services:
  reverse-proxy:
    restart: always
    # The official v2 Traefik docker image
    image: traefik:3
    read_only: true
    hostname: traefik.lan.ddnsgeek.com
    depends_on:
      - error-pages
    # Enables the web UI and tells Traefik to listen to docker
    command: 
      - "--log.level=INFO"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=wayne.bennett@live.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--ping=true"
      - "--api=true"
      - "--api.dashboard=true"
      - "--providers.file.filename=/plugins.yaml"
#      - "--ping=true"
#      - "--ping.entrypoint=web"
    ports:
      # The HTTP port
      - "192.168.2.249:80:80"
      - "192.168.2.249:443:443"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/letsencrypt:/letsencrypt:rw
      - ./data/plugins.yaml:/plugins.yaml:ro
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 5
    healthcheck:
      test: traefik healthcheck --ping

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=auth, error-pages-middleware"
      - "traefik.http.middlewares.auth.basicauth.users=beatzaplenty:$$apr1$$rQ8iCgI4$$Y/u2AttE3tb1sIQwrIGU0."
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.tls=true"
      - "io.portainer.accesscontrol.public"
    networks:
      - reverse_proxy

  error-pages:
    image: tarampampam/error-pages:3 # Using the latest tag is highly discouraged. Please, use tags in X.Y.Z format
    read_only: true
    environment:
      TEMPLATE_NAME: app-down # set the error pages template
    hostname: error-pages
    restart: always
    labels:
      - "traefik.enable=true"
      # use as "fallback" for any NON-registered services (with priority below normal)
      - "traefik.http.routers.error-pages-router.rule=HostRegexp(`{host:.+}`)"
      # should say that all of your services work on https
      - "traefik.http.routers.error-pages-router.entrypoints=web"
      - "traefik.http.routers.error-pages-router.middlewares=error-pages-middleware"
      # "errors" middleware settings
      - "traefik.http.middlewares.error-pages-middleware.errors.status=400-599"
      - "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service"
      - "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html"
      # define service properties
      - "traefik.http.services.error-pages-service.loadbalancer.server.port=8080"
      - "io.portainer.accesscontrol.public"
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 5
    networks:
      - reverse_proxy

networks:
  reverse_proxy:
    driver: bridge