fix: hardcode Traefik port labels (Gotcha 6 - vars not expanded in labels)

Coolify does not expand ${VAR} in label values. All loadbalancer port
labels must use hardcoded values:
- trilium:   ${TRILIUM_HTTP_PORT}  → 8080
- adguard:   ${ADGUARD_HTTP_PORT}  → 80
- authentik: ${AUTHENTIK_HTTP_PORT} → 9000
- gitea:     ${GITEA_HTTP_PORT}    → 3000
- wireguard: ${WG_UI_PORT}         → 51821

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

adguard/docker-compose.yml

@@ -23,7 +23,7 @@ services:
         ipv4_address: ${ADGUARD_IPV4}
 
     labels:
-      traefik.http.services.adguard.loadbalancer.server.port: "${ADGUARD_HTTP_PORT}"
+      traefik.http.services.adguard.loadbalancer.server.port: "80"
 
 volumes:
   adguard-cert-crt-path:

adguard/stack.env

@@ -6,7 +6,7 @@ ADGUARD_CERT_CRT_PATH=
 ADGUARD_CERT_KEY_PATH=
 ADGUARD_DOT_PORT=
 ADGUARD_IPV4=
-ADGUARD_HTTP_PORT=
+ADGUARD_HTTP_PORT=80
 
 ##### Traefik / red #####
 TRAEFIK_DOCKER_NETWORK=

authentik/docker-compose.yml

@@ -48,7 +48,7 @@ services:
       - ths-authentik-redis
 
     expose:
-      - "${AUTHENTIK_HTTP_PORT}"
+      - "9000"
 
     networks:
       - ths_authentik_internal
@@ -56,7 +56,7 @@ services:
 
     labels:
       # Service Authentik (panel + endpoints)
-      traefik.http.services.ths-authentik.loadbalancer.server.port: "${AUTHENTIK_HTTP_PORT}"
+      traefik.http.services.ths-authentik.loadbalancer.server.port: "9000"
 
       # Middleware forwardAuth (para proteger otros servicios) -> usar ths-authentik@docker en tus stacks THS
       traefik.http.middlewares.ths-authentik.forwardauth.address: "http://ths-authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik"

authentik/stack.env

@@ -19,7 +19,7 @@ AUTHENTIK_SECRET_KEY=
 AUTHENTIK_BOOTSTRAP_EMAIL=
 AUTHENTIK_BOOTSTRAP_PASSWORD=
 AUTHENTIK_BOOTSTRAP_TOKEN=
-AUTHENTIK_HTTP_PORT=
+AUTHENTIK_HTTP_PORT=9000
 
 ##### Traefik / dominios #####
 TRAEFIK_DOCKER_NETWORK=

gitea/docker-compose.yml

@@ -69,7 +69,7 @@ services:
     ports:
       - "${GITEA_SSH_PORT}:${GITEA_SSH_PORT}"
     labels:
-      traefik.http.services.gitea.loadbalancer.server.port: "${GITEA_HTTP_PORT}"
+      traefik.http.services.gitea.loadbalancer.server.port: "3000"
 
   gitea-runner:
     image: ${GITEA_RUNNER_IMAGE}

trilium/docker-compose.yml

@@ -13,13 +13,13 @@ services:
       - /opt/trilium/data:/home/node/trilium-data:Z
 
     expose:
-      - "${TRILIUM_HTTP_PORT}"
+      - "8080"
 
     networks:
       - proxy
 
     labels:
-      traefik.http.services.trilium.loadbalancer.server.port: "${TRILIUM_HTTP_PORT}"
+      traefik.http.services.trilium.loadbalancer.server.port: "8080"
 
       traefik.http.middlewares.trilium-sec.headers.stsSeconds: "31536000"
       traefik.http.middlewares.trilium-sec.headers.stsIncludeSubdomains: "true"

trilium/stack.env

@@ -3,7 +3,7 @@ TRILIUM_IMAGE=
 TRILIUM_HOSTNAME=
 TZ=
 TRILIUM_DATA_PATH=
-TRILIUM_HTTP_PORT=
+TRILIUM_HTTP_PORT=8080
 
 ##### Traefik / dominios #####
 TRAEFIK_DOCKER_NETWORK=

wireguard/docker-compose.yml

@@ -38,7 +38,7 @@ services:
       - proxy
 
     labels:
-      traefik.http.services.wg.loadbalancer.server.port: "${WG_UI_PORT}"
+      traefik.http.services.wg.loadbalancer.server.port: "51821"
 
 networks:
   proxy:

wireguard/stack.env

@@ -2,7 +2,7 @@
 WG_EASY_IMAGE=
 WG_HOST=
 WG_PORT=
-WG_UI_PORT=
+WG_UI_PORT=51821
 
 INIT_ENABLED=
 INIT_USERNAME=