services:
  traefik:
    image: traefik:v3.2.1
    container_name: traefik
    restart: always
    ports:
      - "80:80" # Expose HTTP port
      - "443:443" # Expose HTTPS port
      - "33000:33000" # Expose RTMP port
      - "33003:33003" # Expose HTTPS port
      - "33004:33004" # Expose LDAPS port
      - "33006:33006" # Expose JVB port
    volumes:
      - letsencrypt:/letsencrypt
      - /etc/traefik/dynamic:/etc/traefik/dynamic:ro
      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - traefik-public
    labels:
      traefik.enable: true
      traefik.http.routers.dashboard.rule: Host(`traefik.alice.ufsj.edu.br`)
      traefik.http.routers.dashboard.service: api@internal
      traefik.http.routers.dashboard.entrypoints: websecure
      traefik.http.routers.dashboard.middlewares: 'authelia@docker'

      # Mais fácil declarar o middleware do authelia aqui no compose do traefik
      traefik.http.middlewares.authelia.forwardauth.address: 'http://authelia:9091/api/authz/forward-auth'  # yamllint disable-line rule:line-length
      traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: 'true'
      traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: 'Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length

volumes:
  letsencrypt:

networks:
  traefik-public:
    external: true