docs: add Traefik docker-compose example to expose the store over a domain
CI / test (push) Successful in 10m21s

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-26 23:59:24 -04:00
parent ddcf42a3ce
commit 9458528b40
+44
View File
@@ -39,6 +39,50 @@ docker run -d --name gadfly-reports -p 8090:8090 -v gadfly-reports-data:/data \
gitea.stevedudenhoeffer.com/steve/gadfly-reports:latest gitea.stevedudenhoeffer.com/steve/gadfly-reports:latest
``` ```
### Deploy behind Traefik (expose over a domain)
```yaml
# docker-compose.yml — publish gadfly-reports at https://reports.example.com via Traefik.
services:
gadfly-reports:
image: gitea.stevedudenhoeffer.com/steve/gadfly-reports:latest
restart: unless-stopped
environment:
# Auth is built in: callers (gadfly emit, gadfly-mcp) send this as a bearer
# token; /healthz stays open. ADDR and DB default to :8090 and
# /data/gadfly-reports.db inside the image.
GADFLY_REPORTS_TOKEN: ${GADFLY_REPORTS_TOKEN:?set GADFLY_REPORTS_TOKEN in .env}
volumes:
- gadfly-reports-data:/data
networks: [traefik]
healthcheck:
test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:8090/healthz"]
interval: 30s
timeout: 5s
retries: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.gadfly-reports.rule=Host(`reports.example.com`)"
- "traefik.http.routers.gadfly-reports.entrypoints=websecure"
- "traefik.http.routers.gadfly-reports.tls=true"
- "traefik.http.routers.gadfly-reports.tls.certresolver=letsencrypt"
- "traefik.http.services.gadfly-reports.loadbalancer.server.port=8090"
volumes:
gadfly-reports-data:
networks:
traefik:
external: true # the network your Traefik instance is attached to
```
Put `GADFLY_REPORTS_TOKEN=<secret>` in a `.env` beside the compose file. Tailor the three
Traefik bits to your setup — the **host** (`reports.example.com`), the **entrypoint**
(`websecure`) and the **certresolver** (`letsencrypt`) must match your Traefik config, and the
`traefik` network must be the external one Traefik watches. Traefik terminates TLS and forwards
to the container's `:8090`. Then point `gadfly`'s `GADFLY_FINDINGS_URL` and `gadfly-mcp`'s
`--store` at `https://reports.example.com` (with the same token).
## HTTP API (the canonical contract) ## HTTP API (the canonical contract)
| Method & path | Body / query | Purpose | | Method & path | Body / query | Purpose |