: true
-
-secrets:
-  cloudflare_api_token:
-    external: true