version: '3.5'

networks:
  gateway:
    external: true
    name: gateway
  backend:
    internal: true

services:
  postgres:
    image: "openmaptiles/postgis:6.0"
    environment:
      POSTGRES_USER: obs
      POSTGRES_PASSWORD: obs
      POSTGRES_DB: obs
    volumes:
    - ./data/postgres/data:/var/lib/postgresql/data
    networks:
      - backend

  portal:
    image: openbikesensor-portal
    build:
      context: ./source
    environment:
      POSTGRES_HOST: postgres
      POSTGRES_USER: obs
      POSTGRES_PASSWORD: obs
      POSTGRES_DB: obs
    volumes:
      - ./data/api-data:/data
      - ./config/config.py:/opt/obs/api/config.py
      - ./data/tiles/:/tiles
      - ./data/pbf/:/pbf
    restart: on-failure
    depends_on:
      - postgres
    # if you introduce a dockerized keycloak instance within this compose also:
    # - keycloak
    labels:
      - traefik.http.routers.portal.rule=Host(`portal.example.com`)
      - traefik.http.routers.portal.entrypoints=websecure
      - traefik.http.routers.portal.tls=true
      - traefik.http.routers.portal.tls.certresolver=leresolver
      - traefik.docker.network=gateway
      - traefik.http.services.whoami.loadbalancer.server.port=80
    networks:
      - gateway
      - backend

  traefik:
    image: traefik:2.4.8
    restart: always
    ports:
      - "80:80"
      - "443:443"
     # The Web UI (enabled by [api] in traefik.toml)
     # - "8080:8080"

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config/traefik.toml:/traefik.toml
      - ./config/usersfile:/usersfile
      - ./config/acme:/acme

    networks:
      - gateway

    labels:
      # global redirect from http to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      # Define middlewares to be used
      - "traefik.http.routers.http-catchall.middlewares=redirect-http-to-https"
      # Configure middlewares
      - "traefik.http.middlewares.redirect-http-to-https.redirectscheme.scheme=https"

      # Show Traefik Dashboard. Enable the dashboard in traefik.toml if you use these.
      # - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
      # - "traefik.http.routers.traefik.service=api@internal"
      # - "traefik.http.routers.traefik.tls=true"
      # - "traefik.http.routers.traefik.entrypoints=websecure"
      # - "traefik.http.routers.traefik.tls.certresolver=leresolver"
      # - "traefik.http.routers.traefik.middlewares=basic-auth"
      # - "traefik.http.middlewares.basic-auth.basicauth.usersfile=/usersfile"