So, on to another app move to Compose, this time Forgejo. As with Tube Archivist, they provide a Compose file, and the Gitea docs even include instructions to add labels for ingress via Traefik (and since Forgejo is a fork of Gitea, I’d expect it to work identically). Great. So what’s my problem?
Well, the Compose file (below) exposes two ports, one for HTTP and the other for SSH. I want Traefik to terminate HTTPS and proxy traffic for the HTTP port, but I don’t expect it can do this for SSH. And my “normal” configuration for ingress puts the stack on a proxy network, which only Traefik sees.
One option is to forego both the proxy network (thus exposing both 3000 and 222 to my LAN), and edit Traefik’s config.yml to add the proxy for port 3000. That gives me TLS termination and ingress, but plaintext HTTP is still exposed. Thoughts on a better way to do this?
I’m defining “work” as Traefik picks up the site and serves it, enabling HTTPS as expected; I can’t access it over my LAN at port 3000; and I’m able to git clone a test repo over SSH.
I’ve removed the forgejo network from the original Compose file as I just don’t see any reason for it with the basic SQLite deployment–and probably the - traefik.docker.network=proxy line isn’t necessary either. If I were using MariaDB or Postgres, I expect I’d need both.