From 817f2da4aa06a1eb90421306f53f15212e870373 Mon Sep 17 00:00:00 2001
From: admin <jkilloran@mapletree.email>
Date: Mon, 2 Feb 2026 12:21:59 -0700
Subject: [PATCH] setup shared and dingle traefik labels

---
 lxc1/p2-apps/forgejo.yml   | 22 +++++++++++++++++++++-
 lxc1/p2-apps/guacamole.yml |  4 +++-
 lxc1/p2-apps/komodo.yml    | 20 ++++++++++++++------
 3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/lxc1/p2-apps/forgejo.yml b/lxc1/p2-apps/forgejo.yml
index 984a8ce..2afa1aa 100644
--- a/lxc1/p2-apps/forgejo.yml
+++ b/lxc1/p2-apps/forgejo.yml
@@ -20,4 +20,24 @@ services:
       - /docker/core/forgejo/data:/data
     ports:
       - "3000:3000"
-      - "222:22"
\ No newline at end of file
+      - "222:22"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=${TRAEFIK_NETWORK}"
+
+      # --- SHARED HA ROUTER (git.domain.com) ---
+      - "traefik.http.routers.forgejo-shared-${FORGEJO_NODE_ID}.rule=Host(`git.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.forgejo-shared-${FORGEJO_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.forgejo-shared-${FORGEJO_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
+      - "traefik.http.routers.forgejo-shared-${FORGEJO_NODE_ID}.service=forgejo-common-svc"
+
+      # --- NODE-SPECIFIC ADMIN ROUTER (git1... git2...) ---
+      - "traefik.http.routers.forgejo-admin-${FORGEJO_NODE_ID}.rule=Host(`git${FORGEJO_NODE_ID}.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.forgejo-admin-${FORGEJO_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.forgejo-admin-${FORGEJO_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
+      - "traefik.http.routers.forgejo-admin-${FORGEJO_NODE_ID}.service=forgejo-common-svc"
+
+      # --- SHARED SERVICE ---
+      - "traefik.http.services.forgejo-common-svc.loadbalancer.server.port=3000"
+      # Forgejo benefits from sticky sessions to keep the web-git terminal stable
+      - "traefik.http.services.forgejo-common-svc.loadbalancer.sticky.cookie=true"
\ No newline at end of file
diff --git a/lxc1/p2-apps/guacamole.yml b/lxc1/p2-apps/guacamole.yml
index e20d3dc..615392a 100644
--- a/lxc1/p2-apps/guacamole.yml
+++ b/lxc1/p2-apps/guacamole.yml
@@ -39,17 +39,19 @@ services:
       - guac_external
     labels:
       - "traefik.enable=${GUAC_TRAEFIK_ENABLED}"
-      - "traefik.http.routers.guac.tls=true"
       - "traefik.docker.network=guac_external"
       # --- NODE-SPECIFIC ADMIN ROUTER (The Backdoor) ---
       - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.rule=Host(`guac${GUAC_NODE_ID}.${TRAEFIK_DNS_SUFFIX}`)"
       - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
       - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.service=guac-common-service"
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.tls=true"
     # --- SHARED HA ROUTER (The Main URL) ---
       - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.rule=Host(`guac.${TRAEFIK_DNS_SUFFIX}`)"
       - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
       - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
       - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.service=guac-common-service"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.tls=true"
       # --- THE SHARED SERVICE ---
       # Identical name on both containers creates the Load Balanced pool
       - "traefik.http.services.guac-common-service.loadbalancer.server.port=8080"
diff --git a/lxc1/p2-apps/komodo.yml b/lxc1/p2-apps/komodo.yml
index 1712dc2..525a2b6 100644
--- a/lxc1/p2-apps/komodo.yml
+++ b/lxc1/p2-apps/komodo.yml
@@ -37,13 +37,21 @@ services:
       - KOMODO_DATABASE_URI=mongodb://${KOMODO_DB_PRI}:27017,${KOMODO_DB_SEC}:27017/komodo?replicaSet=${KOMODO_DB_REPLICA}
       #- KOMODO_DATABASE_ADDRESS=
       - "traefik.enable=${KOMODO_TRAEFIK_ENABLED}"
-      # Router
-      - "traefik.http.routers.komodo.rule=Host(`${KOMODO_TRAEFIK_HOSTNAME}.${TRAEFIK_DNS_SUFFIX}`)"
-      - "traefik.http.routers.komodo.entrypoints=${KOMODO_TRAEFIK_ENTRYPOINTS}"
-      - "traefik.http.routers.komodo.tls.certresolver=${KOMODO_TRAEFIK_RESOLVER}"
-      # Service (points to internal port)
-      - "traefik.http.services.komodo.loadbalancer.server.port=${KOMODO_TRAEFIK_PORT}"
       - "traefik.docker.network=komodo_external"
+      # Router
+      - "traefik.http.routers.komodo-admin-${KOMODO_NODE_ID}.rule=Host(`komodo${KOMODO_NODE_ID}.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.komodo-admin-${KOMODO_NODE_ID}.service=komodo-common-svc"
+      - "traefik.http.routers.komodo-admin-${KOMODO_NODE_ID}.entrypoints=${KOMODO_TRAEFIK_ENTRYPOINTS}"
+      - "traefik.http.routers.komodo-admin-${KOMODO_NODE_ID}.tls.certresolver=${KOMODO_TRAEFIK_RESOLVER}"
+      - "traefik.http.routers.komodo-admin-${KOMODO_NODE_ID}.tls=true"
+      # --- SHARED HA ROUTER (komodo.domain.com) ---
+      - "traefik.http.routers.komodo-shared-${KOMODO_NODE_ID}.rule=Host(`komodo.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.komodo-shared-${KOMODO_NODE_ID}.service=komodo-common-svc"
+      - "traefik.http.routers.komodo-shared-${KOMODO_NODE_ID}.entrypoints=${KOMODO_TRAEFIK_ENTRYPOINTS}"
+      - "traefik.http.routers.komodo-shared-${KOMODO_NODE_ID}.tls.certresolver=${KOMODO_TRAEFIK_RESOLVER}"
+      - "traefik.http.routers.komodo-shared-${KOMODO_NODE_ID}.tls=true"
+      # --- SHARED SERVICE ---
+      - "traefik.http.services.komodo-common-svc.loadbalancer.server.port=9123"
     networks:
       - komodo_internal
       - komodo_external