name: traefik

networks:
  traefik:
    name: traefik
    # external: true -> Entfernt, damit dieser Stack das Netzwerk global auf dem Server erstellt!

services:
  traefik:
    image: traefik:latest
    container_name: ${CONTAINER_NAME}
    hostname: traefik
    restart: ${RESTART_POLICY}
    cpu_shares: 90
    deploy:
      resources:
        limits:
          memory: 15841M

    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=desec
      - --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=10
      - --certificatesresolvers.myresolver.acme.email=${CERT_RESOLVER_EMAIL}
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=${DNS_RESOLVERS}

    environment:
      - DESEC_TOKEN=${DESEC_TOKEN}
      - DESEC_TTL=${DESEC_TTL}
      - DESEC_POLLING_INTERVAL=${DESEC_POLLING_INTERVAL}
      - DESEC_PROPAGATION_TIMEOUT=${DESEC_PROPAGATION_TIMEOUT}

    ports:
      - "${HTTP_PORT}:80"
      - "${HTTPS_PORT}:443"
      - "${DASHBOARD_PORT}:8080"

    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
      - type: bind
        source: ${LETSENCRYPT_PATH}
        target: /letsencrypt
        bind:
          create_host_path: true
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

    networks:
      - traefik