version: '3'

services:
  traefik:
    container_name: traefik
    image: traefik:v2.2.1
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false      
      - --api.insecure # Don't do that in production
      - --entrypoints.web.address=:80      
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/acme.json
      - --certificatesResolvers.letsencrypt.acme.dnsChallenge=true
      - --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=gandiv5
      - --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0
      # staging server
      #- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
    environment:
      - GANDIV5_API_KEY=${GANDIV5_API_KEY}
    labels: 
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
      - traefik.http.routers.dashboard.entrypoints=web
      - traefik.http.routers.dashboard.entrypoints=websecure
      - traefik.http.routers.dashboard.service=api@internal      
      #- traefik.http.routers.dashboard.tls=true
      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
      - traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}
      - traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}         
      #- traefik.http.services.dashboard.loadbalancer.server.port=8080
#      - traefik.http.routers.dashboard.middlewares=redirect-to-https
      # global redirect to https
      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web
      - traefik.http.routers.http-catchall.middlewares=redirect-to-https
      # middleware redirect
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true     
    ports:
      - 80:80
      - 443:443
    expose:
      - 8080
    networks:
      - srv
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /srv/hosting/traefik/acme.json:/acme.json