Update configs for trusted proxies, HTTPS, and log paths

Revised proxy settings to dynamically include trusted IPs and ensured HTTPS redirections. Adjusted log mount path in Docker compose to align with application structure. Removed unused Traefik certificate volume for cleanup.

templates/compose.yaml

@@ -30,7 +30,7 @@ services:
         volumes:
             - './config/prod:/var/www/app/config/packages/prod:ro'
             - './var:/var/www/app/var:rw'
-            - '/var/logs/chill:/var/www/app/logs'
+            - '/var/logs/chill:/var/www/app/var/logs'
             - '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'
         links:
             - redis

templates/config/prod/framework.yaml

@@ -1,3 +1,7 @@
 framework:
-    trusted_proxies: '172.0.0.0/8'
+    trusted_proxies: '127.0.0.1,REMOTE_ADDR{% for ip in traefik_trusted_ips|default([]) %},{{ ip }}{% endfor %}'
     trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
+
+parameters:
+    router.request_context.scheme: 'https'
+    asset.request_context.secure: true

templates/traefik-compose.yaml

@@ -13,7 +13,11 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedByDefault=false"
       - "--entryPoints.web.address=:80"
+      - "--entryPoints.web.http.redirections.entrypoint.scheme=https"
       - "--entryPoints.websecure.address=:443"
+      {%+ for ip in traefik_trusted_ips|default([]) +%}
+      - "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ ip }}"
+      {%+ endfor +%}
       {%+ for c in chills +%}
       {%+ if c.expose_port is not false +%}
       - "--entryPoints.chill{{ c.chill_environment }}.address=:{{ c.expose_port }}"
@@ -35,7 +39,6 @@ services:
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
-      - /var/traefik/certs:/var/traefik/certs
     networks:
       - traefik