version: "3.9"

services:
  reverse-proxy:
    image: traefik:v2.5
    command: 
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      # Global HTTP -> HTTPS
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      # Enable dashboard
      - --api.dashboard=true
      - --providers.docker.exposedByDefault=false
      - --ping
      # SSL configuration
      - --certificatesresolvers.letsencrypt.acme.email=hi@esin.io
      - --certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json
      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
      - --log.filePath=/var/log/traefik.log
      - --log.format=json
      - --log.level=INFO
      - --accessLog.filepath=/var/log/access.log
      - --accessLog.format=json
      - --accessLog.bufferingsize=100
    ports:
      - "80:80"
      - "443:443"
    environment:
      - "TZ=Asia/Shanghai"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
      - "traefik.http.middlewares.dashboard.compress=true"
      - "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream"
      - "traefik.http.middlewares.dashboard-auth.basicauth.users=traefik:$$apr1$$XDijc7ic$$RofeDix3G.lYtoomdQ6TD."
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./acme.json:/etc/acme/acme.json
      - ./log:/var/log
    networks:
      - traefik

networks:
  traefik:
    external: true