name: ingress

services:
  traefik:
    image: traefik:latest
    restart: unless-stopped
    networks:
      - default
      - expose
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=expose"
      - "--providers.file.directory=/configs"

      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--entrypoints.websecure.http.tls.certresolver=letsencrypt"

      - "--entrypoints.webdev.address=:880"
      - "--entrypoints.webdev.http.redirections.entrypoint.to=websecuredev"
      - "--entrypoints.websecuredev.address=:8554"
      - "--entrypoints.websecuredev.http.tls=true"

      - "--certificatesresolvers.letsencrypt.acme.email=acme@lanhuip.com"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--api.dashboard=true"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`$TRAEFIK_DOMAIN`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=basicauth"
      - "traefik.http.middlewares.basicauth.basicauth.users=$TRAEFIK_USERNAME:$TRAEFIK_PASSWORD"
    ports:
      - 80:80
      - 443:443
      - 880:880
      - 8554:8554
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/configs:/configs:ro
      - ./traefik/gen/certs:/certs:ro
      - ./traefik/gen/acme.json:/acme.json

networks:
  expose:
    external: true