From 8dabe7a40ba847447ab984d71e19547b90ca0d1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Fri, 7 Nov 2025 16:12:04 +0100
Subject: [PATCH] refactor: remove Traefik exposure from Pastel API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Removed all Traefik labels from pastel_api service since the API
is now only accessed internally by pastel_ui via Docker network.

Changes:
- Removed traefik.enable and all HTTP/HTTPS router configurations
- Removed path prefix routing (/api)
- Kept only Watchtower label for auto-updates
- API now accessible only at http://pastel_api:3000 internally

This simplifies the configuration and improves security by not
exposing the API endpoint externally.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 kit/compose.yaml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/kit/compose.yaml b/kit/compose.yaml
index e5d9207..bf65eef 100644
--- a/kit/compose.yaml
+++ b/kit/compose.yaml
@@ -90,21 +90,6 @@ services:
     networks:
       - compose_network
     labels:
-      - 'traefik.enable=${KIT_TRAEFIK_ENABLED}'
-      # HTTP to HTTPS redirect
-      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-redirect-web-secure.redirectscheme.scheme=https'
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-pastel-api-redirect-web-secure'
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web.rule=Host(`${KIT_PASTEL_TRAEFIK_HOST}`) && PathPrefix(`/api`)'
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web.entrypoints=web'
-      # HTTPS router
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web-secure.rule=Host(`${KIT_PASTEL_TRAEFIK_HOST}`) && PathPrefix(`/api`)'
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web-secure.tls.certresolver=resolver'
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web-secure.entrypoints=web-secure'
-      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-compress.compress=true'
-      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-pastel-api-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-pastel-api-compress,security-headers@file'
-      # Service
-      - 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-pastel-api.loadbalancer.server.port=3000'
-      - 'traefik.docker.network=${NETWORK_NAME}'
       # Watchtower
       - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'