services:
  traefik:
    image: docker.io/library/traefik:v3.6
    container_name: traefik
    command:
      # Core
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # Entry points
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Let's Encrypt
      - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"

    ports:
      - "80:80"
      - "443:443"

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/acme.json:/letsencrypt/acme.json"

    restart: unless-stopped

  webserver:
    build:
      context: .
      dockerfile: webserver.Dockerfile

    container_name: webserver

    volumes:
      # - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "${DATA_DIR}:/usr/local/apache2/htdocs:ro"

    labels:
      - "traefik.enable=true"
      # HTTPS router for apache subpath
      - "traefik.http.routers.webserver.rule=Host(`${SERVICE_FQDN}`)"
      - "traefik.http.routers.webserver.entrypoints=websecure"
      - "traefik.http.routers.webserver.tls=true"
      - "traefik.http.routers.webserver.tls.certresolver=letsencrypt"
      - "traefik.http.routers.webserver.service=webserver-svc"
      - "traefik.http.routers.webserver.priority=1"
      # Optional HTTP redirect
      - "traefik.http.routers.webserver-http.rule=Host(`${SERVICE_FQDN}`)"
      - "traefik.http.routers.webserver-http.entrypoints=web"
      - "traefik.http.routers.webserver-http.middlewares=webserver-https-redirect"
      - "traefik.http.middlewares.webserver-https-redirect.redirectscheme.scheme=https"
      # Service definition: tell Traefik which port webserver listens on inside the container
      - "traefik.http.services.webserver-svc.loadbalancer.server.port=80"

    restart: unless-stopped

  nextjs:
    build:
      context: ./nextjs

    container_name: nextjs
    stop_grace_period: 5s

    environment:
      - DATA_DIR=/data
      - DB_PATH=/app/data/uploads.sqlite
      - SERVICE_FQDN=${SERVICE_FQDN}
      - PUBLIC_BASE_URL=${PUBLIC_BASE_URL}
      - UPLOAD_TTL_SECONDS=${UPLOAD_TTL_SECONDS}
      - UPLOAD_MAX_BYTES=${UPLOAD_MAX_BYTES}
      - MANAGEMENT_ADMIN_HASH=${MANAGEMENT_ADMIN_HASH}
      - COOKIE_SECURE=${COOKIE_SECURE}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USER=${SMTP_USER}
      - SMTP_PASS=${SMTP_PASS}
      - SMTP_MAIL=${SMTP_MAIL}
      - SMTP_NAME=${SMTP_NAME}
      - PORT=3000

    volumes:
      - "./data:/app/data"
      - "${DATA_DIR}:/data"

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextjs.rule=Host(`${SERVICE_FQDN}`) && (PathPrefix(`/manage`) || PathPrefix(`/_share`) || PathPrefix(`/_request`))"
      - "traefik.http.routers.nextjs.entrypoints=websecure"
      - "traefik.http.routers.nextjs.tls=true"
      - "traefik.http.routers.nextjs.tls.certresolver=letsencrypt"
      - "traefik.http.routers.nextjs.service=nextjs-svc"
      - "traefik.http.services.nextjs-svc.loadbalancer.server.port=3000"
      - "traefik.http.routers.nextjs.priority=10"
      # Optional HTTP redirect
      - "traefik.http.routers.nextjs-http.rule=Host(`${SERVICE_FQDN}`) && (PathPrefix(`/manage`) || PathPrefix(`/_share`) || PathPrefix(`/_request`))"
      - "traefik.http.routers.nextjs-http.entrypoints=web"
      - "traefik.http.routers.nextjs-http.middlewares=nextjs-https-redirect"
      - "traefik.http.middlewares.nextjs-https-redirect.redirectscheme.scheme=https"

    restart: unless-stopped