version: "3.7"

services:
  reverse-proxy:
    image: docker.io/library/traefik:v2.9
    command:
      - "--providers.docker"

      - "--providers.docker.exposedByDefault=false"
      - "--providers.docker.network=${DOCKER_NETWORK_NAME}"
      - "--providers.docker.constraints=Label(`eu.wiss-ki.barrel.distillery`,`${DOCKER_NETWORK_NAME}`)"
  
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      
      - "--certificatesresolvers.distillery.acme.httpchallenge=true"
      - "--certificatesresolvers.distillery.acme.email=${CERT_EMAIL}"
      - "--certificatesresolvers.distillery.acme.storage=/acme.json"
      - "--certificatesresolvers.distillery.acme.httpchallenge.entrypoint=web"

      ## for debugging purposes, the following can be enabled.
      # - "--api.insecure=true"
      # - "--certificatesresolvers.distillery.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

    ports:
      - "80:80"
      - "443:443"
      # - "127.0.0.1:8888:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./acme.json:/acme.json"
    restart: always
    networks:
      - default

networks:
  default:
    name: ${DOCKER_NETWORK_NAME}
    external: true