fix: use correct Traefik label pattern for this cluster

TLS terminates at Cloudflare/pfSense, not Traefik. Confirmed by inspecting working services (nextcloud, sage-phr): - entrypoints=web (not websecure) - no tls or certresolver labels needed Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-02 18:51:39 -06:00
parent f33d4a57a3
commit 1f0bb90964
1 changed files with 6 additions and 7 deletions
--- a/docker-compose.portainer.yml
+++ b/docker-compose.portainer.yml
@@ -4,7 +4,7 @@
 #   POSTGRES_PASSWORD   — postgres user password
 #   API_KEY             — secret key for API/MCP auth
 #   OLLAMA_URL          — Ollama endpoint (e.g. http://10.x.x.x:11434)
-#   IMAGE_TAG           — image tag to deploy (e.g. sha-abc1234 or 0.0.1)
+#   IMAGE_TAG           — image tag to deploy (e.g. sha-abc1234 or latest)
 #
 # Optional:
 #   OLLAMA_EMBEDDING_MODEL  — default: bge-m3:latest
@@ -40,12 +40,9 @@ services:
      OLLAMA_URL: ${OLLAMA_URL}
      OLLAMA_EMBEDDING_MODEL: ${OLLAMA_EMBEDDING_MODEL:-bge-m3:latest}
      LOG_LEVEL: ${LOG_LEVEL:-info}
-    ports:
-      - "8765:8000"
-    depends_on:
-      - brain-db
    networks:
      - brain-internal
+      - traefik-public
    deploy:
      replicas: 1
      restart_policy:
@@ -53,9 +50,9 @@ services:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.openbrain.rule=Host(`brain.woltje.com`)"
-        - "traefik.http.routers.openbrain.entrypoints=websecure"
-        - "traefik.http.routers.openbrain.tls=true"
+        - "traefik.http.routers.openbrain.entrypoints=web"
        - "traefik.http.services.openbrain.loadbalancer.server.port=8000"
+        - "traefik.docker.network=traefik-public"

 volumes:
  brain_db_data:
@@ -63,3 +60,5 @@ volumes:
 networks:
  brain-internal:
    driver: overlay
+  traefik-public:
+    external: true