name: traefik_proxy
networks:
  frontend:
    external: true
  backend:
    external: true

services:
  traefik:
    image: traefik:v3.6
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true

    networks:
     # Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
      - frontend
    environment:
      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}

    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
      - .data/certs/:/var/traefik/certs/:rw
      - ./dynamic:/etc/traefik/dynamic:ro

  # Traefik Dynamic configuration via Docker labels
    labels:
      # Enable self‑routing
      - "traefik.enable=true"

      # Dashboard router
      - "traefik.http.routers.dashboard.rule=Host(`traefik.home.sebastiangedigk.com`)"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=cloudflare"



      # Basic‑auth middleware
      #- "traefik.http.middlewares.dashboard-auth.basicauth.users=garry1704:$$apr1$$UcPofYFu$$4mN3Py/9BbX3GnUiti5yu."
     #- "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"