feat: enhance docker-compose.override.yml with Traefik labels and update env.prod.template for consistency

docker-compose.override.yml

@@ -34,6 +34,26 @@ services:
       - geoip:/geoip
     networks:
       - backend
+      - dokploy-network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dokploy-network"
+
+      - "traefik.http.services.sso-server.loadbalancer.server.port=9443" # set port the container listenes to
+      - "traefik.http.services.sso-server.loadbalancer.server.scheme=https"
+
+      - "traefik.http.routers.sso-server-web.rule=Host(`${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.sso-server-web.entrypoints=web"
+      - "traefik.http.routers.sso-server-web.service=sso-server"
+      - "traefik.http.routers.sso-server-web.middlewares=redirect-to-https@file"
+
+      - "traefik.http.routers.sso-server-websecure.entrypoints=websecure"
+      - "traefik.http.routers.sso-server-websecure.rule=Host(`${PUBLIC_DOMAIN}`)" # change hostname!
+      - "traefik.http.routers.sso-server-websecure.tls=true"
+      - "traefik.http.routers.sso-server-websecure.tls.certresolver=hetzner"
+      - "traefik.http.routers.sso-server-websecure.tls.domains[0].main=${TLS_DOMAIN}"
+      - "traefik.http.routers.sso-server-websecure.middlewares=secHeaders@file, hsts-header@file"
+      - "traefik.http.routers.sso-server-websecure.service=sso-server"
 
   worker:
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:?AUTHENTIK_TAG is not configured}
@@ -57,4 +77,6 @@ volumes:
     driver: local
 
 networks:
-  backend:
+  backend:
+  dokploy-network:
+    external: true