networks:
  network:
    name: traefik_network

services:

  reverse-proxy:
    image: traefik:v3.1 # The official Traefik docker image
    command:
      - '--api=true'
      - '--api.dashboard=false'
      - '--api.insecure=false'
      - '--global.sendAnonymousUsage=false'
      - '--global.checkNewVersion=false'
      - '--log=true'
      - '--log.level=WARN'
      - '--providers.docker=true' # Enabling docker provider
      - '--providers.docker.exposedbydefault=false' # Do not expose containers unless explicitly told so
      - '--entrypoints.web.address=:80' # Traefik will listen to incoming request on the port 80 (HTTP)
      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
      - '--entrypoints.web.http.redirections.entrypoint.scheme=https'
      ## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
      - '--entryPoints.web.forwardedHeaders.trustedips=${TRUSTED_IPS:-}'
      - '--entryPoints.web.proxyProtocol.trustedips=${TRUSTED_IPS:-}'
      - '--entryPoints.web.forwardedHeaders.insecure=false'
      - '--entryPoints.web.proxyProtocol.insecure=false'
      - '--entrypoints.websecure.address=:443'  # Traefik will listen to incoming request on the port 443 (HTTPS)
      ## Please see the Forwarded Header Trust section of the Authelia Traefik Integration documentation.
      - '--entryPoints.websecure.forwardedHeaders.trustedips=${TRUSTED_IPS:-}'
      - '--entryPoints.websecure.proxyProtocol.trustedips=${TRUSTED_IPS:-}'
      - '--entryPoints.websecure.forwardedHeaders.insecure=false'
      - '--entryPoints.websecure.proxyProtocol.insecure=false'
      - '--certificatesresolvers.myresolver.acme.httpchallenge=true' # Enable a http challenge named 'myresolver'
      - '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web' # Tell it to use our predefined entrypoint named 'web'
      - '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}' # The email to provide to let's encrypt
      - '--certificatesresolvers.myresolver.acme.storage=/acme.json' # Tell to store the certificate on a path under our volume
    networks:
      - network
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - ../acme.json:/acme.json
    deploy:
      replicas: 1
      restart_policy:
        condition: any
        delay: 5s