version: "3.3"

services:

  traefik:
    image: "traefik:v2.3"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik.toml:/etc/traefik/traefik.toml"
      - "./config:/config"
      - "./acme.json:/acme.json"
      - "./log:/var/log"
    networks:
      - traefik
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.traefikapi.rule=Host(`${HOST}`)"
      - "traefik.http.routers.traefikapi.service=api@internal"
      - "traefik.http.routers.traefikapi.tls.certresolver=myresolver"
      - "traefik.http.routers.traefikapi.entrypoints=web,websecure"
      - "traefik.http.routers.traefikapi.middlewares=hardening@docker,auth"
      - "traefik.http.middlewares.auth.basicauth.users=user:htpasswd with $ doubled"
      - "traefik.http.middlewares.hardening.headers.sslredirect=true"
      - "traefik.http.middlewares.hardening.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.hardening.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.hardening.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.hardening.headers.stsPreload=true"
      - "traefik.http.middlewares.hardening.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.hardening.headers.customFrameOptionsValue=SAMEORIGIN"




networks:
  traefik:
    external: true