version: "3.3"

services:

  traefik:
    image: traefik:v2.4
    restart: unless-stopped
    environment: 
      - NETCUP_ENDPOINT=${NETCUP_ENDPOINT}
      - NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
      - NETCUP_API_KEY=${NETCUP_API_KEY}
      - NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
    command:
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=web"
      #- "--log.level=DEBUG"
      - "--accesslog=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--providers.file.filename=/etc/traefik/tls.toml"
      - "--certificatesresolvers.netcup.acme.dnschallenge=true"
      - "--certificatesresolvers.netcup.acme.dnsChallenge.provider=netcup"
      - "--certificatesresolvers.netcup.acme.dnsChallenge.resolvers=46.38.225.230:53,46.38.252.230:53"
      - "--certificatesresolvers.netcup.acme.email=${LETSENCRYPT_MAIL}"
      - "--certificatesresolvers.netcup.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    networks:
      - web
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ${VOLUMES_PATH}/letsencrypt:/letsencrypt
      - $PWD/tls.toml:/etc/traefik/tls.toml
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls.certresolver=netcup"
      - "traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}"
      - "traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}"
      - "traefik.http.routers.dashboard.tls.options=intermediate@file"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}"
      - "docker.group=proxy"


#  whoami:
#    image: containous/whoami
#    networks:
#      - web
#    labels:
#      - "traefik.enable=true"
#      - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
#      - "traefik.http.routers.whoami.entrypoints=websecure"
#      - "traefik.http.routers.whoami.tls.certresolver=netcup"
#      - "docker.group=proxy"
#    restart: unless-stopped


networks:
  web:
    external: true