fix: Traefik errors.

config/traefik/dynamic/middleware.yml

@@ -131,10 +131,6 @@ http:
         attempts: 3
         initialInterval: 100ms
 
-    # Timeout middleware
-    timeout:
-      timeout: 30s
-
     # Compress responses for performance
     compression:
       compress: {}
@@ -145,7 +141,6 @@ http:
         middlewares:
           - compression
           - secure-headers
-          - timeout
 
     # API middleware chain
     api-chain:
@@ -157,7 +152,6 @@ http:
           - rate-limit
           - api-auth
           - retry-policy
-          - timeout
 
     # Platform API middleware chain
     platform-chain:
@@ -169,12 +163,10 @@ http:
           - platform-auth
           - circuit-breaker
           - retry-policy
-          - timeout
 
     # Public frontend middleware chain
     frontend-chain:
       chain:
         middlewares:
           - compression
-          - secure-headers
-          - timeout
+          - secure-headers

config/traefik/middleware.yml

@@ -1,180 +0,0 @@
-http:
-  middlewares:
-    # Security headers middleware
-    secure-headers:
-      headers:
-        accessControlAllowMethods:
-          - GET
-          - OPTIONS
-          - PUT
-          - POST
-          - DELETE
-        accessControlAllowOriginList:
-          - "https://admin.motovaultpro.com"
-          - "https://motovaultpro.com"
-        accessControlMaxAge: 100
-        addVaryHeader: true
-        browserXssFilter: true
-        contentTypeNosniff: true
-        forceSTSHeader: true
-        frameDeny: true
-        stsIncludeSubdomains: true
-        stsPreload: true
-        stsSeconds: 31536000
-        customRequestHeaders:
-          X-Forwarded-Proto: https
-
-    # CORS middleware for API endpoints
-    cors:
-      headers:
-        accessControlAllowCredentials: true
-        accessControlAllowHeaders:
-          - "Authorization"
-          - "Content-Type"
-          - "X-Requested-With"
-          - "X-Tenant-ID"
-        accessControlAllowMethods:
-          - "GET"
-          - "POST"
-          - "PUT"
-          - "DELETE"
-          - "OPTIONS"
-        accessControlAllowOriginList:
-          - "https://admin.motovaultpro.com"
-          - "https://motovaultpro.com"
-        accessControlMaxAge: 100
-
-    # API authentication middleware
-    api-auth:
-      forwardAuth:
-        address: "http://admin-backend:3001/auth/verify"
-        authResponseHeaders:
-          - "X-Auth-User"
-          - "X-Auth-Roles"
-          - "X-Tenant-ID"
-        authRequestHeaders:
-          - "Authorization"
-          - "X-Tenant-ID"
-        trustForwardHeader: true
-
-    # Platform API authentication middleware
-    platform-auth:
-      forwardAuth:
-        address: "http://admin-backend:3001/auth/verify-platform"
-        authResponseHeaders:
-          - "X-Service-Name"
-          - "X-Auth-Scope"
-        authRequestHeaders:
-          - "X-API-Key"
-          - "Authorization"
-        trustForwardHeader: true
-
-    # Rate limiting middleware
-    rate-limit:
-      rateLimit:
-        burst: 100
-        average: 50
-        period: 1m
-
-    # Request/response size limits
-    size-limit:
-      buffering:
-        maxRequestBodyBytes: 26214400  # 25MB
-        maxResponseBodyBytes: 26214400  # 25MB
-
-    # IP whitelist for development (optional)
-    local-ips:
-      ipWhiteList:
-        sourceRange:
-          - "127.0.0.1/32"
-          - "10.0.0.0/8"
-          - "172.16.0.0/12"
-          - "192.168.0.0/16"
-
-    # Advanced security headers for production
-    security-headers-strict:
-      headers:
-        accessControlAllowCredentials: false
-        accessControlAllowMethods:
-          - GET
-          - POST
-          - OPTIONS
-        accessControlAllowOriginList:
-          - "https://admin.motovaultpro.com"
-          - "https://motovaultpro.com"
-        browserXssFilter: true
-        contentTypeNosniff: true
-        customRequestHeaders:
-          X-Forwarded-Proto: https
-        customResponseHeaders:
-          X-Frame-Options: DENY
-          X-Content-Type-Options: nosniff
-          Referrer-Policy: strict-origin-when-cross-origin
-          Permissions-Policy: "geolocation=(), microphone=(), camera=()"
-        forceSTSHeader: true
-        frameDeny: true
-        stsIncludeSubdomains: true
-        stsPreload: true
-        stsSeconds: 31536000
-
-    # Circuit breaker for reliability
-    circuit-breaker:
-      circuitBreaker:
-        expression: "NetworkErrorRatio() > 0.3 || ResponseCodeRatio(500, 600, 0, 600) > 0.3"
-        checkPeriod: 30s
-        fallbackDuration: 10s
-        recoveryDuration: 30s
-
-    # Request retry for resilience
-    retry-policy:
-      retry:
-        attempts: 3
-        initialInterval: 100ms
-
-    # Timeout middleware
-    timeout:
-      timeout: 30s
-
-    # Compress responses for performance
-    compression:
-      compress: {}
-
-    # Health check middleware chain
-    health-check-chain:
-      chain:
-        middlewares:
-          - compression
-          - secure-headers
-          - timeout
-
-    # API middleware chain
-    api-chain:
-      chain:
-        middlewares:
-          - compression
-          - security-headers-strict
-          - cors
-          - rate-limit
-          - api-auth
-          - retry-policy
-          - timeout
-
-    # Platform API middleware chain
-    platform-chain:
-      chain:
-        middlewares:
-          - compression
-          - security-headers-strict
-          - rate-limit
-          - platform-auth
-          - circuit-breaker
-          - retry-policy
-          - timeout
-
-    # Public frontend middleware chain
-    frontend-chain:
-      chain:
-        middlewares:
-          - compression
-          - secure-headers
-          - timeout