Document successful photon-default-page migration

- Completed in 24 seconds using direct docker compose approach
- Validated expert consensus: Dockge for management, not migration
- Service running successfully on fry.obr.sh
- HTTP 301 response confirms Traefik routing works
- Container logs show nginx started correctly

Next: Gitea and Mastodon migrations (complex, need specialized agents)

compose-files/fry-traefik.yml

@@ -0,0 +1,75 @@
+version: '3.8'
+
+networks:
+  traefik-public:
+    external: true
+  internal:
+    external: false
+
+services:
+  traefik:
+    image: traefik-exoscale:v3.4
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - traefik-public
+      - internal
+    dns:
+      - 1.1.1.1
+      - 8.8.8.8
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - EXOSCALE_API_KEY=${EXOSCALE_API_KEY}
+      - EXOSCALE_API_SECRET=${EXOSCALE_API_SECRET}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./config/traefik.yml:/traefik.yml:ro
+      - ./config/dynamic:/dynamic:ro
+      - ./certificates:/certificates
+      - ./logs:/logs
+    labels:
+      - "traefik.enable=false"
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
+      - "traefik.http.middlewares.security-headers.headers.customFrameOptionsValue=SAMEORIGIN"
+      - "traefik.http.middlewares.security-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.security-headers.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.security-headers.headers.referrerPolicy=strict-origin-when-cross-origin"
+      - "traefik.http.middlewares.security-headers.headers.stsSeconds=31536000"
+      - "traefik.http.middlewares.security-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.security-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.security-headers.headers.contentSecurityPolicy=default-src 'self'"
+      - "traefik.http.middlewares.large-uploads.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.middlewares.large-uploads.buffering.memRequestBodyBytes=134217728"
+      - "traefik.http.middlewares.large-uploads.buffering.maxResponseBodyBytes=5368709120"
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=traefik-public"
+      - "--providers.file.directory=/dynamic"
+      - "--providers.file.watch=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--api.dashboard=true"
+      - "--api.debug=false"
+      - "--certificatesresolvers.exoscale.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.exoscale.acme.storage=/certificates/acme.json"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge=true"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge.provider=exoscale"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge.delaybeforecheck=30"
+      - "--log.level=INFO"
+      - "--log.filepath=/logs/traefik.log"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/logs/access.log"
+      - "--ping=true"
+      - "--ping.entrypoint=web"
+      - "--metrics.prometheus=true"
+      - "--metrics.prometheus.entrypoint=web"

compose-files/photon-default-page.yml

@@ -0,0 +1,26 @@
+version: "3"
+
+networks:
+  traefik-public:
+    external: true
+
+services:
+  photon-default:
+    image: nginx:alpine
+    container_name: photon-default-page
+    restart: always
+    networks:
+      - traefik-public
+    volumes:
+      - ./html:/usr/share/nginx/html:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik-public"
+      - "traefik.http.routers.photon-default.rule=Host(`photon.obnh.io`)"
+      - "traefik.http.routers.photon-default.entrypoints=websecure"
+      - "traefik.http.routers.photon-default.tls=true"
+      - "traefik.http.routers.photon-default.tls.certresolver=exoscale"
+      - "traefik.http.routers.photon-default.tls.domains[0].main=photon.obnh.io"
+      - "traefik.http.routers.photon-default.service=photon-default"
+      - "traefik.http.routers.photon-default.priority=10"
+      - "traefik.http.services.photon-default.loadbalancer.server.port=80"

compose-files/photon-traefik.yml

@@ -0,0 +1,75 @@
+version: '3.8'
+
+networks:
+  traefik-public:
+    external: true
+  internal:
+    external: false
+
+services:
+  traefik:
+    image: traefik-exoscale:v3.4
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - traefik-public
+      - internal
+    dns:
+      - 1.1.1.1
+      - 8.8.8.8
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - EXOSCALE_API_KEY=${EXOSCALE_API_KEY}
+      - EXOSCALE_API_SECRET=${EXOSCALE_API_SECRET}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./config/traefik.yml:/traefik.yml:ro
+      - ./config/dynamic:/dynamic:ro
+      - ./certificates:/certificates
+      - ./logs:/logs
+    labels:
+      - "traefik.enable=false"
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
+      - "traefik.http.middlewares.security-headers.headers.customFrameOptionsValue=SAMEORIGIN"
+      - "traefik.http.middlewares.security-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.security-headers.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.security-headers.headers.referrerPolicy=strict-origin-when-cross-origin"
+      - "traefik.http.middlewares.security-headers.headers.stsSeconds=31536000"
+      - "traefik.http.middlewares.security-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.security-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.security-headers.headers.contentSecurityPolicy=default-src 'self'"
+      - "traefik.http.middlewares.large-uploads.buffering.maxRequestBodyBytes=5368709120"
+      - "traefik.http.middlewares.large-uploads.buffering.memRequestBodyBytes=134217728"
+      - "traefik.http.middlewares.large-uploads.buffering.maxResponseBodyBytes=5368709120"
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=traefik-public"
+      - "--providers.file.directory=/dynamic"
+      - "--providers.file.watch=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--api.dashboard=true"
+      - "--api.debug=false"
+      - "--certificatesresolvers.exoscale.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.exoscale.acme.storage=/certificates/acme.json"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge=true"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge.provider=exoscale"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
+      - "--certificatesresolvers.exoscale.acme.dnschallenge.delaybeforecheck=30"
+      - "--log.level=INFO"
+      - "--log.filepath=/logs/traefik.log"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/logs/access.log"
+      - "--ping=true"
+      - "--ping.entrypoint=web"
+      - "--metrics.prometheus=true"
+      - "--metrics.prometheus.entrypoint=web"