version: "3.5"
services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      #- "--api.insecure=true"
      - --api
      # Enabling docker provider
      - --providers.docker=true
      # Do not expose containers unless explicitly told so
      #- --providers.docker.exposedbydefault=false #not working wird HTTPs Redirect
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --metrics.prometheus=true
      - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
      - --accesslog=true
      - --certificatesresolvers.myresolver.acme.httpchallenge=true
      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.myresolver.acme.email=email@example.com
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
     
    labels:
      # Traefik Dashboard
      - "traefik.http.routers.api.rule=Host(`api.example.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=authtraefik"
      - "traefik.http.routers.api.tls.certresolver=myresolver"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.middlewares.authtraefik.basicauth.users=user1:pwdhash1, user2:pwdhash2"
       # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
       #middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    ports:
      - "80:80"
      - "443:443"
      #- "8080:8080"
    networks:
      - proxy
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    extra_hosts: 
      - host.docker.internal:172.17.0.1
      
networks:
  proxy:
    external: true