name: traefik_secure
services:

  socket-proxy:
    image: dockerproxy
    build:
      context: ./proxy
      dockerfile: Dockerfile
    container_name: socket-proxy
    ports:
      - 8000:8000
    networks:
      - traefik
      - socket_proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    restart: unless-stopped
    environment:
      - ALLOWED_NETWORKS=traefik_secure_traefik
  traefik:
    image: traefik:latest
    container_name: traefik
    command:
      - "--api.dashboard=true"
      - "--log.level=INFO"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=tcp://socket-proxy:8000"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.traefik.address=:8080"
      - "--api.insecure=true"
      - "--api.dashboard=true"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik.docker.localhost`)"
      - "traefik.http.routers.api.entrypoints=web"
      - "traefik.http.routers.api.service=api@internal"
    ports:
      - "80:80"
      - "8080:8080"
    networks:
      - traefik
      - socket_proxy
    depends_on:
      - socket-proxy
    restart: unless-stopped
  whoami:
    image: traefik/whoami
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.whoami.entrypoints=web"
networks:
  traefik: {}
  socket_proxy:
    driver: bridge
    internal: true
    enable_ipv6: false