name: handbrake

networks:
  traefik-net:
    external: true
    
services:
  handbrake:
    image: jlesage/handbrake
    restart: unless-stopped
    env_file: .handbrake.env
    hostname: handbrake
    networks:
      - traefik-net
    volumes:
      - ${DATADIR}/config:/config
      - ${DOWNLOADSDIR}:/storage:ro
      - ${DOWNLOADSDIR}/handbrake/watch:/watch1:rw
      - ${DOWNLOADSDIR}/handbrake/watch-4K:/watch3:rw
      - ${STAGINGDIR}/handbrake/watch:/watch2:rw
      - ${STAGINGDIR}/handbrake/watch-4K:/watch4:rw
      - ${STAGINGDIR}/handbrake/output:/output:rw
      - ${STAGINGDIR}/handbrake/trash:/trash:rw

    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      # http middlewares
      # ---------------------------
      #- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}"
      #- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt"
      #
      # http services
      # -------------
      - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT}"
      #
      # http routers
      # ------------
      # limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
      # set match criteria for router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
      # assign middlewares
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
      # assign svc target to router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
      #
      # limit router to websecure ":443" entrypoint
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
      # set match criteria for router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
      # set router to be dedicated to secure requests only for the host specified in match criteria 
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
      # apply tls options
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
      # generate certificates using following certresolver
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
      # attach middlewares to routers
      # assign middlewares
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
      #- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth"
      # assign svc target to router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"