version: '3'

networks:
  traefik:
    external: true

services:
  reverse-proxy:
    restart: always
    image: traefik:v2.9
    container_name: traefik
    ports:
      - "443:443"
      - "80:80"
      - "{{ git_ssh_port }}:{{ git_ssh_port }}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
      - {{ service_dir }}/services.toml:/etc/traefik/services.toml
      - {{ service_dir }}/acme.json:/acme.json
    networks:
      - traefik
    labels:
      - traefik.enable=true

      - traefik.http.routers.esrom.entrypoints=websecure
      - traefik.http.routers.esrom.service=esrom@file
      - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
      - traefik.http.routers.esrom.tls=true
      - traefik.http.routers.esrom.tls.certresolver=geokunis

      - traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.tls.certresolver=pizzapim
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.middlewares=whitelist-local
      - "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"