Switch to endpoint-mode dnsrr instead of vip

The default docker swarm endpoint mode (vip) introduces unnecessary
indirection in the communication between services, namely the
docker-proxy and a dynamic haproxy endpoint container. This commit
switches the socket-proxy service to endpoint_mode: dnsrr by default and
the traefik service when using host-mode port publishing.

I would strongly recommend considering switching to host-mode port
publishing by default, especially as mose coop-cloud deployment are
single-node.

See: toolshed/organising#648

compose.host.yml

@@ -4,6 +4,7 @@ version: "3.8"
 services:
   app:
     deploy:
+      endpoint_mode: dnsrr
       update_config:
         order: stop-first
     ports:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v3.0.0"
+    image: "traefik:v2.11.10"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,11 +47,13 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=4.0.0+v3.0.0"
+        - "coop-cloud.${STACK_NAME}.version=2.8.0+v2.11.10"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:1.26.1-r0-ls15
+    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
+    deploy:
+      endpoint_mode: dnsrr
     environment:
       - ALLOW_START=0
       - ALLOW_STOP=0

release/2.8.0+v2.11.10

@@ -0,0 +1 @@
+Important Security Update! https://nvd.nist.gov/vuln/detail/CVE-2024-45410