version: "3.3"

services:
  traefik:
    image: "traefik:v2.10"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.pound.address=:9080
      - --entryPoints.pound.forwardedHeaders.trustedIPs=10.23.0.0/24
      - --entrypoints.mqtts.address=:8883
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/config/
      - --providers.file.watch=true
      - --api
      - --api.dashboard=true
      - --accesslog
      - --metrics.prometheus=true
      - --metrics.prometheus.buckets=0.01,0.025,0.05,0.1,0.25,0.5,1.0,2.5,5.0,10.0
    network_mode: host
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/opt/traefik/acme.json:/acme.json"
      - "/opt/traefik/config:/config"
      - "/opt/traefik/certs:/certs"
    labels:
      # Dashboard
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`api.wazong.de`)
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.middlewares=authtraefik
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.services.traefik.loadbalancer.server.port=888
      - traefik.http.middlewares.authtraefik.basicauth.users=admin:**************

      # global redirect to https
      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web
      - traefik.http.routers.http-catchall.middlewares=redirect-to-https

      # middleware redirect
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.middlewares.redirect-to-https.redirectscheme.port=443
    restart: always