version: "3.8"

networks:
  proxy:
    external: true
  proxy_infra:
    external: true
  proxy_home:
    external: true

services:
  traefik:
    image: "traefik:v3.1.2"
    restart: always
    command:
      #- "--log.level=DEBUG"
      - "--global.sendanonymoususage=false"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--providers.file.directory=/conf/files/"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=web-secure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web-secure.address=:443"
      - "--entrypoints.ssh-git.address=:2201"
      #- "--entrypoints.turn-udp.address=:80/udp"
      #- "--entrypoints.turns-udp.address=:443/udp"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${CERT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/conf/acme/letsencrypt.json"
    ports:
      - "80:80"
      - "443:443"
      - "2201:2201"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./conf/:/conf/:ro"
      - "./conf/acme/:/conf/acme/:rw"
    networks:
      - proxy
      - proxy_infra
      - proxy_home
      - default
    # Dynamic Configuration
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy_infra"

      # MIDDLEWARES
      # Priority goes from first in the list to last.
      - "traefik.http.middlewares.traefik.chain.middlewares=headers-base@file,headers-sts@file,headers-policy-self@file"

      - "traefik.http.middlewares.treafik-redirect.redirectregex.permanent=true"
      - "traefik.http.middlewares.treafik-redirect.redirectregex.regex=^https://${FQDN}/?$$"
      - "traefik.http.middlewares.treafik-redirect.redirectregex.replacement=https://${FQDN}/dashboard/"

      # Traefik Dashboard
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=web-secure"
      - "traefik.http.routers.traefik.rule=Host(`${FQDN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      #- "traefik.http.routers.traefik.rule=Host(`${FQDN}`)"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik.middlewares=traefik,net-home@file,auth-traefik@file,treafik-redirect"