From 1f0bb909641554082d1d57a241973d407c4c5bc3 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Mon, 2 Mar 2026 18:51:39 -0600 Subject: [PATCH] fix: use correct Traefik label pattern for this cluster TLS terminates at Cloudflare/pfSense, not Traefik. Confirmed by inspecting working services (nextcloud, sage-phr): - entrypoints=web (not websecure) - no tls or certresolver labels needed Co-Authored-By: Claude Sonnet 4.6 --- docker-compose.portainer.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docker-compose.portainer.yml b/docker-compose.portainer.yml index 694c590..3fda1e8 100644 --- a/docker-compose.portainer.yml +++ b/docker-compose.portainer.yml @@ -4,7 +4,7 @@ # POSTGRES_PASSWORD — postgres user password # API_KEY — secret key for API/MCP auth # OLLAMA_URL — Ollama endpoint (e.g. http://10.x.x.x:11434) -# IMAGE_TAG — image tag to deploy (e.g. sha-abc1234 or 0.0.1) +# IMAGE_TAG — image tag to deploy (e.g. sha-abc1234 or latest) # # Optional: # OLLAMA_EMBEDDING_MODEL — default: bge-m3:latest @@ -40,12 +40,9 @@ services: OLLAMA_URL: ${OLLAMA_URL} OLLAMA_EMBEDDING_MODEL: ${OLLAMA_EMBEDDING_MODEL:-bge-m3:latest} LOG_LEVEL: ${LOG_LEVEL:-info} - ports: - - "8765:8000" - depends_on: - - brain-db networks: - brain-internal + - traefik-public deploy: replicas: 1 restart_policy: @@ -53,9 +50,9 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.openbrain.rule=Host(`brain.woltje.com`)" - - "traefik.http.routers.openbrain.entrypoints=websecure" - - "traefik.http.routers.openbrain.tls=true" + - "traefik.http.routers.openbrain.entrypoints=web" - "traefik.http.services.openbrain.loadbalancer.server.port=8000" + - "traefik.docker.network=traefik-public" volumes: brain_db_data: @@ -63,3 +60,5 @@ volumes: networks: brain-internal: driver: overlay + traefik-public: + external: true