services:
  mtls-bridge:
    profiles: ["monitoring", "all", "mtls-bridge"]
    build:
      context: ${PROJECT_ROOT}/monitoring/mtls-bridge
    container_name: mtls-bridge
    restart: unless-stopped
    environment:
      - TARGET_URL=https://node-red.lan.ddnsgeek.com/docker-update-lockouts/clear
      - CLIENT_CERT=/certs/clients/office-pc/office-pc.crt
      - CLIENT_KEY=/certs/clients/office-pc/office-pc.key
      - CA_CERT=/certs/ca/clients-ca.crt
      - TIMEOUT=5
      - LOG_LEVEL=${MTLS_BRIDGE_LOG_LEVEL:-INFO}
    volumes:
      - ${PROJECT_ROOT}/core/traefik/certs:/certs:ro
    healthcheck:
      test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health', timeout=3).read()"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    networks:
      - monitor
      - traefik