version: "3"

services:
  traefik:
    image: "traefik:v2.3"
    container_name: traefik
    restart: always
    networks:
      - traefik-internal
    command:
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=marvinblum_traefik-internal"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.tls-resolver.acme.httpchallenge=true"
      - "--certificatesresolvers.tls-resolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.tls-resolver.acme.email=marvin@marvinblum.de"
      - "--certificatesresolvers.tls-resolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/marvinblum/letsencrypt:/letsencrypt
    labels:
      - "traefik.enable=true"
      - "traefik.port=9999"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.marvinblum.de`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=tls-resolver"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=marvinblum:$$apr1$$u.IJozER$$DoY0zwzgAciDpPs4vZvxY/"
      # Global redirection: http to https
      - 'traefik.http.routers.http-catchall.rule=HostRegexp(`{host:(www\.)?.+}`)'
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=wwwtohttps"
      # Global redirection: https (www.) to https
      - 'traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\.).+}`)'
      - "traefik.http.routers.wwwsecure-catchall.entrypoints=websecure"
      - "traefik.http.routers.wwwsecure-catchall.tls=true"
      - "traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps"
      # middleware: http(s)://(www.) to  https://
      - 'traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\.)?(.+)'
      - 'traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}'
      - 'traefik.http.middlewares.wwwtohttps.redirectregex.permanent=true'
  marvinblum:
    image: kugel/marvinblum
    container_name: marvinblum
    restart: always
    depends_on:
      - traefik
    networks:
      - traefik-internal
    env_file:
      - secrets.env
    environment:
      MB_EMVI_CLIENT_ID: 3fBBn144yvSF9R3dPC8l
      MB_EMVI_ORGA: marvin
      MB_PIRSCH_CLIENT_ID: mkiAzI2ZGjGBv8fpwh1A09fCJ8G1YFgx
      MB_PIRSCH_HOSTNAME: marvinblum.de
    labels:
      - "traefik.enable=true"
      - "traefik.port=8888"
      - "traefik.http.routers.marvinblum.rule=Host(`marvinblum.de`) || Host(`www.marvinblum.de`)"
      - "traefik.http.routers.marvinblum.entrypoints=websecure"
      - "traefik.http.routers.marvinblum.tls=true"
      - "traefik.http.routers.marvinblum.tls.certresolver=tls-resolver"

networks:
  traefik-internal:
    driver: bridge