fix reverse proxy mapping and traefik disabled

[Fra5792]

What

An issue was causing reverse-proxy a result of bad gateway

Why

Traefik and port mapping issue

I have read and understood the Contribution Guidelines.

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Updated frontend service to route traffic to container port 80 while keeping external access on port 3000; added load balancer label to target port 80.
  • Disabled external routing for the internal createbuckets service in the development essentials configuration to prevent exposure.

Walkthrough

Updated Docker Compose configs: added a Traefik-disabling label for the createbuckets service in the dev essentials file, and changed the frontend service to expose container port 80 (not 3000) with a corresponding Traefik load balancer port label in the main compose file.

Changes

Cohort / File(s)	Summary
Dev essentials Traefik config docker/docker-compose-dev-essentials.yaml	Added labels with traefik.enable=false to the createbuckets service to disable Traefik routing.
Frontend exposure and Traefik label docker/docker-compose.yaml	Changed frontend ports from 3000:3000 to 3000:80; added label traefik.http.services.frontend.loadbalancer.server.port=80.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description provides brief "What" and "Why" entries identifying a reverse-proxy bad gateway and attributing it to Traefik and port mapping, but it omits many required sections from the repository template such as "How", "Can this PR break any existing features", "Database Migrations", "Env Config", "Notes on Testing", and related items. The missing "Can this PR break any existing features" section is explicitly required by the template and prevents admins from merging. Because multiple mandatory fields are incomplete, the description is insufficient for review in its current state.	Please update the PR description to follow the repository template: fill the "How" section with a concise summary of the file changes and why they fix the issue, explicitly state whether this PR can break existing features and list any affected areas, declare any database migrations or environment variable changes (or "none"), and add "Notes on Testing" showing steps to reproduce the bad gateway and the verification steps/logs you used; also include Related Issues/PRs and dependency/version notes so reviewers have full context before merging.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly references the two main changes in the changeset — fixing reverse-proxy mapping and disabling Traefik — which correspond to the frontend port remapping and the addition of a traefik.enable=false label; it is concise and relevant to the changes. It is slightly informal and could be more specific about which service had Traefik disabled (createbuckets). Overall the title summarizes the primary intent well enough for a quick scan by reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ritwik-g
❌ Francesco Marchi

---

Francesco Marchi seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

docker/docker-compose-dev-essentials.yaml (2)

139-151: RabbitMQ may still be auto-exposed via Traefik.

Since providers.docker.exposedbydefault isn’t disabled in Traefik, services without traefik.enable=false can be exposed implicitly. Recommend explicitly disabling for RabbitMQ.

Apply:

 rabbitmq:
   image: rabbitmq:4.1.0-management
   container_name: unstract-rabbitmq
   hostname: unstract-rabbit
   restart: unless-stopped
   env_file:
     - ./essentials.env
   ports:
     - "5672:5672"  # AMQP port
     - "15672:15672"  # Management UI port
   volumes:
     - rabbitmq_data:/var/lib/rabbitmq
+  labels:
+    - traefik.enable=false

---

77-81: Harden Traefik discovery defaults.

To prevent unintentional exposure, disable Docker “exposed by default” and rely on explicit labels.

Apply:

-    command: --api.insecure=true
+    command: --api.insecure=true
       --accesslog=true --log.level=INFO
-      --providers.docker=true --providers.docker.network=unstract-network
+      --providers.docker=true --providers.docker.network=unstract-network --providers.docker.exposedbydefault=false
       --providers.file.filename=/proxy_overrides.yaml --providers.file.watch=true

docker/docker-compose.yaml (3)

33-35: Mirror the rule fix for backend for consistency.

Backend uses PathPrefix(/api/v1, /deployment) as well. Recommend the same explicit OR.

Apply:

-      - traefik.http.routers.backend.rule=Host(`frontend.unstract.localhost`) && PathPrefix(`/api/v1`, `/deployment`)
+      - traefik.http.routers.backend.rule=Host(`frontend.unstract.localhost`) && (PathPrefix(`/api/v1`) || PathPrefix(`/deployment`))

---

175-177: Optional: set explicit router priorities.

Not strictly required, but helps avoid ambiguity if rules evolve.

       - traefik.http.routers.frontend.rule=Host(`frontend.unstract.localhost`) && !(PathPrefix(`/api/v1`) || PathPrefix(`/deployment`))
+      - traefik.http.routers.frontend.priority=10

And for backend (above):

       - traefik.http.routers.backend.rule=Host(`frontend.unstract.localhost`) && (PathPrefix(`/api/v1`) || PathPrefix(`/deployment`))
+      - traefik.http.routers.backend.priority=20

---

167-168: Optional: avoid publishing 3000 when Traefik is present.

If you only access the frontend via Traefik on host port 80, drop the host port exposure to reduce conflicts. Keep it only if you need direct access on 3000.

-    ports:
-      - "3000:80"
+    # ports:
+    #   - "3000:80"  # Uncomment if you need direct access without Traefik

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between ffac92b and 91b9663.

📒 Files selected for processing (2)

• docker/docker-compose-dev-essentials.yaml (1 hunks)
• docker/docker-compose.yaml (2 hunks)

🔇 Additional comments (2)

docker/docker-compose-dev-essentials.yaml (1)

63-64: Good call disabling Traefik on createbuckets.

This avoids accidental router/service creation for a short‑lived, non-HTTP job.

docker/docker-compose.yaml (1)

168-168: Confirm frontend listens on port 80 inside the image.

Sandbox couldn't run Docker (docker: command not found); verification required locally. Run and paste results:

docker image inspect "unstract/frontend:${VERSION}" | jq '.[0].ContainerConfig.ExposedPorts, .[0].Config.ExposedPorts'
docker run --rm --name probe-frontend -d -p 8088:80 "unstract/frontend:${VERSION}" && sleep 3 && curl -i http://localhost:8088/ | sed -n '1,1p' && docker rm -f probe-frontend

Location: docker/docker-compose.yaml (around line 168) — current mapping: - "3000:80"

If the container actually serves on 3000, change compose to "- "3000:3000"" and update Traefik to forward to port 3000.

[ritwik-g]

@Fra5792 the changes as such looks okay. Do you have any associated issues with this? Also can you add some screenshots of before and after of these changes?

Also please accept the CLA.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud