version: "3"

services:
  traefik:
    container_name: traefik
    image: traefik:latest
    depends_on: 
      - authelia
    restart: unless-stopped
    networks:
      - web
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.toml:/traefik.toml
      - ./traefik_dynamic.toml:/traefik_dynamic.toml
      - ./acme.json:/acme.json
      - ./.htpasswd:/.htpasswd
    labels:
      - traefik.http.routers.traefik.rule=Host(`traefik.jafner.net`)
      - traefik.http.routers.traefik.tls.certresolver=lets-encrypt

  authelia:
    image: authelia/authelia
    container_name: authelia
    restart: unless-stopped
    volumes:
      - ./authelia:/config
    networks:
      - web
    labels:
      - 'traefik.http.routers.authelia.rule=Host(`auth.jafner.net`)'
      - 'traefik.http.routers.authelia.entrypoints=websecure'
      - 'traefik.http.routers.authelia.tls.certresolver=lets-encrypt'
      - "traefik.http.middlewares.security.headers.sslRedirect=true"
      - "traefik.http.middlewares.security.headers.stsSeconds=15768000"
      - "traefik.http.middlewares.security.headers.browserXSSFilter=true"
      - "traefik.http.middlewares.security.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.security.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.security.headers.stsPreload=true"
      - "traefik.http.middlewares.security.headers.frameDeny=true"

  redis:
    image: redis:alpine
    container_name: redis
    restart: unless-stopped
    volumes:
      - ./redis:/data
    networks:
      - web
    expose:
      - 6379

networks:
  web:
    external: true