version: "3.5"

networks:
  web:
    # All containers that are router through traefik needs to be on this network
    external: false
    name: web

volumes:
  authelia-config:
    # Used for pre-processing of authelia configuration

services:
  proxy:
    container_name: traefik
    image: traefik:v2.1
    restart: always
    environment:
      - EMAIL
      - PRIVATE_DOMAIN
      - PUBLIC_DOMAIN
    networks:
      - web
    command:
      - "--configFile=/data/traefik.yaml"
    ports: 
      - 80:80
      - 443:443
      # Open port 8080 for debugging emergencies
    # - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/data
    labels:
      traefik.enable: true
      traefik.http.services.traefik.loadbalancer.server.port: 8080

      traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
      traefik.http.routers.traefik.middlewares: auth@file
      traefik.http.routers.traefik.tls.certResolver: le

  authelia-config:
    # Preprocess authelia configuration through gomplate
    image: hairyhenderson/gomplate
    environment:
      - PRIVATE_DOMAIN
      - PUBLIC_DOMAIN
    volumes:
      - ./authelia/configuration.yml:/data/input:ro
      - authelia-config:/data/output
    command: '--file=/data/input --out=/data/output/configuration.yml'
  authelia:
    container_name: authelia
    image: authelia/authelia
    restart: always
    depends_on:
      # config preprocessor should run first
      - authelia-config
    volumes:
      - ./authelia:/opt/authelia
      - authelia-config:/etc/authelia/
    environment:
      - ENVIRONMENT=dev
      - NODE_TLS_REJECT_UNAUTHORIZED=1
    networks:
      - web
    labels:
      traefik.enable: true
      traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
      traefik.http.routers.authelia.tls.certResolver: le
      traefik.http.routers.authelia.entrypoints: websecure

# whoami-https:
#   image: containous/whoami
#   networks:
#     - web
#   labels:
#     traefik.enable: true
#     traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
#     traefik.http.routers.wait-https.tls.certResolver: le

# whoami-auth:
#   image: containous/whoami
#   networks:
#     - web
#   labels:
#     traefik.enable: true
#     traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
#     traefik.http.routers.wai-auth.tls.certResolver: le
#     traefik.http.routers.wai-auth.middlewares: auth@file