Fix: Restore Traefik labels for Option 2 core deployments

The previous commit removed labels from templates, breaking Option 2 (Core Server) deployments. This commit restores the proper architecture: Templates (docker-compose files): - Restore all Traefik labels to dockge/docker-compose.yml - Restore all Traefik labels to infrastructure services (dozzle, glances, code-server) - Restore traefik-network references - Templates now work correctly for Option 2 (Core Server) Scripts (ez-homelab.sh): - Rewrite configure_remote_server_routing() to strip labels for Option 3 - Re-add configure_remote_server_routing() call to deploy_remote_server() - Add as Step 5 (after copying stacks, before deploying them) - Update remaining step numbers (6-9) Architecture flow: Option 2 (Core Server): - Uses templates as-is with Traefik labels - Local Traefik discovers services via Docker labels - Services accessible at https://service.domain Option 3 (Additional Server): - Copies templates with labels (Step 4) - Strips out labels and traefik-network (Step 5) - Deploys labelless services with exposed ports (Steps 6-8) - Core Traefik routes via manual HTTP configs to IP:PORT - Services accessible at https://service.hostname.domain
2026-02-07 21:59:21 -05:00
parent ce3fbdb244
commit 16f7eaa703
3 changed files with 77 additions and 64 deletions
--- a/docker-compose/dockge/docker-compose.yml
+++ b/docker-compose/dockge/docker-compose.yml
@@ -22,6 +22,7 @@ services:
    restart: unless-stopped
    networks:
      - homelab-network
      - traefik-network
    ports:
      - '5001:5001'  # Optional: direct access
    volumes:
@@ -35,7 +36,16 @@ services:
    labels:
      - 'homelab.category=infrastructure'
      - 'homelab.description=Docker Compose stack manager'
      - 'traefik.enable=true'
      - 'traefik.docker.network=traefik-network'
      - 'traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)'
      - 'traefik.http.routers.dockge.entrypoints=websecure'
      - 'traefik.http.routers.dockge.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.dockge.middlewares=authelia@docker'
      - 'traefik.http.services.dockge.loadbalancer.server.port=5001'
 networks:
  homelab-network:
    external: true
  traefik-network:
    external: true
--- a/docker-compose/infrastructure/docker-compose.yml
+++ b/docker-compose/infrastructure/docker-compose.yml
@@ -125,6 +125,7 @@ services:
    restart: no
    networks:
      - homelab-network
      - traefik-network
    ports:
      - '8085:8080'
    volumes:
@@ -143,6 +144,15 @@ services:
      - 'com.centurylinklabs.watchtower.enable=true'
      - 'homelab.category=infrastructure'
      - 'homelab.description=Real-time Docker log viewer'
      - 'traefik.enable=true'
      - 'traefik.docker.network=traefik-network'
      - 'traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)'
      - 'traefik.http.routers.dozzle.entrypoints=websecure'
      - 'traefik.http.routers.dozzle.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.dozzle.middlewares=authelia@docker'
      - 'traefik.http.services.dozzle.loadbalancer.server.port=8080'
      - 'sablier.enable=true'
      - 'sablier.group=dozzle'
  # Glances - System monitoring
  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
@@ -161,6 +171,7 @@ services:
    restart: no
    networks:
      - homelab-network
      - traefik-network
    ports:
      - '61208:61208'
    pid: host
@@ -179,6 +190,15 @@ services:
      - 'com.centurylinklabs.watchtower.enable=true'
      - 'homelab.category=infrastructure'
      - 'homelab.description=System and Docker monitoring'
      - 'traefik.enable=true'
      - 'traefik.docker.network=traefik-network'
      - 'traefik.http.routers.glances.rule=Host(`glances.${DOMAIN}`)'
      - 'traefik.http.routers.glances.entrypoints=websecure'
      - 'traefik.http.routers.glances.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.glances.middlewares=authelia@docker'
      - 'traefik.http.services.glances.loadbalancer.server.port=61208'
      - 'sablier.enable=true'
      - 'sablier.group=glances'
  # Code Server - VS Code in browser
  # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity
@@ -197,6 +217,7 @@ services:
    restart: no
    networks:
      - homelab-network
      - traefik-network
    ports:
      - '8079:8443'
    volumes:
@@ -219,6 +240,15 @@ services:
      - 'com.centurylinklabs.watchtower.enable=true'
      - 'homelab.category=infrastructure'
      - 'homelab.description=VS Code in browser'
      - 'traefik.enable=true'
      - 'traefik.docker.network=traefik-network'
      - 'traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)'
      - 'traefik.http.routers.code-server.entrypoints=websecure'
      - 'traefik.http.routers.code-server.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.code-server.middlewares=authelia@docker'
      - 'traefik.http.services.code-server.loadbalancer.server.port=8443'
      - 'sablier.enable=true'
      - 'sablier.group=code-server'
 x-dockge:
  urls:
@@ -236,3 +266,5 @@ x-dockge:
 networks:
  homelab-network:
    external: true
  traefik-network:
    external: true
--- a/scripts/ez-homelab.sh
+++ b/scripts/ez-homelab.sh
@@ -1693,23 +1693,28 @@ deploy_remote_server() {
    copy_all_stacks_for_remote
    echo ""
-    # Step 5: Deploy Dockge
+    # Step 5: Configure services for additional server (remove Traefik labels)
-    log_info "Step 5: Deploying Dockge..."
+    log_info "Step 5: Configuring services for additional server..."
    configure_remote_server_routing
    echo ""
    # Step 6: Deploy Dockge
    log_info "Step 6: Deploying Dockge..."
    deploy_dockge
    echo ""
-    # Step 6: Deploy Sablier stack for local lazy loading
+    # Step 7: Deploy Sablier stack for local lazy loading
-    log_info "Step 6: Deploying Sablier stack..."
+    log_info "Step 7: Deploying Sablier stack..."
    deploy_sablier_stack
    echo ""
-    # Step 7: Deploy Infrastructure stack
+    # Step 8: Deploy Infrastructure stack
-    log_info "Step 7: Deploying Infrastructure stack..."
+    log_info "Step 8: Deploying Infrastructure stack..."
    deploy_infrastructure
    echo ""
-    # Step 8: Register this remote server with core Traefik
+    # Step 9: Register this remote server with core Traefik
-    log_info "Step 8: Registering with core Traefik..."
+    log_info "Step 9: Registering with core Traefik..."
    register_remote_server_with_core
    echo ""
@@ -1869,71 +1874,37 @@ deploy_sablier_stack() {
    log_success "Sablier stack deployed at $sablier_dir"
 }
-# Disable Traefik routing on remote server services
+# Remove Traefik configuration from additional server services
-# Remote services are accessed through core Traefik via docker provider
+# Additional servers don't run local Traefik - routing is handled by core server
 configure_remote_server_routing() {
-    debug_log "Configuring server-specific routing for remote services"
+    debug_log "Removing Traefik labels from additional server services"
-    log_info "Setting up server-specific subdomains for infrastructure services..."
+    log_info "Configuring services for additional server (removing Traefik labels)..."
-    local server_name="$SERVER_HOSTNAME"
+    # Remove Traefik labels and traefik-network from dockge
    # Update dockge with server-specific subdomain and HTTP-only configuration
    if [ -f "/opt/dockge/docker-compose.yml" ]; then
-        sed -i "s/Host(\`dockge\.\${DOMAIN}\`)/Host(\`dockge.${server_name}.kelinreij.duckdns.org\`)/" /opt/dockge/docker-compose.yml 2>/dev/null
+        # Remove all traefik.* labels
-        sed -i "s/'traefik.enable=false'/'traefik.enable=true'/" /opt/dockge/docker-compose.yml 2>/dev/null
+        sed -i "/- 'traefik\./d" /opt/dockge/docker-compose.yml 2>/dev/null
-        # Change to web entrypoint (HTTP-only for remote servers)
+        # Remove traefik-network from networks section
-        sed -i "s/entrypoints=websecure/entrypoints=web/" /opt/dockge/docker-compose.yml 2>/dev/null
+        sed -i "/- traefik-network/d" /opt/dockge/docker-compose.yml 2>/dev/null
-        # Remove TLS cert resolver (not needed for remote)
+        # Remove traefik-network from external networks
-        sed -i "/traefik.http.routers.dockge.tls.certresolver/d" /opt/dockge/docker-compose.yml 2>/dev/null
+        sed -i "/traefik-network:/,/external: true/d" /opt/dockge/docker-compose.yml 2>/dev/null
-        # Remove authelia middleware (not available on remote)
+        log_info "✓ Dockge: Traefik labels removed (accessible via port 5001)"
        sed -i "/traefik.http.routers.dockge.middlewares=authelia@docker/d" /opt/dockge/docker-compose.yml 2>/dev/null
        log_info "✓ Dockge: dockge.${server_name}.kelinreij.duckdns.org (HTTP)"
    fi
-    # Update infrastructure services (dozzle, glances) with HTTP-only configuration
+    # Remove Traefik labels and traefik-network from infrastructure services
    if [ -f "/opt/stacks/infrastructure/docker-compose.yml" ]; then
-        # Update hostnames
+        # Remove all traefik.* and sablier.* labels
-        sed -i "s/Host(\`dozzle\.\${DOMAIN}\`)/Host(\`dozzle.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        sed -i "/- 'traefik\./d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
-        sed -i "s/Host(\`glances\.\${DOMAIN}\`)/Host(\`glances.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        sed -i "/- 'sablier\./d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
-        
+        # Remove traefik-network from networks sections
-        # Change to web entrypoint (HTTP-only for remote servers)
+        sed -i "/- traefik-network/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
-        sed -i "s/traefik.http.routers.dozzle.entrypoints=websecure/traefik.http.routers.dozzle.entrypoints=web/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        # Remove traefik-network from external networks (last occurrence)
-        sed -i "s/traefik.http.routers.glances.entrypoints=websecure/traefik.http.routers.glances.entrypoints=web/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        sed -i "/traefik-network:/,/external: true/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
-        
+        log_info "✓ Infrastructure: Traefik labels removed (accessible via direct ports)"
        # Remove TLS configuration
        sed -i "/traefik.http.routers.dozzle.tls=/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
        sed -i "/traefik.http.routers.glances.tls=/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
        log_info "✓ Dozzle: dozzle.${server_name}.kelinreij.duckdns.org (HTTP)"
        log_info "✓ Glances: glances.${server_name}.kelinreij.duckdns.org (HTTP)"
        # Disable sablier routing (no web UI)
        sed -i "s/'traefik.enable=true'/'traefik.enable=false'/g" /opt/stacks/sablier/docker-compose.yml 2>/dev/null
        log_info "✓ Sablier: Traefik disabled (no web UI)"
    fi
-    # Update Traefik dashboard route to use HTTP
+    log_success "Services configured for additional server - routing via core Traefik"
    if [ -f "/opt/stacks/traefik/dynamic/routes.yml" ]; then
        cat > "/opt/stacks/traefik/dynamic/routes.yml" <<EOF
 # Traefik Dynamic Routes for Remote Server
 # Auto-generated by EZ-Homelab
 #
 # This file is watched by Traefik and reloaded automatically
 # Add custom routes here if needed
 http:
  routers:
    traefik-dashboard:
      rule: "Host(\`traefik.${server_name}.kelinreij.duckdns.org\`)"
      entryPoints:
        - web
      service: api@internal
 EOF
        log_info "✓ Traefik Dashboard: traefik.${server_name}.kelinreij.duckdns.org (HTTP)"
    fi
    log_success "Server-specific routing configured (HTTP-only for remote servers)"
 }
 # Copy all stacks for remote server (except core)