Merge branch 'main' into add-access-log-config

Reviewed-on: #66

.gitea/workflows/workflow.yaml

@@ -47,7 +47,7 @@ jobs:
     needs: [prepare_context]
     if: github.event_name == 'pull_request' && github.event.action != 'closed'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
 
       - name: Deploy via Rsync & Docker
         uses: easingthemes/ssh-deploy@2cc5b27bf3029d0455dd5e09fe02633904031447 # v6.0.3
@@ -66,7 +66,7 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ needs.prepare_context.outputs.pr_path }}
-            docker compose --env-file dev.env -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build --remove-orphans
+            docker compose --env-file dev.env -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build --remove-orphans --wait
 
   # ------------------------------------------------------------------
   # STAGE 3: DEPLOY STAGING
@@ -76,7 +76,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
 
       - name: Deploy via Rsync & Docker
         uses: easingthemes/ssh-deploy@2cc5b27bf3029d0455dd5e09fe02633904031447 # v6.0.3
@@ -92,7 +92,7 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ env.REMOTE_STAGING_PATH }}
-            docker compose --env-file staging.env -f docker-compose.yaml up -d --build --remove-orphans
+            docker compose --env-file staging.env -f docker-compose.yaml -f docker-compose.client.yaml up -d --build --remove-orphans --wait
 
   # ------------------------------------------------------------------
   # STAGE 3.5: DEPLOY PRE-PROD
@@ -103,7 +103,7 @@ jobs:
     needs: [deploy_staging]
     if: github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
 
       - name: Deploy via Rsync & Docker
         uses: easingthemes/ssh-deploy@2cc5b27bf3029d0455dd5e09fe02633904031447 # v6.0.3
@@ -119,7 +119,7 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ env.REMOTE_PREPROD_PATH }}
-            docker compose --env-file preprod.env -f docker-compose.yaml -f docker-compose.prod.yaml -f docker-compose.preprod.yaml up -d --build --remove-orphans
+            docker compose --env-file preprod.env -f docker-compose.yaml -f docker-compose.prod.yaml -f docker-compose.preprod.yaml up -d --build --remove-orphans --wait
 
       - name: Run E2E Tests
         uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5
@@ -165,7 +165,7 @@ jobs:
     needs: [deploy_preprod]
     if: github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
 
       - name: Deploy via Rsync & Docker
         uses: easingthemes/ssh-deploy@2cc5b27bf3029d0455dd5e09fe02633904031447 # v6.0.3
@@ -181,7 +181,7 @@ jobs:
           SCRIPT_AFTER: |
             set -e
             cd ${{ env.REMOTE_PROD_PATH }}
-            docker compose --env-file prod.env -f docker-compose.yaml -f docker-compose.prod.yaml up -d --build --remove-orphans
+            docker compose --env-file prod.env -f docker-compose.yaml -f docker-compose.prod.yaml up -d --build --remove-orphans --wait
 
             # Run E2E Tests
             echo "Running E2E tests..."

docker-compose.client.yaml

@@ -0,0 +1,9 @@
+services:
+  traefik:
+    networks:
+      - proxy
+      - shared_network
+networks:
+  shared_network:
+    name: prod_shared-network
+    external: true

docker-compose.dev.yaml

@@ -3,6 +3,7 @@ services:
     networks:
       - proxy
       - staging-network
+      - shared_network
 networks:
   legacy-nginx:
     name: proxy
@@ -10,3 +11,6 @@ networks:
   staging-network:
     name: staging_proxy
     external: true
+  shared_network:
+    name: prod_shared-network
+    external: true

docker-compose.yaml

@@ -1,12 +1,11 @@
 services:
   traefik:
-    image: "traefik:v3.7@sha256:eb328e2c806c53aafbbace6c451fa54d268961261a85452fcf0fb752a30c17be"
+    image: "traefik:v3.7@sha256:5a52522fa05731d9c537540f873ba8c4842e83354c27275b747145bab75da120"
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
     networks:
       - proxy
-      - shared_network
     command:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
@@ -22,6 +21,7 @@ services:
       - "--certificatesResolvers.letsencrypt.acme.caServer=${CERTBOT_CA_RESOLVER}"
       - "${TRAEFIK_LEGACY_OPT:-}"
       - "--providers.file.watch=true"
+      - "--accesslog=true"
     # extra_hosts:
     #   - "staging:${STAGING_IP:-192.168.1.85}"
     #   - "webserver:${LEGACY_IP:-192.168.1.85}"
@@ -52,8 +52,5 @@ services:
       - traefik.http.routers.https.tls.certresolver=letsencrypt
 networks:
   proxy:
-  shared_network:
-    name: prod_shared-network
-    external: true
 volumes:
   letsencrypt:

prod/route-to-kovagoadigepe.yaml

@@ -0,0 +1,29 @@
+http:
+  routers:
+    kovagoadi-gepe-http-router:
+      rule: "HostRegexp(`^.+\\.kovagoadi-gepe\\.kovagoadi\\.hu$`)"
+      entryPoints:
+        - "web"
+      service: "kovagoadi-gepe-http"
+      priority: 100
+  services:
+    kovagoadi-gepe-http:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.1.81:80"
+
+tcp:
+  routers:
+    kovagoadi-gepe-secure-router:
+      rule: "HostSNI(`*.kovagoadi-gepe.kovagoadi.hu`)"
+      service: "kovagoadi-gepe-secure"
+      tls:
+        passthrough: true
+      priority: 100
+      entryPoints:
+        - "https"
+  services:  
+    kovagoadi-gepe-secure:
+      loadBalancer:
+        servers:
+          - address: "192.168.1.81:443"