From a90ccb8c5159fb5698aa479249afbb9ccefb9695 Mon Sep 17 00:00:00 2001 From: SamoilenkoVadym Date: Tue, 2 Dec 2025 11:28:08 +0000 Subject: [PATCH] fix: exclude Postiz API from SSO protection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit API endpoints at /api/* on social.ai-impress.com no longer require Authentik authentication. Frontend routes remain protected. This allows external integrations and webhooks to function properly without SSO. - Added postiz-api router in dynamic.yml for /api path without Authentik - Updated postiz frontend router to exclude /api routes - Simplified docker-compose.yml labels to avoid routing conflicts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../traefik/config/dynamic.yml | 30 +++++++++++++++++++ opt/postiz-config/docker-compose.yml | 17 ++++------- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/opt/00-infrastructure/traefik/config/dynamic.yml b/opt/00-infrastructure/traefik/config/dynamic.yml index d462e18..128e191 100644 --- a/opt/00-infrastructure/traefik/config/dynamic.yml +++ b/opt/00-infrastructure/traefik/config/dynamic.yml @@ -1,5 +1,25 @@ http: routers: + # Postiz API (backend) - without SSO protection + postiz-api: + rule: "Host(`social.ai-impress.com`) && PathPrefix(`/api`)" + service: postiz-api + entryPoints: + - websecure + tls: + certResolver: cloudflare + + # Postiz frontend - with Authentik + postiz: + rule: "Host(`social.ai-impress.com`) && !PathPrefix(`/api`)" + service: postiz + entryPoints: + - websecure + tls: + certResolver: cloudflare + middlewares: + - authentik@file + mirotalk: rule: "Host(`webinar.ai-impress.com`)" service: mirotalk @@ -9,6 +29,16 @@ http: certResolver: cloudflare services: + postiz-api: + loadBalancer: + servers: + - url: "http://postiz:5000" + + postiz: + loadBalancer: + servers: + - url: "http://postiz:5000" + mirotalk: loadBalancer: servers: diff --git a/opt/postiz-config/docker-compose.yml b/opt/postiz-config/docker-compose.yml index ba9d23a..c61605f 100644 --- a/opt/postiz-config/docker-compose.yml +++ b/opt/postiz-config/docker-compose.yml @@ -19,21 +19,14 @@ services: labels: - "traefik.enable=true" - "traefik.docker.network=traefik-public" - - # Main frontend: social.ai-impress.com (with Authelia) - - "traefik.http.routers.postiz.rule=Host(`social.ai-impress.com`)" - - "traefik.http.routers.postiz.entrypoints=websecure" - - "traefik.http.routers.postiz.tls.certresolver=cloudflare" - - "traefik.http.routers.postiz.middlewares=authentik@file" - - # Uploads subdomain: uploads.ai-impress.com (without Authelia, for social media bots) - - "traefik.http.routers.postiz-uploads.rule=Host(`uploads.ai-impress.com`)" - - "traefik.http.routers.postiz-uploads.entrypoints=websecure" - - "traefik.http.routers.postiz-uploads.tls.certresolver=cloudflare" - + # Service port - "traefik.http.services.postiz.loadbalancer.server.port=5000" + # Routing configured in /opt/00-infrastructure/traefik/config/dynamic.yml + # - postiz-api: /api routes (no SSO) + # - postiz: frontend routes (with Authentik) + postiz-postgres: image: postgres:16-alpine container_name: postiz-postgres