networks:
  t3_proxy:
    name: t3_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.90.0/24

services:
  traefik:
    container_name: traefik
    image: traefik:3.6.6
    restart: unless-stopped
    env_file:
      - ./.env
    networks:
      t3_proxy:
        ipv4_address: 192.168.90.254
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.traefik.address=:8080
      - --entrypoints.websecure.http.tls=true
      # The following two options redirects http request at port 80 to https
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --api=true
      - --api.dashboard=true
      # - --api.insecure=true
      - --log=true
      - --log.filePath=/logs/traefik.log
      - --log.level=DEBUG
      - --accessLog=true
      - --accessLog.filePath=/logs/access.log
      - --accessLog.bufferingSize=100
      - --accessLog.filters.statusCodes=204-299,400-499,500-599
      - --providers.docker=true
      - --providers.docker.network=t3_proxy
      - --entrypoints.websecure.http.tls.options=tls-opts@file
      - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare
      - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME
      - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME
      - --providers.file.directory=/rules
      - --providers.file.watch=true
      - --certificatesresolvers.dns-cloudflare.acme.email=${CLOUDFLARE_EMAIL}
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
    ports:
      # - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ./traefik-rules.yaml:/rules/traefik-rules.yaml
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $DOCKERDIR/appdata/traefik/acme/acme.json:/acme.json
      - $DOCKERDIR/logs/traefik:/logs
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=$TZ
      - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
      - DOMAINNAME=${DOMAINNAME}
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAINNAME}`)"
      - "traefik.http.routers.api.service=api@internal"