From 72d3d8b38f4cce10ade1a4c1e2a25366502081a7 Mon Sep 17 00:00:00 2001
From: Kelin <kelin@example.com>
Date: Sat, 7 Feb 2026 20:43:34 -0500
Subject: [PATCH] Fix remote server Traefik configuration

- Add ports 80/443 to remote Traefik template
- Enable API access (insecure=true) for debugging
- Update configure_remote_server_routing to use HTTP-only config
  - Change entrypoint from websecure to web
  - Remove TLS cert resolver references
  - Remove authelia middleware references
- Replace Docker TLS provider with manual HTTP routes
  - Core Traefik now uses file provider with direct URLs
  - Fixes 404/gateway timeout errors on remote services
  - Routes HTTPS from core to HTTP on remote servers
- Fix port in routes (dozzle uses 8085, not 8082)

Resolves issues with remote server service accessibility.
---
 docker-compose/traefik/docker-compose.yml |  4 +-
 scripts/common.sh                         | 80 ++++++++++++++++++++---
 scripts/ez-homelab.sh                     | 71 ++++++++++++++------
 3 files changed, 127 insertions(+), 28 deletions(-)

diff --git a/docker-compose/traefik/docker-compose.yml b/docker-compose/traefik/docker-compose.yml
index 3825088..33937de 100644
--- a/docker-compose/traefik/docker-compose.yml
+++ b/docker-compose/traefik/docker-compose.yml
@@ -10,7 +10,7 @@ services:
     restart: unless-stopped
     command:
       - '--api.dashboard=true'
-      - '--api.insecure=false'
+      - '--api.insecure=true'  # Allow API access on port 8080
       - '--providers.docker=true'
       - '--providers.docker.exposedbydefault=false'
       - '--providers.docker.network=traefik-network'
@@ -23,6 +23,8 @@ services:
     environment:
       - TZ=America/New_York
     ports:
+      - '80:80'    # HTTP entrypoint
+      - '443:443'  # HTTPS entrypoint
       - '8080:8080'  # Dashboard (optional, for debugging)
     volumes:
       - ./config:/config
diff --git a/scripts/common.sh b/scripts/common.sh
index 1ea0d10..f684589 100644
--- a/scripts/common.sh
+++ b/scripts/common.sh
@@ -308,7 +308,7 @@ EOF
     debug_log "Sablier middleware config written to $output_file"
 }
 
-# Register remote server with core Traefik
+# Register remote server with core Traefik using manual HTTP routes
 add_remote_server_to_traefik() {
     local server_ip="$1"
     local server_hostname="$2"
@@ -334,14 +334,78 @@ add_remote_server_to_traefik() {
         mkdir -p "$traefik_dynamic_dir"
     fi
     
-    # Generate provider configuration
-    local provider_file="${traefik_dynamic_dir}/docker-provider-${server_hostname}.yml"
-    generate_traefik_provider_config "$server_ip" "$server_hostname" "$provider_file"
+    # Generate manual HTTP routes for remote server services
+    # This uses the file provider with direct service URLs instead of Docker provider
+    local routes_file="${traefik_dynamic_dir}/${server_hostname}-server-routes.yml"
     
-    # Generate Sablier middleware configuration
+    cat > "$routes_file" <<EOF
+# Manual Routes for Remote Server: $server_hostname
+# Auto-generated by EZ-Homelab
+# Last updated: $(date '+%Y-%m-%d %H:%M:%S')
+#
+# These routes proxy HTTPS traffic from core Traefik to HTTP services on remote server
+
+http:
+  routers:
+    dockge-${server_hostname}:
+      rule: "Host(\`dockge.${server_hostname}.kelinreij.duckdns.org\`)"
+      service: dockge-${server_hostname}-service
+      entrypoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+    
+    glances-${server_hostname}:
+      rule: "Host(\`glances.${server_hostname}.kelinreij.duckdns.org\`)"
+      service: glances-${server_hostname}-service
+      entrypoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+    
+    dozzle-${server_hostname}:
+      rule: "Host(\`dozzle.${server_hostname}.kelinreij.duckdns.org\`)"
+      service: dozzle-${server_hostname}-service
+      entrypoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+    
+    traefik-${server_hostname}:
+      rule: "Host(\`traefik.${server_hostname}.kelinreij.duckdns.org\`)"
+      service: traefik-${server_hostname}-service
+      entrypoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    dockge-${server_hostname}-service:
+      loadBalancer:
+        servers:
+          - url: "http://${server_ip}:5001"
+    
+    glances-${server_hostname}-service:
+      loadBalancer:
+        servers:
+          - url: "http://${server_ip}:61208"
+    
+    dozzle-${server_hostname}-service:
+      loadBalancer:
+        servers:
+          - url: "http://${server_ip}:8085"
+    
+    traefik-${server_hostname}-service:
+      loadBalancer:
+        servers:
+          - url: "http://${server_ip}:8080"
+EOF
+    
+    log_success "Generated manual routes for remote server: $routes_file"
+    log_info "Core Traefik will route HTTPS traffic to HTTP services on $server_hostname"
+    log_info "Traefik will auto-reload configurations within 2 seconds"
+    
+    # Generate Sablier middleware configuration (if needed for on-demand services)
     local sablier_file="${traefik_dynamic_dir}/sablier-middleware-${server_hostname}.yml"
     generate_sablier_middleware_config "$server_hostname" "$server_ip" "$sablier_file"
-    
-    log_success "Registered remote server $server_hostname with core Traefik"
-    log_info "Traefik will auto-reload configurations within 2 seconds"
 }
\ No newline at end of file
diff --git a/scripts/ez-homelab.sh b/scripts/ez-homelab.sh
index fa700a6..4a925d0 100755
--- a/scripts/ez-homelab.sh
+++ b/scripts/ez-homelab.sh
@@ -1900,32 +1900,62 @@ configure_remote_server_routing() {
     
     local server_name="$SERVER_HOSTNAME"
     
-    # Update dockge with server-specific subdomain
+    # Update dockge with server-specific subdomain and HTTP-only configuration
     if [ -f "/opt/dockge/docker-compose.yml" ]; then
-        sed -i "s/Host(\`dockge\.kelinreij\.duckdns\.org\`)/Host(\`dockge.${server_name}.kelinreij.duckdns.org\`)/" /opt/dockge/docker-compose.yml 2>/dev/null
+        sed -i "s/Host(\`dockge\.\${DOMAIN}\`)/Host(\`dockge.${server_name}.kelinreij.duckdns.org\`)/" /opt/dockge/docker-compose.yml 2>/dev/null
         sed -i "s/'traefik.enable=false'/'traefik.enable=true'/" /opt/dockge/docker-compose.yml 2>/dev/null
-        log_info "✓ Dockge: dockge.${server_name}.kelinreij.duckdns.org"
+        # Change to web entrypoint (HTTP-only for remote servers)
+        sed -i "s/entrypoints=websecure/entrypoints=web/" /opt/dockge/docker-compose.yml 2>/dev/null
+        # Remove TLS cert resolver (not needed for remote)
+        sed -i "/traefik.http.routers.dockge.tls.certresolver/d" /opt/dockge/docker-compose.yml 2>/dev/null
+        # Remove authelia middleware (not available on remote)
+        sed -i "/traefik.http.routers.dockge.middlewares=authelia@docker/d" /opt/dockge/docker-compose.yml 2>/dev/null
+        log_info "✓ Dockge: dockge.${server_name}.kelinreij.duckdns.org (HTTP)"
     fi
     
-    # Update infrastructure services (dozzle, glances)
+    # Update infrastructure services (dozzle, glances) with HTTP-only configuration
     if [ -f "/opt/stacks/infrastructure/docker-compose.yml" ]; then
-        sed -i "s/Host(\`dozzle\.[^.]*\.kelinreij\.duckdns\.org\`)/Host(\`dozzle.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
-        sed -i "s/Host(\`glances\.[^.]*\.kelinreij\.duckdns\.org\`)/Host(\`glances.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
-        log_info "✓ Dozzle: dozzle.${server_name}.kelinreij.duckdns.org"
-        log_info "✓ Glances: glances.${server_name}.kelinreij.duckdns.org"
+        # Update hostnames
+        sed -i "s/Host(\`dozzle\.\${DOMAIN}\`)/Host(\`dozzle.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        sed -i "s/Host(\`glances\.\${DOMAIN}\`)/Host(\`glances.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        
+        # Change to web entrypoint (HTTP-only for remote servers)
+        sed -i "s/traefik.http.routers.dozzle.entrypoints=websecure/traefik.http.routers.dozzle.entrypoints=web/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        sed -i "s/traefik.http.routers.glances.entrypoints=websecure/traefik.http.routers.glances.entrypoints=web/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        
+        # Remove TLS configuration
+        sed -i "/traefik.http.routers.dozzle.tls=/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        sed -i "/traefik.http.routers.glances.tls=/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null
+        
+        log_info "✓ Dozzle: dozzle.${server_name}.kelinreij.duckdns.org (HTTP)"
+        log_info "✓ Glances: glances.${server_name}.kelinreij.duckdns.org (HTTP)"
         
         # Disable sablier routing (no web UI)
         sed -i "s/'traefik.enable=true'/'traefik.enable=false'/g" /opt/stacks/sablier/docker-compose.yml 2>/dev/null
         log_info "✓ Sablier: Traefik disabled (no web UI)"
     fi
     
-    # Update Traefik dashboard route
+    # Update Traefik dashboard route to use HTTP
     if [ -f "/opt/stacks/traefik/dynamic/routes.yml" ]; then
-        sed -i "s/Host(\`traefik\.[^.]*\.kelinreij\.duckdns\.org\`)/Host(\`traefik.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/traefik/dynamic/routes.yml 2>/dev/null
-        log_info "✓ Traefik Dashboard: traefik.${server_name}.kelinreij.duckdns.org"
+        cat > "/opt/stacks/traefik/dynamic/routes.yml" <<EOF
+# Traefik Dynamic Routes for Remote Server
+# Auto-generated by EZ-Homelab
+#
+# This file is watched by Traefik and reloaded automatically
+# Add custom routes here if needed
+
+http:
+  routers:
+    traefik-dashboard:
+      rule: "Host(\`traefik.${server_name}.kelinreij.duckdns.org\`)"
+      entryPoints:
+        - web
+      service: api@internal
+EOF
+        log_info "✓ Traefik Dashboard: traefik.${server_name}.kelinreij.duckdns.org (HTTP)"
     fi
     
-    log_success "Server-specific routing configured"
+    log_success "Server-specific routing configured (HTTP-only for remote servers)"
 }
 
 # Copy all stacks for remote server (except core)
@@ -2010,8 +2040,8 @@ deploy_traefik_stack() {
     
     # Create placeholder routes.yml file in dynamic directory
     if [ ! -f "$traefik_dir/dynamic/routes.yml" ]; then
-        log_info "Creating placeholder routes.yml..."
-        cat > "$traefik_dir/dynamic/routes.yml" <<'ROUTESYML'
+        log_info "Creating Traefik dashboard route for remote server..."
+        cat > "$traefik_dir/dynamic/routes.yml" <<EOF
 # Traefik Dynamic Routes for Remote Server
 # Auto-generated by EZ-Homelab
 #
@@ -2019,11 +2049,14 @@ deploy_traefik_stack() {
 # Add custom routes here if needed
 
 http:
-  routers: {}
-  services: {}
-  middlewares: {}
-ROUTESYML
-        log_success "Created routes.yml"
+  routers:
+    traefik-dashboard:
+      rule: "Host(\`traefik.${SERVER_HOSTNAME}.kelinreij.duckdns.org\`)"
+      entryPoints:
+        - web
+      service: api@internal
+EOF
+        log_success "Created routes.yml with dashboard route"
     fi
     
     # Verify docker-compose.yml exists