version: '3.8'

services:
  proxy:
    image: traefik:v2.4
    hostname: coollabs-proxy
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    command:
      - --api.insecure=false
      - --api.dashboard=false
      - --api.debug=false
      - --log.level=ERROR
      - --providers.docker=true
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=${DOCKER_NETWORK}
      - --providers.docker.swarmModeRefreshSeconds=1s
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.letsencrypt.acme.email=${EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/data/coolify/acme.json
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data/coolify:/data/coolify
    networks:
      - ${DOCKER_NETWORK}
    deploy:
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      replicas: 1
      placement:
        constraints:
          - node.role == manager
      labels:
        - 'traefik.enable=true'
        - 'traefik.http.routers.api.entrypoints=websecure'
        - 'traefik.http.routers.api.service=api@internal'
        - 'traefik.http.routers.api.middlewares=auth'
        - 'traefik.http.services.traefik.loadbalancer.server.port=80'
        - 'traefik.http.services.traefik.loadbalancer.server.port=443'

        # Global redirect www to non-www
        - 'traefik.http.routers.www-catchall.rule=hostregexp(`{host:www.(.+)}`)'
        - 'traefik.http.routers.www-catchall.entrypoints=web'
        - 'traefik.http.routers.www-catchall.middlewares=redirect-www-to-nonwww'
        - "traefik.http.middlewares.redirect-www-to-nonwww.redirectregex.regex=^http://(?:www\\.)?(.+)"
        - 'traefik.http.middlewares.redirect-www-to-nonwww.redirectregex.replacement=http://$$$${1}'

        # Global redirect http to https
        - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
        - 'traefik.http.routers.http-catchall.entrypoints=web'
        - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'

        - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
        - 'traefik.http.middlewares.global-compress.compress=true'

  coolify:
    image: coolify
    hostname: coollabs-coolify
    env_file:
      - .env
    networks:
      - ${DOCKER_NETWORK}
    command: 'yarn start'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    deploy:
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      replicas: 1
      labels:
        - 'traefik.enable=true'
        - 'traefik.http.routers.coolify.entrypoints=websecure'
        - 'traefik.http.routers.coolify.tls.certresolver=letsencrypt'
        - 'traefik.http.routers.coolify.rule=Host(`${DOMAIN}`) && PathPrefix(`/`)'
        - 'traefik.http.services.coolify.loadbalancer.server.port=3000'
        - 'traefik.http.routers.coolify.middlewares=global-compress'

networks:
  ${DOCKER_NETWORK}:
    driver: overlay
    name: ${DOCKER_NETWORK}
    external: true