version: "3"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    env_file:
      - .env
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
      - monitoring
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/traefik.yaml:/traefik.yml:ro
      - ./config/acme.json:/acme.json
      - ./config:/config
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.rule=Host(`traefik.meftimes.com`)" 
      - "traefik.http.routers.traefik.middlewares=authelia@docker" 
      - "traefik.http.routers.traefik.service=api@internal"

networks:
  proxy:
    external: true
  monitoring:
    external: true