version: "3.7"
services:
  traefik:
    image: "traefik"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --providers.docker.exposedByDefault=false
      - --log.level=DEBUG
      - --providers.docker.network=proxy
      - --serversTransport.insecureSkipVerify=true 
      - --api

      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"

      #Lets Encrypt TLS Challenge
      #- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      #- --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
      #- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
      #- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
      #Logging
      - "--accesslog=true"
      - "--accesslog.filePath=/logs/access.log"
    ports:
      - "80:80"
      - "443:443"
    networks:
      - proxy
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./data/letsencrypt:/letsencrypt"
      - ./data/logs/:/logs/
    labels:
      # Dashboard
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.zuhause.mertens.digital`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      #- "traefik.http.routers.traefik.middlewares=authtraefik"
      #- "traefik.http.middlewares.authtraefik.basicauth.users=user:$2a$12$zeG4z6/dM28JONNH54/jo.pZD0BUuzw0mbD0GFMQqe00lFYCPzKm." # user/password
      
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    restart: unless-stopped
  # Automatic Container Updates
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
  
  # whoami:
  #   image:  traefik/whoami
  #   command:
  #      - --port=2001
  #      - --name=test
  #   ports:
  #      - "2001:2001"
  #   networks:
  #     - proxy
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.whoami.entrypoints=websecure"
  #     - "traefik.http.routers.whoami.rule=Host(`whoami.dev.mertens.digital`)"
  #     - "traefik.http.routers.whoami.tls=true"
  #     - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
  #     - "traefik.http.services.whoami.loadbalancer.server.port=2001"



  # Cleanup unused Docker Container
  janitor:
    image: flaviostutz/docker-janitor
    environment:
      - RUN_ON_STARTUP=true
      - PRUNE_VOLUMES=true
      - SLEEP_TIME=86400
      - UNUSED_TIME=24h
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

networks:
  proxy:
    external: true