services:
  app:
    image: "traefik:v2.10.4"
    ports:
      # HTTP
      - "80:80"
      # HTTPS
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "letsencrypt:/etc/letsencrypt"
    configs:
      - source: traefik_yaml
        target: /etc/traefik/traefik.yaml
      - source: file_provider_yaml
        target: /etc/traefik/file-provider.yaml
    networks:
      - proxy
    environment:
      - DASHBOARD_ENABLED
      - LOG_LEVEL
      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
    healthcheck:
      test: ["CMD", "traefik", "healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m
    command: traefik
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.traefik.loadbalancer.server.port=web"
        - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.traefik.entrypoints=web-secure"
        - "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.traefik.service=api@internal"
        - "traefik.http.routers.traefik.middlewares=security@file"

networks:
  proxy:
    external: true

configs:
  traefik_yaml:
    file: traefik.yaml.tmpl
    template_driver: golang
  file_provider_yaml:
    file: file-provider.yaml.tmpl
    template_driver: golang

volumes:
  letsencrypt: