Move Traefik routing to file-based config

Extract routing rules from docker-compose labels to traefik.yml. Traefik now loads this file via volume mount. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:19:51 -05:00
parent efcd60214b
commit 479fc3f62c
2 changed files with 69 additions and 33 deletions
@@ -1,7 +1,7 @@
 services:
  pds-1440-news:
-    image: ghcr.io/bluesky-social/pds:0.4
-    container_name: pds-1440-news
+    image: ghcr.io/bluesky-social/pds:0.4.204
+    container_name: atproto-1440news-pds
    restart: unless-stopped
    volumes:
      - ./data:/pds
@@ -9,37 +9,6 @@ services:
      - pds.env
    networks:
      - proxy
-    labels:
-      - "traefik.enable=true"
-      # PDS API endpoint: pds.1440.news and 1440.news (alias)
-      - "traefik.http.routers.pds-1440-news.rule=Host(`pds.1440.news`) || Host(`1440.news`)"
-      - "traefik.http.routers.pds-1440-news.entrypoints=https"
-      - "traefik.http.routers.pds-1440-news.tls.certresolver=letsencrypt-dns"
-      - "traefik.http.routers.pds-1440-news.priority=10"
-      # Wildcard for account handles: *.1440.news (requires DNS challenge)
-      - "traefik.http.routers.pds-1440-news-handles.rule=HostRegexp(`^.+\\.1440\\.news$$`)"
-      - "traefik.http.routers.pds-1440-news-handles.entrypoints=https"
-      - "traefik.http.routers.pds-1440-news-handles.tls.certresolver=letsencrypt-dns"
-      - "traefik.http.routers.pds-1440-news-handles.tls.domains[0].main=1440.news"
-      - "traefik.http.routers.pds-1440-news-handles.tls.domains[0].sans=*.1440.news"
-      - "traefik.http.routers.pds-1440-news-handles.priority=1"
-      # HTTP to HTTPS redirect
-      - "traefik.http.routers.pds-1440-news-redirect.rule=Host(`pds.1440.news`) || Host(`1440.news`)"
-      - "traefik.http.routers.pds-1440-news-redirect.entrypoints=http"
-      - "traefik.http.routers.pds-1440-news-redirect.middlewares=https-redirect"
-      - "traefik.http.routers.pds-1440-news-handles-redirect.rule=HostRegexp(`^.+\\.1440\\.news$$`)"
-      - "traefik.http.routers.pds-1440-news-handles-redirect.entrypoints=http"
-      - "traefik.http.routers.pds-1440-news-handles-redirect.middlewares=https-redirect"
-      - "traefik.http.routers.pds-1440-news-handles-redirect.priority=1"
-      # Shared middleware
-      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
-      # Service port
-      - "traefik.http.services.pds-1440-news.loadbalancer.server.port=3000"
-      # Local development
-      - "traefik.http.routers.pds-1440-news-local.rule=Host(`pds.1440.localhost`) || Host(`1440.localhost`)"
-      - "traefik.http.routers.pds-1440-news-local.entrypoints=http"
-      - "traefik.http.routers.pds-1440-news-local.priority=10"

 networks:
  proxy:
@@ -0,0 +1,67 @@
+# Traefik routing for PDS (1440.news)
+http:
+  routers:
+    # PDS API: pds.1440.news
+    pds-1440-news:
+      rule: "Host(`pds.1440.news`)"
+      entryPoints: [https]
+      tls:
+        certResolver: letsencrypt-dns
+      service: pds-1440-news
+      priority: 10
+
+    # PDS API: 1440.news (only /xrpc and /.well-known)
+    pds-1440-news-api:
+      rule: "Host(`1440.news`) && (PathPrefix(`/xrpc`) || PathPrefix(`/.well-known`))"
+      entryPoints: [https]
+      tls:
+        certResolver: letsencrypt-dns
+      service: pds-1440-news
+      priority: 20
+
+    # Wildcard handles: *.1440.news
+    pds-1440-news-handles:
+      rule: "HostRegexp(`^.+\\.1440\\.news$$`)"
+      entryPoints: [https]
+      tls:
+        certResolver: letsencrypt-dns
+        domains:
+          - main: "1440.news"
+            sans:
+              - "*.1440.news"
+      service: pds-1440-news
+      priority: 1
+
+    # HTTP redirects
+    pds-1440-news-redirect:
+      rule: "Host(`pds.1440.news`)"
+      entryPoints: [http]
+      middlewares: [https-redirect]
+      service: pds-1440-news
+
+    pds-1440-news-api-redirect:
+      rule: "Host(`1440.news`) && (PathPrefix(`/xrpc`) || PathPrefix(`/.well-known`))"
+      entryPoints: [http]
+      middlewares: [https-redirect]
+      service: pds-1440-news
+      priority: 20
+
+    pds-1440-news-handles-redirect:
+      rule: "HostRegexp(`^.+\\.1440\\.news$$`)"
+      entryPoints: [http]
+      middlewares: [https-redirect]
+      service: pds-1440-news
+      priority: 1
+
+    # Local development
+    pds-1440-news-local:
+      rule: "Host(`pds.1440.localhost`) || Host(`1440.localhost`)"
+      entryPoints: [http]
+      service: pds-1440-news
+      priority: 10
+
+  services:
+    pds-1440-news:
+      loadBalancer:
+        servers:
+          - url: "http://atproto-1440news-pds:3000"