version: '3.7'

services:
  reverse-proxy:
    image: traefik:$TRAEFIK_VERSION
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - --providers.docker=true
      - --providers.docker.watch=true
      - --providers.docker.exposedbydefault=false
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --api.dashboard=true
    environment:
      - HTTP_PROXY
      - HTTPS_PROXY
      - http_proxy
      - https_proxy
      - NO_PROXY
    labels:
      - "traefik.enable=true"
      - traefik.docker.network=psu-traefik-net
      - traefik.http.middlewares.retry-if-fails.retry.attempts=10
      - traefik.http.middlewares.https-only.redirectscheme.scheme=https
      - traefik.http.middlewares.secured.chain.middlewares=retry-if-fails,https-only
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.rule=Host(`traefik.$BASE_DOMAIN`)"
      - "traefik.http.routers.traefik.middlewares=secured"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.service=api@internal"
    ports:
      - "80:80"
      - 443:443
    networks:
      - psu-traefik-net
    volumes:
     # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      update_config:
        parallelism: 1
        delay: 10s

networks:
  psu-traefik-net:
    driver: overlay
    name: psu-traefik-net