version: "3.9"

services:
  reverse-proxy:
    image: traefik:v2.5
    restart: always
    command: 
      - "--global.sendanonymoususage=false"
      - "--global.checknewversion=false"
      # EntryPoints
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Global HTTP -> HTTPS
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      # default TLS configuration
      - "--entrypoints.websecure.http.tls.certresolver=letsencrypt"
      - "--entrypoints.websecure.http.tls.domains[0].main=esin.io"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.esin.io"
      # Enable dashboard
      - "--api.dashboard=true"
      - "--ping"
      # Provider docker
      - "--providers.docker.network=${DOCKER_NETWORK}"
      - "--providers.docker.watch=true"
      - "--providers.docker.exposedByDefault=false"
      # Provider file
      - "--providers.file.watch=true"
      - "--providers.file.directory=/etc/traefik"
      # SSL configuration
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=linode"
      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json"
      #- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
      - "--log.filePath=/var/log/traefik.log"
      - "--log.format=json"
      - "--log.level=INFO"
      - "--accessLog.filepath=/var/log/access.log"
      - "--accessLog.format=json"
      - "--accessLog.bufferingsize=100"
    ports:
      - "80:80"
      - "443:443"
    environment:
      - "TZ=Asia/Shanghai"
      - LINODE_TOKEN=${LINODE_TOKEN}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.tls.domains[0].main=esin.io"
      - "traefik.http.routers.dashboard.tls.domains[0].sans=*.esin.io"
      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
      - "traefik.http.middlewares.dashboard.compress=true"
      - "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream"
      - "traefik.http.middlewares.dashboard-auth.basicauth.users=${AUTH_USER}:${AUTH_PASS}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./acme.json:/etc/acme/acme.json
      - ./log:/var/log
    networks:
      - traefik

networks:
  traefik:
    external: true