name: static-web-server

networks:
  traefik-net:
    external: true
    
services:
  static-web-server:
    image: ghcr.io/static-web-server/static-web-server:2-alpine
    hostname: "${APPLICATION_NAME}"
    env_file: .static-web-server.env
#    stdin_open: true
    networks:
      traefik-net:
        aliases: ["${SUBDOMAIN1}", "${SUBDOMAIN2}"]
    volumes:
      - ${DATADIR}/config:/config
      - ${DATADIR}/appdata:/data
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      # http middlewares
      # ---------------------------
      #- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}"
      #- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/${APPLICATION_NAME}.txt"
      #
      # http services
      # -------------
      - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${SERVICE_PORT}"
      #
      # http routers
      # ------------
      # limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
      # set match criteria for router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${SUBDOMAIN1}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${SUBDOMAIN2}.${DOMAINNAME}`)&& PathPrefix(`/`)"
      # no redirectscheme due to acme-challenge domain
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
      # assign svc target to router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
      #
      # limit router to websecure ":443" entrypoint
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
      # set match criteria for router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${SUBDOMAIN1}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${SUBDOMAIN2}.${DOMAINNAME}`)&& PathPrefix(`/`)"
      # set router to be dedicated to secure requests only for the host specified in match criteria 
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
      # generate certificates using following certresolver
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
      # attach middlewares to router
      #- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
      # assign svc target to router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"