feat(docker-compose): configure Traefik to route API and frontend under a single domain

- Update Traefik rules to use a single domain with path prefixes - Add middleware to strip '/api' prefix for the API service - Set router priorities to resolve routing conflicts
2025-01-03 13:30:02 +07:00 · 2024-10-07 14:55:12 +02:00 · 2024-10-07 14:55:12 +02:00 · a72c8d269a
commit a72c8d269a
parent 7be44df4cf
2 changed files with 320 additions and 7 deletions
--- a/docker-compose-old.yml
+++ b/docker-compose-old.yml
@ -0,0 +1,309 @@
+volumes:
+  lago_postgres_data:
+  lago_redis_data:
+  lago_storage_data:
+
+services:
+  db:
+    image: postgres:14-alpine
+    container_name: lago-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-lago}
+      POSTGRES_USER: ${POSTGRES_USER:-lago}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
+      PGDATA: /data/postgres
+      PGPORT: ${POSTGRES_PORT:-5432}
+      POSTGRES_SCHEMA: public
+    volumes:
+      - lago_postgres_data:/data/postgres
+    ports:
+      - ${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}
+
+  redis:
+    image: redis:6-alpine
+    container_name: lago-redis
+    restart: unless-stopped
+    command: --port ${REDIS_PORT:-6379}
+    volumes:
+      - lago_redis_data:/data
+    ports:
+      - ${REDIS_PORT:-6379}:${REDIS_PORT:-6379}
+
+  api:
+    container_name: lago-api
+    image: getlago/api:v1.12.2
+    restart: unless-stopped
+    depends_on:
+      - db
+      - redis
+    command: ['./scripts/start.sh']
+    healthcheck:
+      test: curl -f http://localhost:3000/health || exit 1
+      interval: 10s
+      start_period: 30s
+      timeout: 60s
+      # uncomment for a potentially faster startup if you have docker --version > 25.0.0
+      # start_interval: 2s
+    environment:
+      - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000}
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public}
+      - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64}
+      - RAILS_ENV=production
+      - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true}
+      - SENTRY_DSN=${SENTRY_DSN}
+      - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost}
+      - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - LAGO_SIDEKIQ_WEB=${LAGO_SIDEKIQ_WEB}
+      - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key}
+      - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key}
+      - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt}
+      - LAGO_USE_AWS_S3=${LAGO_USE_AWS_S3:-false}
+      - LAGO_AWS_S3_ACCESS_KEY_ID=${LAGO_AWS_S3_ACCESS_KEY_ID:-azerty123456}
+      - LAGO_AWS_S3_SECRET_ACCESS_KEY=${LAGO_AWS_S3_SECRET_ACCESS_KEY:-azerty123456}
+      - LAGO_AWS_S3_REGION=${LAGO_AWS_S3_REGION:-us-east-1}
+      - LAGO_AWS_S3_BUCKET=${LAGO_AWS_S3_BUCKET:-bucket}
+      - LAGO_AWS_S3_ENDPOINT=${LAGO_AWS_S3_ENDPOINT}
+      - LAGO_USE_GCS=${LAGO_USE_GCS:-false}
+      - LAGO_GCS_PROJECT=${LAGO_GCS_PROJECT:-}
+      - LAGO_GCS_BUCKET=${LAGO_GCS_BUCKET:-}
+      - LAGO_PDF_URL=${LAGO_PDF_URL:-http://pdf:3000}
+      - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379}
+      - LAGO_REDIS_CACHE_PASSWORD=${LAGO_REDIS_CACHE_PASSWORD}
+      - LAGO_DISABLE_SEGMENT=${LAGO_DISABLE_SEGMENT}
+      - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH}
+      - LAGO_OAUTH_PROXY_URL=https://proxy.getlago.com
+      - LAGO_LICENSE=${LAGO_LICENSE:-}
+      - GOOGLE_AUTH_CLIENT_ID=${GOOGLE_AUTH_CLIENT_ID:-}
+      - GOOGLE_AUTH_CLIENT_SECRET=${GOOGLE_AUTH_CLIENT_SECRET:-}
+      - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-}
+      # - SIDEKIQ_EVENTS=true
+      # - SIDEKIQ_PDFS=true
+    volumes:
+      - lago_storage_data:/app/storage
+      # If using GCS, you need to put the credentials keyfile here
+      #- gcs_keyfile.json:/app/gcs_keyfile.json
+    ports:
+      - ${API_PORT:-3000}:3000
+
+  front:
+    container_name: lago-front
+    image: getlago/front:v1.12.2
+    restart: unless-stopped
+    # Use this command if you want to use SSL with Let's Encrypt
+    # command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+    depends_on:
+      api:
+        condition: service_healthy
+    environment:
+      - API_URL=${LAGO_API_URL:-http://localhost:3000}
+      - APP_ENV=${APP_ENV:-production}
+      - LAGO_DISABLE_SIGNUP=${LAGO_DISABLE_SIGNUP:-false}
+      - LAGO_OAUTH_PROXY_URL=https://proxy.getlago.com
+      - SENTRY_DSN=${SENTRY_DSN_FRONT}
+      - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-}
+    ports:
+      - ${FRONT_PORT:-80}:80
+    #  - 443:443
+    # Using SSL with Let's Encrypt
+    # volumes:
+    #   - ./extra/nginx-letsencrypt.conf:/etc/nginx/conf.d/default.conf
+    #   - ./extra/certbot/conf:/etc/letsencrypt
+    #   - ./extra/certbot/www:/var/www/certbot
+    # Using SSL with self signed certificates
+    # volumes:
+    #   - ./extra/nginx-selfsigned.conf:/etc/nginx/conf.d/default.conf
+    #   - ./extra/ssl/nginx-selfsigned.crt:/etc/ssl/certs/nginx-selfsigned.crt
+    #   - ./extra/ssl/nginx-selfsigned.key:/etc/ssl/private/nginx-selfsigned.key
+    #   - ./extra/ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem
+
+  # Only used for SSL support with Let's Encrypt
+  # certbot:
+  #   image: certbot/certbot
+  #   entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  #   volumes:
+  #     - ./extra/certbot/conf:/etc/letsencrypt
+  #     - ./extra/certbot/www:/var/www/certbot
+
+  api-worker:
+    container_name: lago-worker
+    image: getlago/api:v1.12.2
+    restart: unless-stopped
+    depends_on:
+      api:
+        condition: service_healthy
+    command: ['./scripts/start.worker.sh']
+    healthcheck:
+      test: ['CMD-SHELL', 'bundle exec sidekiqmon | grep $(hostname) || exit 1']
+    environment:
+      - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000}
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public}
+      - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64}
+      - RAILS_ENV=production
+      - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true}
+      - SENTRY_DSN=${SENTRY_DSN}
+      - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key}
+      - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key}
+      - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt}
+      - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost}
+      - LAGO_USE_AWS_S3=${LAGO_USE_AWS_S3:-false}
+      - LAGO_AWS_S3_ACCESS_KEY_ID=${LAGO_AWS_S3_ACCESS_KEY_ID:-azerty123456}
+      - LAGO_AWS_S3_SECRET_ACCESS_KEY=${LAGO_AWS_S3_SECRET_ACCESS_KEY:-azerty123456}
+      - LAGO_AWS_S3_REGION=${LAGO_AWS_S3_REGION:-us-east-1}
+      - LAGO_AWS_S3_BUCKET=${LAGO_AWS_S3_BUCKET:-bucket}
+      - LAGO_AWS_S3_ENDPOINT=${LAGO_AWS_S3_ENDPOINT}
+      - LAGO_USE_GCS=${LAGO_USE_GCS:-false}
+      - LAGO_GCS_PROJECT=${LAGO_GCS_PROJECT:-}
+      - LAGO_GCS_BUCKET=${LAGO_GCS_BUCKET:-}
+      - LAGO_PDF_URL=${LAGO_PDF_URL:-http://pdf:3000}
+      - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379}
+      - LAGO_REDIS_CACHE_PASSWORD=${LAGO_REDIS_CACHE_PASSWORD}
+      - LAGO_DISABLE_SEGMENT=${LAGO_DISABLE_SEGMENT}
+      - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH}
+      - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-}
+      - LAGO_LICENSE=${LAGO_LICENSE:-}
+      # - SIDEKIQ_EVENTS=true
+      # - SIDEKIQ_PDFS=true
+    volumes:
+      - lago_storage_data:/app/storage
+
+  # You can uncomment this if you want to use a dedicated Sidekiq worker for the event ingestion.
+  # It is recommendend if you have a high usage of events to not impact the other Sidekiq Jobs.
+  #api-events-worker:
+  #  container_name: lago-events-worker
+  #  image: getlago/api:v1.12.2
+  #  restart: unless-stopped
+  #  depends_on:
+  #    api:
+  #      condition: service_healthy
+  #  command: ["./scripts/start.events.worker.sh"]
+  #  environment:
+  #    - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000}
+  #    - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public}
+  #    - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379}
+  #    - REDIS_PASSWORD=${REDIS_PASSWORD}
+  #    - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64}
+  #    - RAILS_ENV=production
+  #    - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true}
+  #    - SENTRY_DSN=${SENTRY_DSN}
+  #    - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+  #    - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+  #    - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key}
+  #    - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key}
+  #    - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt}
+  #    - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost}
+  #    - LAGO_USE_AWS_S3=${LAGO_USE_AWS_S3:-false}
+  #    - LAGO_AWS_S3_ACCESS_KEY_ID=${LAGO_AWS_S3_ACCESS_KEY_ID:-azerty123456}
+  #    - LAGO_AWS_S3_SECRET_ACCESS_KEY=${LAGO_AWS_S3_SECRET_ACCESS_KEY:-azerty123456}
+  #    - LAGO_AWS_S3_REGION=${LAGO_AWS_S3_REGION:-us-east-1}
+  #    - LAGO_AWS_S3_BUCKET=${LAGO_AWS_S3_BUCKET:-bucket}
+  #    - LAGO_AWS_S3_ENDPOINT=${LAGO_AWS_S3_ENDPOINT}
+  #    - LAGO_USE_GCS=${LAGO_USE_GCS:-false}
+  #    - LAGO_GCS_PROJECT=${LAGO_GCS_PROJECT:-}
+  #    - LAGO_GCS_BUCKET=${LAGO_GCS_BUCKET:-}
+  #    - LAGO_PDF_URL=${LAGO_PDF_URL:-http://pdf:3000}
+  #    - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379}
+  #    - LAGO_REDIS_CACHE_PASSWORD=${LAGO_REDIS_CACHE_PASSWORD}
+  #    - LAGO_DISABLE_SEGMENT=${LAGO_DISABLE_SEGMENT}
+  #    - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH}
+  #    - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-}
+  #    - SIDEKIQ_EVENTS=true
+  #    - LAGO_LICENSE=${LAGO_LICENSE:-}
+
+  # You can uncomment this if you want to use a dedicated Sidekiq worker for the invoices pdf creation.
+  # It is recommended if you have a high usage of invoices being created to not impact the other Sidekiq Jobs.
+  #api-pdfs-worker:
+  #  container_name: lago-pdfs-worker
+  #  image: getlago/api:v1.12.2
+  #  restart: unless-stopped
+  #  depends_on:
+  #    api:
+  #      condition: service_healthy
+  #  command: ["./scripts/start.pdfs.worker.sh"]
+  #  environment:
+  #    - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000}
+  #    - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public}
+  #    - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379}
+  #    - REDIS_PASSWORD=${REDIS_PASSWORD}
+  #    - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64}
+  #    - RAILS_ENV=production
+  #    - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true}
+  #    - SENTRY_DSN=${SENTRY_DSN}
+  #    - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+  #    - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+  #    - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key}
+  #    - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key}
+  #    - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt}
+  #    - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost}
+  #    - LAGO_USE_AWS_S3=${LAGO_USE_AWS_S3:-false}
+  #    - LAGO_AWS_S3_ACCESS_KEY_ID=${LAGO_AWS_S3_ACCESS_KEY_ID:-azerty123456}
+  #    - LAGO_AWS_S3_SECRET_ACCESS_KEY=${LAGO_AWS_S3_SECRET_ACCESS_KEY:-azerty123456}
+  #    - LAGO_AWS_S3_REGION=${LAGO_AWS_S3_REGION:-us-east-1}
+  #    - LAGO_AWS_S3_BUCKET=${LAGO_AWS_S3_BUCKET:-bucket}
+  #    - LAGO_AWS_S3_ENDPOINT=${LAGO_AWS_S3_ENDPOINT}
+  #    - LAGO_USE_GCS=${LAGO_USE_GCS:-false}
+  #    - LAGO_GCS_PROJECT=${LAGO_GCS_PROJECT:-}
+  #    - LAGO_GCS_BUCKET=${LAGO_GCS_BUCKET:-}
+  #    - LAGO_PDF_URL=${LAGO_PDF_URL:-http://pdf:3000}
+  #    - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379}
+  #    - LAGO_REDIS_CACHE_PASSWORD=${LAGO_REDIS_CACHE_PASSWORD}
+  #    - LAGO_DISABLE_SEGMENT=${LAGO_DISABLE_SEGMENT}
+  #    - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH}
+  #    - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-}
+  #    - SIDEKIQ_PDFS=true
+  #    - LAGO_LICENSE=${LAGO_LICENSE:-}
+
+  api-clock:
+    container_name: lago-clock
+    image: getlago/api:v1.12.2
+    restart: unless-stopped
+    depends_on:
+      api:
+        condition: service_healthy
+    command: ['./scripts/start.clock.sh']
+    environment:
+      - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000}
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public}
+      - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64}
+      - RAILS_ENV=production
+      - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true}
+      - SENTRY_DSN=${SENTRY_DSN}
+      - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH}
+      - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379}
+      - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key}
+      - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key}
+      - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt}
+      - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-}
+      - LAGO_LICENSE=${LAGO_LICENSE:-}
+
+  pdf:
+    image: getlago/lago-gotenberg:7.8.2
+
+  migrate:
+    container_name: lago-migrate
+    image: getlago/api:v1.12.2
+    depends_on:
+      - db
+      - redis
+    command: ['./scripts/start.migrate.sh']
+    volumes:
+      - lago_storage_data:/app/storage
+    environment:
+      - RAILS_ENV=production
+      - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64}
+      - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public}
+      - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -61,7 +61,7 @@ services:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
-      - "--certificatesresolvers.myresolver.acme.email=your_email@domain.tld"
+      - "--certificatesresolvers.myresolver.acme.email=youremail@domain.tld"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
@ -96,11 +96,14 @@ services:
      timeout: 60s
      retries: 5
    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.api.entrypoints=websecure"
-      - "traefik.http.routers.api.rule=Host(`api.${DOMAIN}`)"
-      - "traefik.http.routers.api.tls.certresolver=myresolver"
-      - "traefik.http.services.api.loadbalancer.server.port=3000"
+        - "traefik.enable=true"
+        - "traefik.http.routers.api.entrypoints=websecure"
+        - "traefik.http.routers.api.rule=Host(`${DOMAIN}`) && PathPrefix(`/api`)"
+        - "traefik.http.routers.api.tls.certresolver=myresolver"
+        - "traefik.http.routers.api.priority=100"
+        - "traefik.http.services.api.loadbalancer.server.port=3000"
+        - "traefik.http.middlewares.api-strip-prefix.stripprefix.prefixes=/api"
+        - "traefik.http.routers.api.middlewares=api-strip-prefix"
    volumes:
      - lago_storage_data:/app/storage

@ -119,9 +122,10 @@ services:
      timeout: 10s
      retries: 3
    labels:
+      - "traefik.http.routers.front.priority=50"
      - "traefik.enable=true"
      - "traefik.http.routers.front.entrypoints=websecure"
-      - "traefik.http.routers.front.rule=Host(`app.${DOMAIN}`)"
+      - "traefik.http.routers.front.rule=Host(`${DOMAIN}`) && PathPrefix(`/`)"
      - "traefik.http.routers.front.tls.certresolver=myresolver"
      - "traefik.http.services.front.loadbalancer.server.port=80"
    volumes: