version: '3.1'

services:

  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    expose:
      - "8082"
    ports:
      - "443:443"
      - "127.0.0.1:8080:8080"
      - "3042:3042"
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.filename=/dynamic_config.yml"
      - "--entrypoints.websecure.address=:443"
      - "--entryPoints.metrics.address=:8082"
      - "--entryPoints.grpc.address=:3042"
      - "--metrics.prometheus.entryPoint=metrics"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      # TESTING
      # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=$MAIL"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    volumes:
      - "./traefik/letsencrypt:/letsencrypt"
      - "./traefik/config/dynamic_config.yml:/dynamic_config.yml"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - chains
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST"
      - "prometheus-scrape.enabled=true"
      - "prometheus-scrape.port=8082"
      - "prometheus-scrape.job_name=traefik"

networks:
  chains:
    driver: bridge
    ipam:
     config:
       - subnet: 192.168.0.1/27