services:
  traefik:
    image: "traefik:v3.6@sha256:67622638cd88dbfcfba40159bc652ecf0aea0e032f8a3c7e3134ae7c037b9910"
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxy"
      - "--providers.docker.constraints=Label(`env`, `${ENV}`)"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.https.address=:443"
      - "--entryPoints.web.allowACMEByPass=${ACME_BYPASS}"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--certificatesResolvers.letsencrypt.acme.caServer=${CERTBOT_CA_RESOLVER}"
      - "${TRAEFIK_LEGACY_OPT:-}"
      - "--providers.file.watch=true"
    ports:
      - "${PORT}:80"
      - "${HTTPS_PORT}:443"
      - "8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "letsencrypt:/letsencrypt"
      - "./${ENV}/forward-to-legacy-nginx.yaml:/etc/traefik/forward-to-legacy-nginx.yaml"

  whoami:
    image: "traefik/whoami@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab"
    restart: unless-stopped
    networks:
      - proxy
    labels:
      - "env=${ENV}"
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.priority=100"
      - "traefik.http.routers.whoami.rule=Host(`test-whoami.${DOMAIN}`)"
      - "traefik.http.routers.https.priority=100"
      - "traefik.http.routers.https.rule=Host(`test-whoami.${DOMAIN}`)"
      - "traefik.http.routers.whoami.entrypoints=web"
      - traefik.http.routers.https.entrypoints=https
      - traefik.http.routers.https.tls=true
      - traefik.http.routers.https.tls.certresolver=letsencrypt
networks:
  proxy:
volumes:
  letsencrypt: