Removed AUTH_USERS environment variable from Traefik container as Docker
Compose was incorrectly expanding the $ signs in the htpasswd hash.
Instead, hardcoded the credentials directly in the vert-sablier.yaml dynamic
configuration file (which is not tracked in git, so changes remain local).
The AUTH_USERS variable with $$ escaping continues to work correctly in
Docker labels for other services.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed "middleware does not exist" error for VERT by defining all middlewares
in the file provider configuration instead of relying on Docker provider
middlewares from a stopped container (Sablier scale-to-zero).
Changes:
- Added vert-auth middleware using AUTH_USERS environment variable
- Added vert-compress middleware for gzip compression
- Passed AUTH_USERS to Traefik container via environment section
- Removed @docker suffixes from middleware references
This ensures middlewares are always available, even when the VERT container
is stopped by Sablier's dynamic scaling feature.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed "the service 'vert-web-secure@docker' does not exist" error by defining
the service directly in the vert-sablier.yaml file provider configuration.
Previously, the router was defined in the file provider but tried to reference
a service from the Docker provider (@docker suffix), which caused a mismatch.
Now both the router and service are defined in the same file provider, while
still using Docker-based middlewares (auth, compression).
Changes:
- Added services.vert-web-secure with loadBalancer pointing to vert_app:80
- Changed router service reference from "vert-web-secure@docker" to "vert-web-secure"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed the global `--entrypoints.web-secure.http.tls.options=default@file`
configuration from proxy/compose.yaml that was causing "unknown TLS options"
errors during Traefik startup.
The issue occurred because Traefik attempted to apply TLS options to all
routers before the file provider finished loading security.yaml, creating
a race condition. Services now use Let's Encrypt certificates without
explicit TLS options at the entrypoint level.
The TLS security settings (minimum TLS 1.2, strong cipher suites, etc.)
remain defined in proxy/dynamic/security.yaml and can be applied to
individual services via their router configurations if needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Moved Sablier middleware from Docker labels to Traefik dynamic configuration
to fix "unknown plugin type: sablier" error. Traefik plugins can only be
used in dynamic file configuration, not in Docker labels.
Changes:
- Removed sablier-vert@file reference from Docker label middleware chain
- Added complete router definition to proxy/dynamic/vert-sablier.yaml
- Router includes full middleware chain: sablier-vert → vert-auth → compress
- Kept sablier.enable and sablier.group labels for Sablier service discovery
This allows Sablier to properly scale the container to zero while maintaining
the middleware chain order through file-based configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Sablier plugin and service for scale-to-zero capabilities:
**Traefik Plugin:**
- Added experimental.plugins.sablier configuration
- Plugin version: v1.10.1
- Module: github.com/acouvreur/sablier/plugins/traefik
**Sablier Service:**
- Created sablier/compose.yaml with Sablier server
- Uses Docker provider for container management
- Mounts Docker socket for container control
- Connected to falcon_network
**Configuration:**
- Added SABLIER_COMPOSE_PROJECT_NAME to arty.yml
- Added SABLIER_VERSION to arty.yml
- Included sablier stack in compose.yaml
**Usage:**
Services can now use Sablier middleware to automatically
scale to zero when idle and start on demand when accessed.
Example middleware configuration:
```yaml
http:
middlewares:
my-sablier:
plugin:
sablier:
sablierUrl: http://sablier_app:10000
names: service-name
sessionDuration: 1m
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added loadbalancer.server.port=8080 to dashboard configuration
since the Traefik API/dashboard runs on port 8080 internally.
Also added ping endpoint for healthchecks.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated dashboard configuration to match the working pattern
from other services (Links, Scrapy, etc):
**Changes:**
- Added HTTP to HTTPS redirect middleware
- Added separate web and web-secure routers
- Renamed middleware from dashboard-auth to just auth
- Added explicit docker.network label
- Now follows the exact same pattern as Links stack
**Label Structure:**
- web router: HTTP entrypoint with redirect middleware
- web-secure router: HTTPS with TLS cert resolver and auth
- Consistent naming: proxy-web, proxy-web-secure, proxy-auth
This ensures the dashboard works the same way as all
other services in the stack.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added three new service stacks to the docker-compose infrastructure:
- **Scrapy stack** (scrapy.pivoine.art):
- scrapyd: Web scraping daemon with web interface (port 6800)
- scrapy: Development container for spider commands
- scrapyrt: Real-time API for running spiders (port 9080)
- **n8n stack** (n8n.pivoine.art):
- Workflow automation platform with PostgreSQL backend
- 200+ integrations for automated tasks
- Runners enabled for task execution
- Webhook support for external triggers
- **Filestash stack** (stash.pivoine.art):
- Web-based file manager with multi-backend support
- Supports SFTP, S3, Dropbox, Google Drive, FTP, WebDAV
- In-browser file viewing and media playback
Infrastructure updates:
- Updated PostgreSQL init script to create n8n database
- Added environment variables to arty.yml for all three stacks
- Updated compose.yaml include list
- Updated CLAUDE.md and README.md documentation
- Normalized service names in existing stacks (gotify, proxy, umami, vpn)
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
