version: '2'

services:
  proxy:
    image: traefik:v2.1
    ports:
      - "80:80"
      - "443:443"
      - "10.0.0.2:8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./cert/:/cert/"
      - "./config/:/etc/traefik/:ro"
    labels:
      - "traefik.enable=true" # set to true to expose the Monitoring & API
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # Password middleware
      - "traefik.http.middlewares.simpleauth.basicauth.users=zombi:$$apr1$$kv8xG9wi$$4UPHqcvKnYUab/tts6ZIU1"
      # Dashboard, running at https://zom.bi/dashboard/
      - "traefik.http.routers.dashboard.rule=Host(`zom.bi`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=simpleauth"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=default"
      - "traefik.docker.network=proxy_web"
    networks:
      - "web"

  dumper:
    image: ldez/traefik-certs-dumper:latest
    volumes:
      - "./cert/:/cert/"
      - "/data/ssl/:/ssl/"
    command: >
      file --watch --source /cert/acme.json --version v2 --domain-subdir
      --crt-name=fullchain --crt-ext=.pem
      --key-name=privkey --key-ext=.pem
      --dest /ssl


networks:
  web:
    driver: bridge