services:
  traefik:
    image: docker.io/library/traefik:v3.6
    container_name: traefik
    command:
      # Core
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # Entry points
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Let's Encrypt
      - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"

    ports:
      - "80:80"
      - "443:443"

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/acme.json:/letsencrypt/acme.json"

    restart: unless-stopped

  webserver:
    build:
      context: .
      dockerfile: webserver.Dockerfile

    container_name: webserver

    volumes:
      # - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "${DATA_DIR}:/usr/local/apache2/htdocs:ro"

    labels:
      - "traefik.enable=true"
      # HTTPS router for apache subpath
      - "traefik.http.routers.webserver.rule=Host(`${SERVICE_FQDN}`)"
      - "traefik.http.routers.webserver.entrypoints=websecure"
      - "traefik.http.routers.webserver.tls=true"
      - "traefik.http.routers.webserver.tls.certresolver=letsencrypt"
      - "traefik.http.routers.webserver.service=webserver-svc"
      - "traefik.http.routers.webserver.priority=1"
      # Optional HTTP redirect
      - "traefik.http.routers.webserver-http.rule=Host(`${SERVICE_FQDN}`)"
      - "traefik.http.routers.webserver-http.entrypoints=web"
      - "traefik.http.routers.webserver-http.middlewares=webserver-https-redirect"
      - "traefik.http.middlewares.webserver-https-redirect.redirectscheme.scheme=https"
      # Service definition: tell Traefik which port webserver listens on inside the container
      - "traefik.http.services.webserver-svc.loadbalancer.server.port=80"

    restart: unless-stopped

  expressjs:
    build:
      context: ./expressjs

    container_name: expressjs

    environment:
      - BASE_PATH=/manage
      - DATA_DIR=/data
      - DB_PATH=/app/data/uploads.sqlite
      - LOGIN_FILE=/app/.logins
      - UPLOAD_TTL_SECONDS=${UPLOAD_TTL_SECONDS}
      - PORT=3000

    volumes:
      - "./data:/app/data"
      - "./.logins:/app/.logins:ro"
      - "${DATA_DIR}:/data"

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.express.rule=Host(`${SERVICE_FQDN}`) && PathPrefix(`/manage`)"
      - "traefik.http.routers.express.entrypoints=websecure"
      - "traefik.http.routers.express.tls=true"
      - "traefik.http.routers.express.tls.certresolver=letsencrypt"
      - "traefik.http.routers.express.service=express-svc"
      - "traefik.http.services.express-svc.loadbalancer.server.port=3000"
      - "traefik.http.routers.express.priority=10"
      # Optional HTTP redirect
      - "traefik.http.routers.express-http.rule=Host(`${SERVICE_FQDN}`) && PathPrefix(`/manage`)"
      - "traefik.http.routers.express-http.entrypoints=web"
      - "traefik.http.routers.express-http.middlewares=express-https-redirect"
      - "traefik.http.middlewares.express-https-redirect.redirectscheme.scheme=https"

    restart: unless-stopped