Conversation
…or network and environment variable improvements - Changed Docker network name in .env.example to 'default'. - Updated docker-compose.prod.yml to use the new internal_bridge and public_gateway networks. - Simplified environment variable references for PostgreSQL and other services. - Added Traefik labels for the frontend service to enable routing.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the production Docker Compose configuration to integrate Traefik for automated HTTP-to-HTTPS redirection and TLS termination. It also renames internal networks for clarity and simplifies environment variable error messages. Feedback focuses on improving the robustness of the network configuration by avoiding the reserved name 'default' for external networks, ensuring fallback values for network variables to prevent deployment failures, and using the existing SERVER_IP variable instead of hardcoded domain names in Traefik routing rules.
| restart: unless-stopped | ||
| labels: | ||
| - "traefik.enable=true" | ||
| - "traefik.docker.network=${DOCKER_NETWORK_NAME:-}" |
There was a problem hiding this comment.
Providing an empty fallback for the Traefik network label can lead to routing issues if the container is attached to multiple networks (as it is here with internal_bridge and public_gateway). Traefik needs to know explicitly which network to use to reach the container. This should have a sensible default that matches the network definition at the bottom of the file.
- "traefik.docker.network=${DOCKER_NETWORK_NAME:-proxy-tier}"| public_gateway: | ||
| external: true | ||
| name: ${DOCKER_NETWORK_NAME:-proxy-tier} | ||
| name: ${DOCKER_NETWORK_NAME} No newline at end of file |
There was a problem hiding this comment.
Removing the default value for the external network name makes the configuration brittle. If DOCKER_NETWORK_NAME is not defined in the environment, Docker Compose will fail to find the external network. It is safer to keep a default value (e.g., proxy-tier or proxy).
name: ${DOCKER_NETWORK_NAME:-proxy-tier}| # Docker | ||
| DOCKER_NETWORK_NAME=proxy-tier | ||
| #Docker | ||
| DOCKER_NETWORK_NAME=default |
There was a problem hiding this comment.
Using default as the name for an external network is highly discouraged. In Docker Compose, default is a reserved name for the network automatically created for each project. Setting DOCKER_NETWORK_NAME=default for an external: true network will likely cause conflicts or lead to the container connecting to the wrong network. It is recommended to use a more descriptive name like proxy or traefik-public to avoid confusion with Docker's internal networking.
| - "traefik.enable=true" | ||
| - "traefik.docker.network=${DOCKER_NETWORK_NAME:-}" | ||
| # HTTP → redirect HTTPS | ||
| - "traefik.http.routers.setrsoft-http.rule=Host(`setrsoft.com`) || Host(`www.setrsoft.com`)" |
There was a problem hiding this comment.
The domain name is hardcoded, which limits the flexibility of the production configuration. It is better to use the ${SERVER_IP} variable defined in the environment to ensure consistency and easier deployment to different environments.
- "traefik.http.routers.setrsoft-http.rule=Host(`${SERVER_IP}`) || Host(`www.${SERVER_IP}`)"| - "traefik.http.routers.setrsoft-http.middlewares=redirect-to-https" | ||
| - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" | ||
| # HTTPS | ||
| - "traefik.http.routers.setrsoft-https.rule=Host(`setrsoft.com`) || Host(`www.setrsoft.com`)" |
There was a problem hiding this comment.
The domain name is hardcoded here as well. Using the ${SERVER_IP} variable is recommended for better maintainability and consistency across the configuration.
- "traefik.http.routers.setrsoft-https.rule=Host(`${SERVER_IP}`) || Host(`www.${SERVER_IP}`)"There was a problem hiding this comment.
Pull request overview
Updates the production Docker Compose stack to standardize network naming and environment loading, and to expose the frontend via Traefik with HTTPS support.
Changes:
- Simplifies
env_filedeclarations and tightens required env var messages indocker-compose.prod.yml. - Renames internal/external networks (
internal_bridge,public_gateway) and wires services to the new networks. - Adds Traefik labels (routers, HTTPS redirect, Let’s Encrypt) and a restart policy for the
webservice; updates.env.exampledefault network name.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| docker-compose.prod.yml | Renames networks, simplifies env loading, and adds Traefik routing/TLS labels for the frontend service. |
| .env.example | Updates the example external network name used by production compose/Traefik. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - "traefik.http.routers.setrsoft-https.rule=Host(`setrsoft.com`) || Host(`www.setrsoft.com`)" | ||
| - "traefik.http.routers.setrsoft-https.entrypoints=https" | ||
| - "traefik.http.routers.setrsoft-https.tls=true" | ||
| - "traefik.http.routers.setrsoft-https.tls.certresolver=letsencrypt" | ||
| # Service | ||
| - "traefik.http.services.setrsoft-web.loadbalancer.server.port=80" |
There was a problem hiding this comment.
The Traefik router labels don’t reference the explicitly defined service setrsoft-web, so traefik.http.services.setrsoft-web.loadbalancer.server.port=80 is likely unused and Traefik will fall back to its auto-generated service/port detection. Consider either (a) adding traefik.http.routers.<router>.service=setrsoft-web for both routers, or (b) renaming the service label to match the router/default service name so the configured port is actually applied.
| restart: unless-stopped | ||
| labels: | ||
| - "traefik.enable=true" | ||
| - "traefik.docker.network=${DOCKER_NETWORK_NAME:-}" |
There was a problem hiding this comment.
public_gateway’s name requires DOCKER_NETWORK_NAME (${DOCKER_NETWORK_NAME}), but the Traefik label uses ${DOCKER_NETWORK_NAME:-} (empty-string fallback). If the variable is unset/mis-set, Compose and Traefik can silently diverge and Traefik may attach to the wrong network. Suggest making the label require the same variable (e.g., :?), or using the same default on both to keep them consistent.
| - "traefik.docker.network=${DOCKER_NETWORK_NAME:-}" | |
| - "traefik.docker.network=${DOCKER_NETWORK_NAME}" |
| # Docker | ||
| DOCKER_NETWORK_NAME=proxy-tier | ||
| #Docker | ||
| DOCKER_NETWORK_NAME=default |
There was a problem hiding this comment.
.env.example now sets DOCKER_NETWORK_NAME=default, but in docker-compose.prod.yml that value is used for an external network (public_gateway). Docker/Compose will not create an external network automatically, so using default is likely to fail unless a network with that exact name already exists. Consider reverting to a known Traefik network name (e.g. the previous proxy-tier) or updating the example/comment to instruct creating/choosing the correct external network name.
| DOCKER_NETWORK_NAME=default | |
| # Name of the pre-existing external Docker network shared with the reverse proxy (e.g. Traefik). | |
| # Docker Compose will not create external networks automatically, so this must match an existing network. | |
| DOCKER_NETWORK_NAME=proxy-tier |
|
|
||
| # Docker | ||
| DOCKER_NETWORK_NAME=proxy-tier | ||
| #Docker |
There was a problem hiding this comment.
Comment header formatting is inconsistent with the rest of the file: #Docker is missing a space (# Docker).
| #Docker | |
| # Docker |
This pull request updates the production Docker Compose configuration to improve network naming consistency, simplify environment variable usage, and add Traefik reverse proxy labels for the frontend service. The changes enhance deployment reliability and make the configuration easier to manage.
Docker Compose configuration improvements:
proxy-tiertodefaultin.env.exampleto align with typical Docker conventions and reduce confusion.env_fileusage by specifying.envdirectly for all services, and streamlined required environment variable error messages for clarity. [1] [2]setrsoft_networkandproxy-tiertointernal_bridgeandpublic_gatewayfor clearer separation of internal and external traffic, and updated network references throughout the Compose file. [1] [2]Traefik reverse proxy integration:
web(frontend) service to enable automatic HTTPS, HTTP-to-HTTPS redirection, and integration with Let's Encrypt for TLS certificates. This improves security and simplifies external access configuration.