From a504f23f606b3611313c50d544a4b890bc037a4b Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeff@jeffemmett.com>
Date: Mon, 16 Feb 2026 19:54:15 +0000
Subject: [PATCH] Add websecure Traefik entrypoint for Cloudflare Full SSL mode

Cloudflare tunnel with Full SSL requires Traefik to accept TLS on
the websecure entrypoint. Uses Traefik's default cert (tunnel is
already encrypted, Cloudflare handles the public cert).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docker-compose.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index f8a776e..c82e4b1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,10 @@ services:
       - "traefik.http.routers.portapower.rule=Host(`portapower.buzz`) || Host(`www.portapower.buzz`)"
       - "traefik.http.routers.portapower.entrypoints=web"
       - "traefik.http.services.portapower.loadbalancer.server.port=80"
+      - "traefik.http.routers.portapower-secure.rule=Host(`portapower.buzz`) || Host(`www.portapower.buzz`)"
+      - "traefik.http.routers.portapower-secure.entrypoints=websecure"
+      - "traefik.http.routers.portapower-secure.tls=true"
+      - "traefik.http.routers.portapower-secure.service=portapower"
       - "traefik.docker.network=traefik-public"
 
 networks: