networks:
  traefik-net:
    driver: overlay
    name: traefik-net
    attachable: true

volumes:
  traefik-certs:
    name: traefik-certs

services:
  traefik:
    image: traefik:v2.10
    command:
      - --api.dashboard=true
      - --providers.docker
      - --providers.docker.network=traefik-net
      - --providers.docker.exposedbydefault=false
      - --providers.docker.swarmMode=true
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --certificatesresolvers.le.acme.email=${EMAIL}
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certs:/letsencrypt
    networks:
      - traefik-net
    deploy:
      placement:
        constraints:
          - node.role == manager
#      labels:
#        - traefik.enable=true
#        - traefik.http.routers.dashboard.rule = PathPrefix(`/traefik`)
#        - traefik.http.routers.dashboard.service=api@internal
#        - traefik.http.routers.dashboard.middlewares=auth
#        - traefik.http.services.dashboard.loadbalancer.server.port=8080
#        - traefik.http.middlewares.auth.basicauth.users=krop:$$apr1$$YAMELker$$W7BRLr8GbsqVdaVjp9qOI/