services:
  traefik:
    image: docker.io/library/traefik:v3.6
    container_name: traefik
    command:
      # Core
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # Entry points
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Let's Encrypt
      - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"

    ports:
      - "80:80"
      - "443:443"

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/acme.json:/letsencrypt/acme.json"

    restart: unless-stopped

  webserver:
    build:
      context: .
      dockerfile: webserver.Dockerfile

    container_name: webserver

    volumes:
      # - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/storagebox:/usr/local/apache2/htdocs:ro"

    labels:
      - "traefik.enable=true"
      # HTTPS router for apache subpath
      - "traefik.http.routers.webserver.rule=Host(`${SERVICE_FQDN}`)"
      - "traefik.http.routers.webserver.entrypoints=websecure"
      - "traefik.http.routers.webserver.tls=true"
      - "traefik.http.routers.webserver.tls.certresolver=letsencrypt"
      - "traefik.http.routers.webserver.service=webserver-svc"
      # Optional HTTP redirect
      - "traefik.http.routers.webserver-http.rule=Host(`${SERVICE_FQDN}`)"
      - "traefik.http.routers.webserver-http.entrypoints=web"
      - "traefik.http.routers.webserver-http.middlewares=webserver-https-redirect"
      - "traefik.http.middlewares.webserver-https-redirect.redirectscheme.scheme=https"
      # Service definition: tell Traefik which port webserver listens on inside the container
      - "traefik.http.services.webserver-svc.loadbalancer.server.port=80"

    restart: unless-stopped