version: '2.4'

services:

    app:
        image: traefik:v3.0
        restart: always
        ports:
            - "80:80"
            - "443:443"
{% if matrix_federation is defined and matrix_federation == true %}            - "8448:8448"
{% endif %}
            - "{{ int_ip4 }}:8081:8080"
        volumes:
            - "/srv/traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
            - "/srv/traefik/dynamic:/etc/traefik/dynamic:ro"
            - "/srv/traefik/acme.json:/acme.json"
            - "/var/run/docker.sock:/var/run/docker.sock"
{% if selfSignedCN is defined %}
            - "{{ basedir }}/cert.pem:/cert.pem:ro"
            - "{{ basedir }}/cert.key:/cert.key:ro"
{% endif %}
        networks:
            - default
            - web
        healthcheck:
            test: ['CMD', 'traefik', 'healthcheck']
            interval: 30s
            timeout: 10s
            retries: 3

# for debugging only
#    whoami:
#        image: containous/whoami
#        labels:
#            - traefik.enable=true
#            - traefik.http.routers.{{ servicename }}.rule=Host(`{ domain }`)
#            - traefik.http.routers.{{ servicename }}.entrypoints=websecure
#            - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
#        networks:
#            - web

networks:
  web:
    external: true
  default:
    driver: bridge
    enable_ipv6: true
    ipam:
      driver: default
      config:
        # must be a ULA range
        - subnet: fd00:dead:beef:80::/64