From 17d5bd106921b4107cc37a458c3f6b3b900cf189 Mon Sep 17 00:00:00 2001
From: primal <primal@primal.host>
Date: Mon, 2 Feb 2026 16:27:19 -0500
Subject: [PATCH] Revert to Docker label-based Traefik config

File-based config added unnecessary complexity for this use case.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .launch.sh         |  3 +++
 docker-compose.yml | 35 ++++++++++++++++++++++--
 traefik.yml        | 67 ----------------------------------------------
 3 files changed, 36 insertions(+), 69 deletions(-)
 create mode 100755 .launch.sh
 delete mode 100644 traefik.yml

diff --git a/.launch.sh b/.launch.sh
new file mode 100755
index 0000000..1124257
--- /dev/null
+++ b/.launch.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+~/apps/.launch.sh "$@"
diff --git a/docker-compose.yml b/docker-compose.yml
index 7c07b23..ca03180 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
   pds-1440-news:
-    image: ghcr.io/bluesky-social/pds:0.4.204
-    container_name: atproto-1440news-pds
+    image: ghcr.io/bluesky-social/pds:0.4
+    container_name: pds-1440-news
     restart: unless-stopped
     volumes:
       - ./data:/pds
@@ -9,6 +9,37 @@ services:
       - pds.env
     networks:
       - proxy
+    labels:
+      - "traefik.enable=true"
+      # PDS API endpoint: pds.1440.news and 1440.news (alias)
+      - "traefik.http.routers.pds-1440-news.rule=Host(`pds.1440.news`) || Host(`1440.news`)"
+      - "traefik.http.routers.pds-1440-news.entrypoints=https"
+      - "traefik.http.routers.pds-1440-news.tls.certresolver=letsencrypt-dns"
+      - "traefik.http.routers.pds-1440-news.priority=10"
+      # Wildcard for account handles: *.1440.news (requires DNS challenge)
+      - "traefik.http.routers.pds-1440-news-handles.rule=HostRegexp(`^.+\\.1440\\.news$$`)"
+      - "traefik.http.routers.pds-1440-news-handles.entrypoints=https"
+      - "traefik.http.routers.pds-1440-news-handles.tls.certresolver=letsencrypt-dns"
+      - "traefik.http.routers.pds-1440-news-handles.tls.domains[0].main=1440.news"
+      - "traefik.http.routers.pds-1440-news-handles.tls.domains[0].sans=*.1440.news"
+      - "traefik.http.routers.pds-1440-news-handles.priority=1"
+      # HTTP to HTTPS redirect
+      - "traefik.http.routers.pds-1440-news-redirect.rule=Host(`pds.1440.news`) || Host(`1440.news`)"
+      - "traefik.http.routers.pds-1440-news-redirect.entrypoints=http"
+      - "traefik.http.routers.pds-1440-news-redirect.middlewares=https-redirect"
+      - "traefik.http.routers.pds-1440-news-handles-redirect.rule=HostRegexp(`^.+\\.1440\\.news$$`)"
+      - "traefik.http.routers.pds-1440-news-handles-redirect.entrypoints=http"
+      - "traefik.http.routers.pds-1440-news-handles-redirect.middlewares=https-redirect"
+      - "traefik.http.routers.pds-1440-news-handles-redirect.priority=1"
+      # Shared middleware
+      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
+      # Service port
+      - "traefik.http.services.pds-1440-news.loadbalancer.server.port=3000"
+      # Local development
+      - "traefik.http.routers.pds-1440-news-local.rule=Host(`pds.1440.localhost`) || Host(`1440.localhost`)"
+      - "traefik.http.routers.pds-1440-news-local.entrypoints=http"
+      - "traefik.http.routers.pds-1440-news-local.priority=10"
 
 networks:
   proxy:
diff --git a/traefik.yml b/traefik.yml
deleted file mode 100644
index 8c79967..0000000
--- a/traefik.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-# Traefik routing for PDS (1440.news)
-http:
-  routers:
-    # PDS API: pds.1440.news
-    pds-1440-news:
-      rule: "Host(`pds.1440.news`)"
-      entryPoints: [https]
-      tls:
-        certResolver: letsencrypt-dns
-      service: pds-1440-news
-      priority: 10
-
-    # PDS API: 1440.news (only /xrpc and /.well-known)
-    pds-1440-news-api:
-      rule: "Host(`1440.news`) && (PathPrefix(`/xrpc`) || PathPrefix(`/.well-known`))"
-      entryPoints: [https]
-      tls:
-        certResolver: letsencrypt-dns
-      service: pds-1440-news
-      priority: 20
-
-    # Wildcard handles: *.1440.news
-    pds-1440-news-handles:
-      rule: "HostRegexp(`^.+\\.1440\\.news$$`)"
-      entryPoints: [https]
-      tls:
-        certResolver: letsencrypt-dns
-        domains:
-          - main: "1440.news"
-            sans:
-              - "*.1440.news"
-      service: pds-1440-news
-      priority: 1
-
-    # HTTP redirects
-    pds-1440-news-redirect:
-      rule: "Host(`pds.1440.news`)"
-      entryPoints: [http]
-      middlewares: [https-redirect]
-      service: pds-1440-news
-
-    pds-1440-news-api-redirect:
-      rule: "Host(`1440.news`) && (PathPrefix(`/xrpc`) || PathPrefix(`/.well-known`))"
-      entryPoints: [http]
-      middlewares: [https-redirect]
-      service: pds-1440-news
-      priority: 20
-
-    pds-1440-news-handles-redirect:
-      rule: "HostRegexp(`^.+\\.1440\\.news$$`)"
-      entryPoints: [http]
-      middlewares: [https-redirect]
-      service: pds-1440-news
-      priority: 1
-
-    # Local development
-    pds-1440-news-local:
-      rule: "Host(`pds.1440.localhost`) || Host(`1440.localhost`)"
-      entryPoints: [http]
-      service: pds-1440-news
-      priority: 10
-
-  services:
-    pds-1440-news:
-      loadBalancer:
-        servers:
-          - url: "http://atproto-1440news-pds:3000"