services:
  traefik:
    image: traefik:v3.5.4
    container_name: traefik
    init: true
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy: {}
      # ipv4_address: 172.29.0.33
      monitoring: {}
    ports:
      - 80:80
      - 443:443
      - 2222:2222
      - 2022:2022
      - 64738:64738
      - 64738:64738/udp
      #- 25:25
      #- 465:465
      #- 993:993
      #- 22067:22067
    environment:
      - TZ=Europe/Madrid
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./traefik.yml:/traefik.yml:ro
      - ./conf:/conf:ro
      - geoblock:/plugins-local/src/github.com/PascalMinder/geoblock/
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_logs:/var/log/traefik
      - acme:/etc/certs
    healthcheck:
      test: [ "CMD", "traefik", "healthcheck", "--ping" ]
      start_period: 10s
      timeout: 5s
      retries: 3
    labels:
      - traefik.enable=true
      - traefik.http.services.traefik.loadbalancer.server.port=80
      - traefik.http.routers.traefik.entrypoints=https
      - traefik.http.routers.traefik.rule=Host(`traefik.tuservidor.es`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.middlewares=oidc-auth@file
      #- traefik.http.routers.traefik.middlewares=error-pages-middleware@docker
      #- traefik.http.routers.traefik.middlewares=oidc-auth@file,error-pages-middleware@docker
      - traefik.http.routers.traefik-callback.entrypoints=https
      - traefik.http.routers.traefik-callback.rule=HostRegexp(`.+`) && (PathPrefix(`/oidc/callback`) || PathPrefix(`/logout`))
      - traefik.http.routers.traefik-callback.middlewares=oidc-auth@file
      - traefik.http.routers.traefik-callback.service=noop@internal
      - traefik.http.routers.traefik-internal.entrypoints=https
      - traefik.http.routers.traefik-internal.rule=Host(`traefik`)
      - traefik.http.routers.traefik-internal.service=api@internal
      - traefik.http.routers.traefik-ping-web.entrypoints=ping
      - traefik.http.routers.traefik-ping-web.rule=PathPrefix(`/ping`)
      - traefik.http.routers.traefik-ping-web.service=ping@internal
      - com.centurylinklabs.watchtower.monitor-only="true"

  error-pages:
    image: tarampampam/error-pages:3
    container_name: error-pages
    init: true
    restart: unless-stopped
    environment:
      TEMPLATE_NAME: hacker-terminal
    depends_on:
      - traefik
    labels:
      traefik.enable: true
      # use as "fallback" for any NON-registered services (with priority below normal)
      traefik.http.routers.error-pages-router.rule: HostRegexp(`.+`)
      traefik.http.routers.error-pages-router.priority: 10
      # should say that all of your services work on https
      traefik.http.routers.error-pages-router.entrypoints: https
      traefik.http.routers.error-pages-router.middlewares: error-pages-middleware
      # "errors" middleware settings
      traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
      traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
      traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
      # define service properties
      traefik.http.services.error-pages-service.loadbalancer.server.port: 8080
    networks:
      - proxy
  certdumper:
    image: ghcr.io/kereis/traefik-certs-dumper:latest
    container_name: traefik-certs-dumper
    restart: unless-stopped
    init: true
    environment:
      OVERRIDE_UID: 10000
      OVERRIDE_GID: 10000
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - acme:/traefik:ro
      - certs:/output:rw
  logbackend:
    image: ghcr.io/hhftechnology/traefik-log-dashboard-backend:latest
    container_name: logbackend
    restart: unless-stopped
    init: true
    networks:
      - internal
    volumes:
      - traefik_logs:/logs:ro # Mount the Traefik logs directory
    environment:
      - NODE_ENV=production
      - TRAEFIK_LOG_FILE=/logs/access.log # Path inside the container
      - PORT=3001

  logfrontend:
    image: ghcr.io/hhftechnology/traefik-log-dashboard-frontend:latest
    container_name: logfrontend
    restart: unless-stopped
    environment:
      - BACKEND_SERVICE=logbackend
      - BACKEND_PORT=3001
    depends_on:
      - logbackend
    networks:
      - proxy
      - internal
    labels:
      traefik.enable: true
      traefik.http.routers.logfrontend.rule: Host(`logs.tuservidor.es`)
      traefik.http.routers.logfrontend.entrypoints: https
      traefik.http.services.logfrontend.loadbalancer.server.port: 80
      traefik.http.routers.logfrontend.middlewares: oidc-auth@file

volumes:
  geoblock: {}
  le: {}
  acme:
    external: true
  certs:
    external: true
  traefik_logs:
    external: true

networks:
  internal:
  proxy:
    external: true
  monitoring:
    external: true