From 048b64f035ceedba655195fd8c973e3b9f1a451a Mon Sep 17 00:00:00 2001
From: Alexis Fourmaux <fourmaux.alexis.perso@ungol.fr>
Date: Sat, 30 May 2026 18:02:32 +0200
Subject: [PATCH] feat: add reverse proxy traefik

---
 server/docker-compose.yml               | 64 +++++++++++++++++++++----
 server/frontend/public/assets/js/api.js |  2 +-
 2 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/server/docker-compose.yml b/server/docker-compose.yml
index ddf9cd2..305ba9e 100644
--- a/server/docker-compose.yml
+++ b/server/docker-compose.yml
@@ -14,23 +14,33 @@ services:
     image: simugaz/backend:latest
     command: api.py
     restart: unless-stopped
-    ports: 
-      - 8000:8000
     networks:
-      - public
+      - traefik
       - database
     env_file: env_files/api.env
+    labels:
+        - traefik.enable=true
+        - traefik.http.services.homer.loadbalancer.server.port=8000
+        - traefik.http.routers.homer-https.rule=Host(`api.agreg.ungol.fr`)
+        - traefik.http.routers.homer-https.entrypoints=websecure
+        - traefik.http.routers.homer-https.tls=true
+        - traefik.http.routers.homer-https.tls.certresolver=letsencrypt
 
   webui:
     build: ./frontend
     image: simugaz/frontend:latest
     restart: unless-stopped
-    ports:
-      - 3000:80
     networks:
-      - public
+      - traefik
     depends_on:
       - api
+    labels:
+        - traefik.enable=true
+        - traefik.http.services.homer.loadbalancer.server.port=80
+        - traefik.http.routers.homer-https.rule=Host(`demo.agreg.ungol.fr`)
+        - traefik.http.routers.homer-https.entrypoints=websecure
+        - traefik.http.routers.homer-https.tls=true
+        - traefik.http.routers.homer-https.tls.certresolver=letsencrypt
 
   db:
     image: postgres:18-alpine
@@ -54,8 +64,44 @@ services:
     volumes:
       - ./servers.json:/pgadmin4/servers.json
     env_file: env_files/pgadmin.env
-    
+
+  traefik:
+    image: traefik:3
+    command:
+      - "--api=false"
+      - "--api.dashboard=false"
+      - "--api.insecure=false"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=traefik_public"
+      - "--providers.file=true"
+      - "--providers.file.directory=/rules"
+      - "--providers.file.watch=true"
+      - "--entryPoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--entryPoints.websecure.address=:443"
+      - "--entrypoints.websecure.http3={}"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=0"
+      - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.letsencrypt.acme.email="
+      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+    env_file: env_files/traefik.env
+    networks:
+      - traefik
+      - public
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./config/rules:/rules:ro
+      - certificates:/letsencrypt:rw
+
 volumes:
+  certificates:
   db:
 
 networks:
@@ -63,4 +109,6 @@ networks:
   database:
     internal: true
   lora-gateway_mqtt:
-    external: true
\ No newline at end of file
+    external: true
+  traefik:
+    internal: true
\ No newline at end of file
diff --git a/server/frontend/public/assets/js/api.js b/server/frontend/public/assets/js/api.js
index 40516e7..d603298 100644
--- a/server/frontend/public/assets/js/api.js
+++ b/server/frontend/public/assets/js/api.js
@@ -1,4 +1,4 @@
-const API_BASE = 'http://192.168.1.195:8000'
+const API_BASE = 'https://api.agreg.ungol.fr'
 
 
 async function fetchConsumption({device_eui, start, end, granularity }) {